Considered opinion: The Russia connectionCountering Russian election hacks
According to a Center for Public Integrity report, the “U.S. military hackers have been given the go-ahead to gain access to Russian cyber systems as part of potential retaliation for any meddling in America’s elections.” Eric Jensen writes in Just Security that this signals a significant change to the U.S. cyber policy and is a clear indication that cyber actions have now entered the mainstream of national security tools. “For years, the “newness” of cyber capabilities have caused the level of authorization to remain at very high levels and subject to extensive interagency dialogue before even simple cyber tasks could be taken. These procedural requirements undoubtedly had the practical effect of limiting the number of cyber activities undertaken. By allowing DoD and other government agencies to function more autonomously within pre-approved guidelines reflects a normalization of cyber capabilities that has been too long in coming.”
According to a Center for Public Integrity report, the “U.S. military hackers have been given the go-ahead to gain access to Russian cyber systems as part of potential retaliation for any meddling in America’s elections.” The authorization was given in in preparation for “an offensive cyberattack that the United States would unleash if Russia electronically interferes with the 2018 midterm election on Nov. 6.”
Eric Jensen writes in Just Security that this more aggressive action would be in line with the reported new approach under a classified presidential directive, National Security Presidential Memorandum 13 (NSPM-13), that accompanied the September 2018 National Cyber Strategy and its corresponding Department of Defense (DoD) Cyber Strategy. The unclassified summary of the DoD Strategy states that DoD will “defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict.” Jensen notes that “This statement is consistent with the Commander of Cyber Command’s discussion about the need for ‘persistent presence’ on the web to ensure the safety of U.S. interests. ‘Defending forward’ and ‘persistent presence’ are euphemisms for taking actions on computer systems that are not DoD, including systems outside the United States.”
This policy triggers some interesting speculation as to how the United States views international law and cyber activities. Jensen writes:
It seems uncontested that international law prohibits one country from coercively intervening in the domestic affairs of another country. This prohibition of intervention has its roots in article 2(7) of the United Nations Charter and has been well reflected in international courts and tribunals. In describing what actions might equate to a prohibited intervention, courts have talked in terms of coercive measures by one state in another state’s domaine réservé – those matters reserved in international law to the sole prerogative of states, matters such as the right to choose a political, economic, social, and cultural system, and to formulate and execute foreign policy. As noted in the Tallinn 2.0 Manual, “the matter most clearly within a State’s domaine réservé appears to be the choice of both the political system and its organization.”
