NPR新闻:U.S. Cyberwarfare: Its Powerful Tools, Its Unseen Tactics


With the White House announcing sanctions and expulsions to punish Russia for hacking, there's a lingering question. What less public forms of retaliation is the U.S. taking? In a statement yesterday, President Obama said "these actions are not the sum total of our response" and added that some measures will not be publicized. Those actions could include the use of advanced cyber weapons, many of which are secret.

Rob Knake directed cybersecurity policy at the National Security Council earlier in the Obama administration. I asked him about the range of activities the U.S. could carry out against Russia in cyberspace.

ROB KNAKE: That could represent everything from what Russia did to the United States - capturing documents and releasing them - an information operation. Or it could involve something like a distributed denial of service attack, taking down a website or something like that. But in the past, the U.S. has never in fact used cyber means, at least publicly, to respond to a cyberattack.

SHAPIRO: So how extraordinary would it be if the U.S. does in this case, or should we just assume that the U.S. has in other cases that we're not aware of?

KNAKE: Well, I think what we should assume is that what the United States wants to do is change Russia's behavior. What they're trying to do is say this kind of behavior is outside of developing international norms on conduct of activity in cyberspace. And so from that perspective, I don't think we're likely to see anything that looks like an in-kind response.

SHAPIRO: This recall something that CIA Director John Brennan said on this program last week, which was that retaliating in kind would be, in his words, beneath this country's greatness. Do you agree with that?

KNAKE: Oh, absolutely. I mean I think we want the Russians to cease this activity. It's not to punish them. It's to change their behavior. It also has a very important secondary effect. We don't want to see any of the 60 countries that have cyber intelligence or cyber warfare capabilities decide that in 2020 they've got to interfere with our elections on one side because Russia did on the other side this time.

SHAPIRO: So what the U.S. is likely to do is one question. What the U.S. is capable of doing is another question. What is the range of American cyber capability at this point?

KNAKE: So if you talk to most people who study the issue, there is an assumption that the U.S. is best in class along with a handful of other countries. Beyond that ranking, very little is known publicly about the capabilities of NSA, of the capabilities of cyber command, and that's for some very good reasons. Talking about capabilities in cyberspace is very hard because those capabilities can really sometimes only be used once. And if you talk about them, you might tip your hand effectively.

SHAPIRO: The international community seems pretty clear on the limits of how chemical weapons, biological weapons, nuclear weapons are to be used. Is there any such framework for cyber weapons that it seems in some cases can do comparable damage?

KNAKE: So what we have now is a set of developing norms that the U.S. and Russia and other countries have been working on through the United Nations, which is to say that these kinds of attacks - attacks on critical infrastructure - shouldn't happen in peacetime.

SHAPIRO: Is a developing norm the same as an international agreement?

KNAKE: A norm is certainly far short of an agreement. The hope is that you need to develop the norms; we need to get those agreed to over time. There's very, very little support in the United States for any kind of agreement on cyber because most of those agreements are about restricting the development of capabilities.

SHAPIRO: To circle back around to the question of what the U.S. is likely to do in this case, if we know that President Obama has said there will be some measures that will not be publicized and CIA director John Brennan says responding in kind would be beneath the greatness of the United States, what does that leave in between the two? What do you think a response is likely to be?

KNAKE: Well, the response could be the exchange of quiet signals and quiet messages. It could be nothing more than to signal to them what might come next if they continue activity like this and what the U.S. might be capable of. It doesn't necessarily have to involve cyber-attack or any kind of equivalent doxing, as we call it in the industry - stealing documents and releasing them. I don't think we're likely to see that.

SHAPIRO: That's Rob Knake, who directed cybersecurity policy for the National Security Council from 2011 to 2015. He's now a senior fellow at the Council on Foreign Relations. Thanks very much.

KNAKE: Thanks, Ari.