Timothy L. O’Brien
Bloomberg
TT

Biden Should Shed Diplomacy With Putin on Cyber Warfare

President Joe Biden has spent his political career steeped in, and observant of, the rituals of global diplomacy. President Vladimir Putin of Russia, a former intelligence operative, deploys statecraft as a blunt instrument.

Biden should swap ritual for realpolitik after the two leaders meet in Geneva on Wednesday to review the framework and the friction circumscribing their countries’ relationship — particularly when it comes to cyber warfare. Putin has outmaneuvered all of Biden’s predecessors on an array of pivotal issues, and there’s little evidence that coddling him serves the strategic interests of Western democracies.

Biden arrives at this meeting hobbled by some things that are beyond his control. Russia’s human rights record is abysmal, but should Biden point to the imprisonment of opposition leader Alexey Navalny and the broader suppression of dissidents, Putin can remind him of the US’s discombobulated political and social landscape. Western Europe and the US missed an opportunity to corral Putin when he invaded and annexed Crimea in 2014. The broader threat to Ukraine won’t be muted without Biden working in tandem with NATO members to engage Ukraine — a tricky dance given that similar forays helped prompt Putin’s initial aggressions in Crimea several years ago.

Cybersecurity, on the other hand, is a flashpoint that offers Biden an opportunity to respond unilaterally and boldly. Putin is one of the world’s most aggressive and disruptive digital warriors, and Russia has blindsided the US with unnerving and sweeping computer hacks over the last year.

Digital thieves that US corporations, security specialists and the federal government have tied to Russia infiltrated the computer networks of SolarWinds Corp., a critical supplier of information technology software, last year. They lurked covertly on SolarWinds’ system for several months, allowing them to deposit malware on other government and corporate networks worldwide.

Top telecommunications, accounting, energy, technology, health-care and automotive companies were SolarWinds clients. SolarWinds also did business with five branches of the US military; the Defense, Justice and State departments; the National Security Agency; the Postal Service; the National Aeronautics and Space Administration; and the Executive Office of the President. The National Institutes of Health, along with the Commerce, State, Treasury, and Homeland Security departments, all acknowledged being swept up in the SolarWinds hack. Analysts have repeatedly noted that the attack was so sophisticated that only a state actor could have pulled it off. Corporate leaders have testified that they were unsure of the full extent of the hack and that predations could still be happening.

Colonial Pipeline Co., which runs the largest refined fuels pipeline in the US, was hacked last month and took its operations offline for several days after burglars based in Russia fleeced the company of millions of dollars. Many of these freelancers who have launched ransomware attacks similar to the Colonial hack are also based in Russia, and it’s unlikely that the most active among them operate without the Kremlin’s blessing. Just a few weeks after the Colonial attack, hackers brought JBS SA, the world’s largest meat supplier, to its knees. The company, which is based in Brazil but operates plants in several US states, and the White House linked the assault to a criminal organization based in Russia.

The US also weathered earlier Russian cyberattacks, including efforts to sabotage the 2016 presidential election, and networks of ransomware hackers have targeted hospitals, schools, small businesses, universities, research organizations and police. Other countries have endured serious attacks as well. In one notorious case in 2017, Russian operatives shut down a broad swath of Ukraine’s information networks.

Digital assaults on institutions that provide core services such as energy and health care to average citizens, as well as attacks on foundational public and private institutions, now appear to be fair game for Putin even though the US seems to have largely avoided responding in kind. While the public and private sectors in the US can certainly do a much better job of safeguarding their own systems (the Colonial hack was made possible by a single compromised password, for example), it is up to the White House to fence in Putin.

Biden’s response to Russia’s cyberattacks thus far has been a model of patience and diplomacy, which may have been the best course in the early days of his administration and on the heels of the Trump administration’s tumult. But the White House repeatedly said months ago that it would take aggressive actions both “seen and unseen” against Russia in the wake of the SolarWinds hack. Some Russian diplomats were expelled, some Russian companies and individuals were sanctioned, and then the Colonial Pipeline hack occurred.

Whatever course Biden’s meeting with Putin takes, he no longer needs to stand on ceremony when it comes to cyber warfare. He just needs to take a stance.

Bloomberg