Attorney General Jeff Sessions’ testimony that he never asked for a briefing on Russia’s hacking and massive information campaign against the U.S. is a troubling threat to American security, a senior Obama administration official and the cyber security expert who uncovered the Russian hacking told Newsweek.
“I understand that the Attorney General is a very busy person, and there are certain aspects of the Russia investigation that he’s recused himself from [excused himself because of a potential conflict of interest],” Obama’s former cybersecurity czar, Michael Daniel said in a phone interview. “But the cyber threats posed across the board are certainly worthy of the Attorney General’s focus and attention.”
On June 13, Sessions testified to the Senate Intelligence Committee that he never asked for an official briefing “ on how hacking occurred or how information was alleged to have influenced the campaigns” other than what he read in the newspaper.
“We do not have a sufficient strategy dealing with technological and I.T. penetrations of our system,” Sessions said after he was asked if the U.S. could deal with a Russian cyber weapon developed to disrupt U.S. power grids and telecommunications.
Early this year, America’s intelligence agencies wrote a report finding Russian intelligence agencies hacked the country’s political parties and made efforts to sway the election to candidate Donald Trump.
When asked, Sessions said he never sought any information about the hacking after the Office of the Director of National Intelligence and Homeland Security issued a joint statement about it last October.
Sessions testimony is concerning, said Daniel. “If nothing else — take the nation states out of it for a moment — the Justice Department is very involved in prosecuting and dealing with cybercrime,” he said, “which is a very large chunk of the criminal activity that’s out there.”
Trump’s campaign has subsequently come under investigation by the FBI and Congress in connection with Russia’s election interference. They are probing whether members of the campaign or its associates worked to assist Russia in any way.
Sessions was a key member of Trump’s campaign and recused himself from the Department of Justice branch of the investigation in early March. But his lack of interest in the government’s secret details of the cybersecurity breach across America’s election infrastructure are worrying, Daniel said.
Cyber security is an “important mission for the Justice Department,” he points out. “Senior leaders, if they haven’t been deeply steeped in cyber security issues, may not initially appreciate their significance. But over time they really do.”
As Attorney General, Sessions is responsible for overseeing the work of the FBI, whose top three functions include countering foreign intelligence operations and preventing high-tech crimes.
“Any time it comes to policy officials, I don’t think it’s necessarily relevant for them to know all the technical details, but they certainly need to understand the effects that these capabilities can bring to bear,” said Dmitri Alperovitch, co-founder of cybersecurity firm Crowdstrike.
Alperovitch’s firm was called in to investigate the hacking of the Democratic National Committee (DNC) last spring and tied it back to Russian intelligence.
“The analogy I would use is that policy makers don’t need the details of how to build a nuclear weapon,” Alperovitch said. “But they need to understand the power of that weapon and its capabilities and potentially how to stop its proliferation.”
Last year there was a 40 percent increase in government data breaches, with 72 across American government systems. In 2015, the Office of Personnel Management’s data breach revealed the details of more than 21 million people who had gone through government background checks — many of whom had received security clearances. And many U.S. government departments and agencies are still installing Russian-made anti-virus software on their computers when intelligence agencies won’t touch it.
“We absolutely should be taking cyber security extremely seriously, and doing what we can to beef up our security,” Alperovitch said.
Further details emerged this month in a top top secret NSA document leaked to The Intercept that Russia’s hacking efforts targeted state election infrastructure—particularly companies that provided election software. A Homeland Security official testified in Congress Wednesday that 21 state election systems were targeted in Russian cyber attacks.
Whether Democrat or Republican, everyone got a rude awakening about cyber security during the course of last year’s election, Alperovitch said . “Crowdstrike have seen both parties reaching out to us and asking for our help to secure their systems.”
While the Trump administration is following in the footsteps of the cyber security foundations laid by the Obama administration, it’s not only politicians and political parties that need to focus on protecting themselves, Alperovitch warned.
“It’s also all the organizations that are commercial entities that are providing them services whether it’s marketing services, voter registration services, or the like,” he said. “They may very well get ensnared in these campaigns and come under attack themselves.”