Russian Hackers Were Only Getting Started in the 2016 Election

TOPSHOT - A picture taken on October 17, 2016 shows an employee walking behind a glass wall with machine coding symbols at the headquarters of Internet security giant Kaspersky in Moscow. / AFP / Kirill KUDRYAVTSEV / TO GO WITH AFP STORY BY Thibault MARCHAND (Photo credit should read KIRILL KUDRYAVTSEV/AFP/Getty Images)
Photograph by Kirill Kudryavtsev—AFP/Getty Images

As ugly as Russia’s hacking to influence November’s election was, it wasn’t an act of cyber war because it wasn’t an act of war. While certainly hostile, and likely a violation of international law, the action falls far short of how warfare is likely to play out in cyberspace. And frighteningly, it demonstrates only a fraction of Russia’s capability to harm U.S. interests online.

The attack caught the national security community off-guard because it represents a shift in Russia’s approach to the U.S. in cyberspace. The real danger is that if the U.S.-Russia relationship degrades further, the Kremlin could end up unleashing its true cyberwarfare capabilities.

When Donald Trump takes office later this month, his administration is likely to find that despite the current honeymoon between the president-elect and Russian President Vladimir Putin, America’s goals abroad will run into Russian opposition in places like Syria, Iran, and Eastern Europe. When that happens and events spiral out of control, don’t be surprised if Russia decides to turn the lights off across major American cities.

Over the last few years, we’ve seen a preview of what Russia can accomplish in cyberspace. The Russian intelligence services have taken the age-old art of kompromat—creating and planting or releasing compromising material—and updated it for the digital age. Using their ability to gain access to computer systems, Russian operatives have planted child pornography on the computer of an exiled dissident living in England, and taken over and posted misinformation on Lithuanian government websites.

Of even greater concern is the Russian attack on the Ukrainian power grid carried out in 2015. As documented in a report published by the SANS Institute, Russian actors were able to cut off power for several hours for a quarter of a million people through a coordinated cyber attack against multiple energy companies. While the attacks were limited in scale and scope, they demonstrated for the first time what many in the field of cybersecurity have known is possible—the ability to cause real-world impacts through digital means.

Given all of this activity, no one in the U.S. should have been surprised to see the Kremlin’s tactics ported across the Atlantic in an attempt to influence the 2016 presidential election. It also means that we should expect to see Russia use its cyber exploitation capabilities against the U.S. for even darker and more frightening purposes in the year ahead. What Russia has done in its backyard may just have been trial runs for targeting U.S. interests.

The impact of an attack against the U.S. might not be as limited as the attack on Ukraine’s power grid. In that incident, system operators were able to revert to manual controls, something that might not be possible in the U.S. given the level of automation introduced here in recent years. What that might mean is that the next time the U.S. and Russia come into conflict, the U.S. power system will be a likely target for Russian hackers.


Such an attack might have devastating consequences. Lloyd’s of London analysis suggests that an attack on the power grid in the northeast U.S. could result in a weeks-long blackout in some areas. The report concluded that the impact of such an incident would be far-reaching, with economic losses ranging from $250 billion to $1 trillion. Direct damage to grid infrastructure, interruption of business operations, and reduced sales would make up for most of the losses, though in darker scenarios, breakdowns in logistics systems could result in widespread shortages, looting and rioting, and the imposition of martial law.

In addition, hackers could disrupt commercial flights by targeting air traffic control systems or airline ticketing and reservation systems. Many in the security community fear that the Mirai botnet—a malware program that has taken over thousands of devices around the world—could be used to launch a distributed denial of service attack so large that it would clog up the core infrastructure of the Internet. As the Internet of Things continues to expand, adding more than five million devices per day, this problem will only continue to grow.

Given the savvy with which Russia has wielded its cyber capabilities of late, it’s unlikely that the Kremlin will miscalculate how seriously the Washington would perceive an attack on its critical infrastructure. Whether the U.S. has the capability to inflict similar harm on Russia is a matter of conjecture. What is certain, however, is that if Russia does its worst in cyberspace, the new Cold War could get hot very quickly, and might not be contained to the digital world.

Rob Knake is a senior fellow at the Council on Foreign Relations, former director for cybersecurity policy at the National Security Council, and co-author of Cyber War: The Next Threat to National Security and What to Do About It.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Great ResignationClimate ChangeLeadershipInflationUkraine Invasion