Biden's vow of digital reprisals against Russia draws skepticism

President Joe Biden's threat to respond in kind to future cyberattacks on U.S. critical infrastructure by Russia is already prompting skepticism that it will rein in Moscow’s malign behavior in cyberspace. Biden said he warned Russian President Vladimir Putin during their summit in Geneva of 16 sectors that were "off-limits" to digital assault — a nod to the list compiled by the Homeland Security Department’s cyber wing. "I pointed out to him we have significant cyber capability, and he knows it. He doesn't know exactly what it is, but it's significant," Biden told reporters. "If, in fact, they violate these basic norms, we will respond." But while many lawmakers and experts applauded the president for giving clear no-go zones to Russian President Vladimir Putin, it's unclear if Biden delivered a message that will hold any purchase in Moscow. Even though Biden made it clear there need to be some “rules of the road” both countries can abide by, there is “no agreement as to what those rules should be and if we are even on the same road,” said Brandon Valeriano, a senior fellow at the Cato Institute and a senior adviser to the congressionally chartered Cyberspace Solarium Commission, which sets recommendations for government cybersecurity strategy. Still, Biden’s rhetoric on Russian cyber operations was his toughest to date in the wake of a series of massive digital strikes on the U.S., including high-profile ransomware attacks by Russia-based gangs against a major gasoline pipeline and a large meatpacking conglomerate, and last year’s SolarWinds espionage campaign from Russia against nine federal agencies and roughly 100 companies. It was the message — or at the least beginning of one — many lawmakers said they were looking for. “I am encouraged by the news that Biden provided Putin with a clear list of industries and critical infrastructure that must never be the target of cyber-attacks and hacks, and promised real consequences if Russia did not cooperate in efforts to hold those responsible to account,” House Intel Chair Adam Schiff (D-Calif.) said in a statement. But in both cyber and other realms, Schiff argued that there’s still “much work to be done to counter Russia’s many malign actions." Biden and Putin both said that they agreed to consultations about how to establish guardrails for cyber operations. Biden described this effort as a combined working group. "We agreed to task experts in both our countries to work on specific understandings about what is off-limits," Biden said. "We'll find out whether we have a cybersecurity arrangement that begins to bring some order." Suzanne Spaulding, a senior cybersecurity official during the Obama administration warned that “we should assume that Putin will violate any agreement that is reached if he sees it in his interest to do so.” Still, she noted, the meeting could serve as an important starting point. “An agreement still has value because it strengthens international consensus around any action that would be taken in response, making a strong response more viable and thereby more certain,” she said. “Over time, this could begin to alter Putin’s behavior.” In his comments following the meeting, Putin denied that the Kremlin played any role in the recent cyberattacks and said the U.S. is the biggest offender in cyberspace — an accusation Biden did not directly address. But Putin also called for pushing forward to find a mutual solution. "We need to throw out all kinds of insinuations, sit down at the expert level and start working in the interests of the United States and Russia," he told reporters. James Lewis, a cyber policy expert at the Center for Strategic and International Studies, argued that Biden set down an important marker with his ultimatum, but that discussions are unlikely to be the solution. "The Russian offer to talk is just to distract the Americans,” Lewis said. “What will count is the next step by both sides, and particularly what the US will do if the Russians don't back off.” And for some hawks in Congress, Wednesday’s pronouncements were far from enough. “I found President Biden’s remarks stunning," House Armed Services Ranking Member Mike Rogers (R-Ala.), said in a statement. "Providing a ‘list’ of targets to Putin that Russia cannot attack was unwise and instead gives them a roadmap of what to attack. We already know Russian-affiliated cyber criminals have shutdown critical infrastructure and food processing in the U.S. There should be nothing to negotiate.” Rep. Jim Langevin (D-R.I.), meanwhile, both commended Biden's efforts and said he was ready to back more forceful measures than hacking back if Putin doesn't heed the warning. "Like the President, I’ll wait to see how negotiations between our countries’ cyber diplomats turn out." Langevin said. "But rest assured, if the Kremlin continues to look the other way while Russian criminals attack our crit

Biden's vow of digital reprisals against Russia draws
skepticism
