Citizen Lab Director Ron Deibert has authored a piece in JustSecurity on the FBI’s report on the Russian hacking of the Democratic National Convention (DNC). In the article, titled “The DHS/FBI Report on Russian Hacking was a Predictable Failure,” Deibert assesses the report itself, as well as the Obama administration’s response to the hacking, and its public handling.
President Obama announced sanctions in retaliation for the hacking of the Democratic National Convention, an attempt to influence the outcome of the American Presidential elections, including the expulsion of diplomats and targeted financial restrictions. However, Deibert argues that the administration failed, in predictable fashion, to provide credibility for their actions by unsuccessfully presenting evidence for their claims. The details of the security agencies’ investigations were largely left out, or only gestured at vaguely in the released report.
Moving to the joint DHS/FBI report, Deibert writes: “The DHS/FBI Joint Analysis Report on Russian information operations, which the administration refers to as “Grizzly Steppe,” is a disappointing and counterproductive document. The problems with the report are numerous and have been well documented by professionals in the computer security area. But the culture of secrecy and the lack of independent sources of verification that gave rise to it are far more pervasive.”
He goes on to explain that the technical details provided in the report, including “Indicators of Compromise,” are unhelpful in terms of proving a direct connection to Russia. These indicators, which include IP addresses, malware signatures, and command and control infrastructure, supposed to be used to identify Russia as the culprit, are not categorized or contextualized with degrees of confidence for attribution. As a result, they do little to convince both the public and experts working in the area.
Deibert writes that the issue was likely one of competence rather than a deliberate cover-up: “In this case, rather than manufacture evidence, the U.S. government couldn’t organize itself to present it convincingly. The real problem here is not political subterfuge. It is, rather, symptomatic of a larger syndrome of how we as a society deal with cyber security issues today.” He concludes by arguing that cybersecurity issues should be regarded for what they really are: global public health issues, rather than just national security issues or business ventures, which tend to breed a culture of secrecy.