Binge This

U.S. News

Real Heroes, True Crime


This Hotline Could Keep the U.S. and Russia From Cyber War

U.S. intelligence officials are looking to Washington-Moscow hotline as a last-ditch crisis channel that might just prevent a cataclysmic online showdown.

Erin Banco, Kevin Poulsen2.23.19 9:19 PM ET

As concerns mount that Russia will again unleash its hackers and its online disinformation brigades to wreak havoc in another American election, senior U.S. officials are taking a second look at a technology handed down from the age of Gorbachev and Reagan: an emergency “hotline” between officials in the U.S. and Russia that might someday pull both countries from the brink of an all out cyber war.

The secure messaging system known colloquially in the White House as the “cyber hotline” already exists. It was set up in 2013—building off a Cold War messaging system, in fact—in the hope that it might facilitate conversations between the two countries during a crisis in cyberspace, where the identities and intentions of attackers are often muddled. So far it’s been used only once, in the waning days of the Obama administration, when the White House’s cyber chief fired off a carefully-worded message to Moscow warning not to attack the “infrastructure” for the 2016 election.

Since then, the U.S. has invested in developing a Cold War-style deterrence capability in cyberspace, and military brass have publicly touted their willingness to respond to foreign cyber aggression in kind. But with that sharper stick comes greater risk of a misunderstanding that leads to an escalating conflict online. So intelligence officials in the Trump administration are talking about using the cyber hotline as a last-ditch crisis channel that might just prevent the electronic equivalent of the Cuban Missile Crisis, according to three U.S. officials.

“Everything has been laid out on the table, all sorts of options of dealing with this cyber security threat. The hotline is something that came up in the context of us needing to really face this issue head on—and to know that Russia has received the message,” said one senior intelligence official. “It’s the option we would use if we felt like all the other options weren’t working and if the crisis was escalating quickly. We’ve seen no signs that Russia has stopped meddling."

There are ongoing concerns in the Department of Homeland Security and the Federal Bureau of Investigation that Russia, among other countries, is continuing to to stir trouble in U.S. politics and actively planning efforts to meddle in the 2020 presidential elections, according to three individuals with first hand knowledge of reports drawn up on the subject within the last six months. (The FBI declined to comment for this story, and DHS didn’t respond to multiple written and telephone requests for comment.)

But while the Justice Department continues its prosecutions of Russian intelligence officers for their roles in the 2016 election and the military continues to gird for a possible cyber war, national security policymakers are trying to grapple with a pair of beyond-thorny questions: How do we stave off another Russian attack on U.S. elections? And what do we do to keep any attack from becoming a cataclysm? Warning Russia directly, through an official channel could provide at least some answers.

“I would expect to see some of that same Russian activity to occur again. I think the hotline is a useful tool to raise concerns,” said Michael Daniel, the former White House cybersecurity advisor and President and CEO of the Cyber Threat Alliance. “I am certain at some point the U.S. will use it again.”

Daniel was there for the first and only time the hotline has been used so far.

It was October of 2016, not long before the voting for president was set to begin. According to Daniel, the Obama White House decided to warn President Vladimir Putin that it had gathered intelligence that indicated Russia was attempting to disrupt the U.S. election.  

"We didn’t have a full of knowledge and understanding of the scope of the social media and the disinformation work,” Daniel said. “We were focused on the threats to the actual infrastructure.”

The decision to contact Russia through the established the hotline included a slew of top-level cabinet secretaries, including then-National Security Adviser Susan Rice.

Discussions about when and how to contact Russia spanned weeks, according to four former National Security Council staffers.

“There was a process at the staff level to approve the actual content to make sure we were sending the right message,” Daniel said, adding that no one in the administration knew if or how Russia would respond to the communication.

“The fact that we were using it to communicate our concerns about the potential for Russia using cyber means to disrupt the election,” he added. “We knew it would convey how serious we were about this issue.”

It’s the option we would use if we felt like all the other options weren’t working and if the crisis was escalating quickly. We’ve seen no signs that Russia has stopped meddling.
U.S. intelligence official

The message, which was carefully crafted into an agreed-upon template between the U.S. and Russia, eventually made its way to staffers at the National Risk Reduction Center at the State Department.