President Joe Biden's threat to respond in kind to future cyberattacks on U.S. critical infrastructure by Russia is already prompting skepticism that it will rein in Moscow’s malign behavior in cyberspace. Biden said he warned Russian President Vladimir Putin during their summit in Geneva of 16 sectors that were "off-limits" to digital assault — a nod to the list compiled by the Homeland Security Department’s cyber wing. "I pointed out to him we have significant cyber capability, and he knows it. He doesn't know exactly what it is, but it's significant," Biden told reporters. "If, in fact, they violate these basic norms, we will respond." But while many lawmakers and experts applauded the president for giving clear no-go zones to Russian President Vladimir Putin, it's unclear if Biden delivered a message that will hold any purchase in Moscow. Even though Biden made it clear there need to be some “rules of the road” both countries can abide by, there is “no agreement as to what those rules should be and if we are even on the same road,” said Brandon Valeriano, a senior fellow at the Cato Institute and a senior adviser to the congressionally chartered Cyberspace Solarium Commission, which sets recommendations for government cybersecurity strategy. Still, Biden’s rhetoric on Russian cyber operations was his toughest to date in the wake of a series of massive digital strikes on the U.S., including high-profile ransomware attacks by Russia-based gangs against a major gasoline pipeline and a large meatpacking conglomerate, and last year’s SolarWinds espionage campaign from Russia against nine federal agencies and roughly 100 companies. It was the message — or at the least beginning of one — many lawmakers said they were looking for. “I am encouraged by the news that Biden provided Putin with a clear list of industries and critical infrastructure that must never be the target of cyber-attacks and hacks, and promised real consequences if Russia did not cooperate in efforts to hold those responsible to account,” House Intel Chair Adam Schiff (D-Calif.) said in a statement. But in both cyber and other realms, Schiff argued that there’s still “much work to be done to counter Russia’s many malign actions." Biden and Putin both said that they agreed to consultations about how to establish guardrails for cyber operations. Biden described this effort as a combined working group. "We agreed to task experts in both our countries to work on specific understandings about what is off-limits," Biden said. "We'll find out whether we have a cybersecurity arrangement that begins to bring some order." Suzanne Spaulding, a senior cybersecurity official during the Obama administration warned that “we should assume that Putin will violate any agreement that is reached if he sees it in his interest to do so.” Still, she noted, the meeting could serve as an important starting point. “An agreement still has value because it strengthens international consensus around any action that would be taken in response, making a strong response more viable and thereby more certain,” she said. “Over time, this could begin to alter Putin’s behavior.” In his comments following the meeting, Putin denied that the Kremlin played any role in the recent cyberattacks and said the U.S. is the biggest offender in cyberspace — an accusation Biden did not directly address. But Putin also called for pushing forward to find a mutual solution. "We need to throw out all kinds of insinuations, sit down at the expert level and start working in the interests of the United States and Russia," he told reporters. James Lewis, a cyber policy expert at the Center for Strategic and International Studies, argued that Biden set down an important marker with his ultimatum, but that discussions are unlikely to be the solution. "The Russian offer to talk is just to distract the Americans,” Lewis said. “What will count is the next step by both sides, and particularly what the US will do if the Russians don't back off.” And for some hawks in Congress, Wednesday’s pronouncements were far from enough. “I found President Biden’s remarks stunning," House Armed Services Ranking Member Mike Rogers (R-Ala.), said in a statement. "Providing a ‘list’ of targets to Putin that Russia cannot attack was unwise and instead gives them a roadmap of what to attack. We already know Russian-affiliated cyber criminals have shutdown critical infrastructure and food processing in the U.S. There should be nothing to negotiate.” Rep. Jim Langevin (D-R.I.), meanwhile, both commended Biden's efforts and said he was ready to back more forceful measures than hacking back if Putin doesn't heed the warning. "Like the President, I’ll wait to see how negotiations between our countries’ cyber diplomats turn out." Langevin said. "But rest assured, if the Kremlin continues to look the other way while Russian criminals attack our critical infrastructure, I’ll support the use of all instruments of state power, not just cyber, to hold his government accountable.”