On November 1, the Center for Long-Term Cybersecurity was honored to welcome David Sanger, National Security Correspondent for the New York Times, for a presentation entitled “The Russia Hack and the Challenge to American Democracy.” Mr. Sanger spoke at UC Berkeley’s Banatao Auditorium as part of our Fall 2017 Seminar Series, which is centered on the theme, “Cybersecurity and Democracy: The Shifting Implications of Citizenship in the Digital Age.”
In a lively presentation, Mr. Sanger—a Pulitzer Prize-winning reporter who has written for the Times for more than 35 years—spoke about the decades-long evolution that ultimately led to the Russian hacks, and he explored the implications of those attacks for our national security and democracy.
“I want to talk about . . . how a technology that we thought ten or fifteen years ago would be an unalloyed good for democracy somehow got hijacked in the 2016 election, and made us question much of what we thought about the powers and effects of these ever greater connections that we’ve built over the years, thanks to the Internet,” he said.
To set the context, Sanger showed an image of two iconic artifacts from American political history: the file cabinet that was pried open during the Watergate break-in, and the Dell computer server belonging to the Democratic National Committee (DNC), which Russians are said to have hacked into starting in 2015.
“[The Russians] didn’t need to jimmy open the door, and they didn’t even need to be in the country, but they probably had a greater influence on the outcome of the election than the Watergate burglars did in 1972,” Sanger said.
To provide the background for the Russian hacker story, Sanger went as far back as the Wright Brothers’ first flights in College Park, Maryland; he explained how military advisors at the time could not imagine that airplanes might be used for bombing. “We are at such an early moment in use of cyber as a weapon that we can’t imagine here in 2017 how this may be used in 2025, much less in 2045,” he said. “Two years ago, most of us would’ve been surprised to hear it might have much influence or a role in an election.”
Sanger noted that a 2007 “worldwide threat assessment” did not even include cyberattacks, but that cyberattacks have been the number one threat for the past four years. “It went from zero to the number one slot in a decade’s time,” he said.
Drawing upon his own reporting, Sanger talked about the release of the Stuxnet virus, by which U.S. intelligence agencies helped cripple Iran’s uranium-enrichment plant through a subtle, slow-moving cyberattack. “If you did something like that from the air, it would probably start a war,” Sanger said.
He explained that Stuxnet was a precursor to subsequent attacks, such as those on Saudi Aramco, Sony Pictures, and the Office of Personnel Management, each of which reflected a different motivation and represented a new step in the evolution of cyber’s role in international affairs. “This was the context in which the Russia hack happened,” Sanger said. “This was a world in which cyber became used in more and more subtle methods every month and every year. . . . While we still worry about a Cyber Pearl Harbor, we discovered that cyber weapons could be tailored to much more subtle purposes.”
Sanger explained that it took nine months for the DNC to investigate the attack on its servers and for President Obama to receive a briefing about the hack. “If you are thinking one of the keys to long-term cybersecurity is rapid response, we kind of failed,” Sanger said. “An interesting question is whether President Obama underreacted. Now that they’ve had time to reflect, many [from the administration] are not certain they handled it the way they should have.”
Considering the implications of the Russian hacks, Sanger pointed out that, while we “certainly have a cyber problem, first and foremost, we have a Russia problem.” He explained that, in Vladimir Putin’s mind, the original election manipulator was Hillary Clinton, who denounced a parliamentary vote in Russia as unfair. “We don’t view [Hillary Clinton’s comments] as election manipulation,” Sanger said. “Election manipulation is in the mind of the beholder – and the mind of the recipient of the attack.”
Regarding the issue of election-related Facebook posts disseminated by Russians, Sanger noted that “the problem wasn’t what’s in the ads or in the posts; it’s that they were posted by a foreign intelligence service . . . . This is more complicated than just regulating speech; it’s regulating to some degree who’s speaking . . . . We’re not going to bomb a country because they run Facebook ads. We’re not going to ban them from doing espionage, because we want to do espionage.”
As far as what can and should change in the future, Sanger called for greater transparency on the part of the U.S. government in how it uses cyber weapons. “We figured out how to have debate about drones or nuclear capabilities. It’s not evident why we can’t have open debate about how we want to use cyber as well,” Sanger said.
The Times reporter also called for more clear norms around cyber at the global scale. “We need rules of the road and we need them fast,” Sanger said. “I could imagine a rule that said, all countries will forswear interference with other countries’ voting systems.”
Sanger noted that we have to shift our perception of what a cyberattack is and what it may mean for our society. “The big lesson is, a foreign power has figured out how to use cyber techniques not to bring us to our knees in a ‘Cyber Pearl Harbor’, but to make us question legitimacy of our own democratic ideas,” Sanger said. “We’re aiming for a new kind of arms race—one we’re not prepared to win.”