The U.S. and Russia created the center, known as the “NRCC,” in 1987 as a way to establish a direct line of communication in the threat of a nuclear war. More than a quarter-century later, Washington and Moscow signed an agreement to establish the cyber hotline—one tacked on to the old NRCC messaging system and an additional voice line that would extend between the U.S. Cybersecurity Coordinator in the White House and the Russian Deputy Secretary of the Security Council.

“It was a big deal… just like in the cold war, the way you handle nuclear, and now cyber, is to ease involuntary escalation,” said Chris Painter who served as the top U.S. “cyber diplomat” at the State Department from 2011 to 2017.

Once the 2016 message left the NRCC system, Daniel and his team received notice that it had been delivered to the Kremlin.

“And then, we waited,” Daniel said, adding that everyone involved in the crafting of the message went back to their daily routines.

“It took a couple of days,” he said. “Then, we heard back. Their message was ‘we need more information.’ That was the last of the communication.”  

Two other former National Security Staffers said that a voice hotline was also used to communicate with the Kremlin about about election meddling.

The cyber hotline idea came to fruition in 2013 amid growing concerns in the top circles of the U.S. administration that its relationship with Russia was on a crash course.

“The hotline was a symbolic gesture that could be used to help build a relationship with Russia and in the event there was ever a real emergency, the administration and Moscow could … chat,” added one former State Department official.

The voice line, Painter said, “was something the Russians wanted… No matter how bad things get between Russia and the United States, is always answered,” he said.

But the discussions that led to the actual implementation of the cyber hotlines—the messaging systems and the actual voice line—took several rounds of official talks between the U.S. and Russia.

According to former officials, there was a fundamental disagreement on what cyber security meant to Washington and to Russia.

“On our side, cyber security means protecting the integrity of information systems, protecting infrastructure that could be damaged through cyber intrusions,” one former official in the State Department said. “The Russians have a much broader definition of cyber security. That’s where you get things like monitoring communications of private citizens.”

A former staffer on the National Security Council told The Daily Beast that the voice lines between the White House and the Kremlin were open and at times active during the Obama administration. The White House communications personnel conducted a radio check with Russia each day to ensure the lines were working, the source said.

“One of things we were all trying to figure out at the time is how to get in touch with the Kremlin if anything ever happened or if there was an emergency,” a former official told The Daily Beast. “I remember one of the IT guys that worked in the White House telling me ‘I can get you a line with anyone in Russia, you just have to tell me who you want to talk to.’”

But there were no real conversations until that day in October 2016.

“Even before we had full awareness of what Russia was doing, it was always going to be difficult to talk about,” said one former State Department official. “We use cyber against each other for espionage and other things. There’s not a lot of trust there to begin with.”

Today, the White House is insisting that it is doing everything it can to prevent a hack of the American political system.

“The Trump administration is working across all levels of government to help protect America’s elections from foreign interference,” said Garrett Marquis, a spokesman for the National Security Council. “These efforts build on the administration’s support to states during past elections.”

But officials inside the administration are worried that Trump might somehow interfere with or block the communications channels..

“There’s no one who is willing to bring up Russia in meetings with the president,” one former official from the intelligence community said. “Whether it has to do with elections or sanctions —it’s just not something that gets discussed with him in front of large intelligence briefings or meetings.”

There’s no one who is willing to bring up Russia in meetings with the president. It’s just not something that gets discussed with him in front of large intelligence briefings.
Former U.S. intelligence official

For the most part, Russia has been uncooperative in cases of Russian hackers victimizing American companies and individuals, said Luke Dembosky, a partner at Debevoise & Plimpton. Dembosky is a former Deputy Assistant Attorney General for National Security who was stationed in Moscow for nearly three years as the Justice Department’s cyber attaché to Russia.

And, he said, more needs to be done to establish a working relationship with Russia to avoid another cyber fiasco.

“There’s little-to-no cooperation on the day-to-day stuff. The relationships aren’t in place for when something really bad happens,” he said. “You can set up all the hot lines you want but unless there’s some trust between the two countries, it’s going to result in failure.”

—with additional reporting by Anna Nemtsova in Moscow