As concerns mount that Russia will unleash hackers and online disinformation brigades to wreak havoc in another American election, senior U.S. officials are taking a second look at a technology handed down from the age of Gorbachev and Reagan: an emergency “hotline” between officials in the U.S. and Russia that might someday pull both countries back from the brink of an all out cyberwar.
The secure messaging system, known colloquially in the White House as the “cyberhotline,” already exists. It was set up in 2013—building off a Cold War messaging system, in fact—in the hope that it might facilitate conversations between the two countries during a crisis in cyberspace, where the identities and intentions of attackers are often muddled. So far it’s been used only once, in the waning days of the Obama administration, when the White House’s cyberchief fired off a carefully worded warning to Moscow not to attack the “infrastructure” for the 2016 election.
Since then, the U.S. has invested in developing a Cold War-style deterrence capability in cyberspace, and military brass have publicly touted their willingness to respond to foreign cyberaggression in kind. But with that sharper stick comes greater risk of a misunderstanding that might lead to an escalating conflict online. So intelligence officials in the Trump administration are talking about using the cyberhotline as a last-ditch crisis channel that might just prevent the electronic equivalent of the Cuban Missile Crisis, according to three U.S. officials.
“Everything has been laid out on the table, all sorts of options of dealing with this cybersecurity threat. The hotline is something that came up in the context of us needing to really face this issue head on—and to know that Russia has received the message,” said one senior intelligence official. “It’s the option we would use if we felt like all the other options weren’t working and if the crisis was escalating quickly. We’ve seen no signs that Russia has stopped meddling."
There are ongoing concerns in the Department of Homeland Security and the Federal Bureau of Investigation that Russia, among other countries, is continuing to to stir trouble in U.S. politics and is actively planning to meddle in the 2020 presidential elections, according to three individuals with first-hand knowledge of reports drawn up within the last six months. (The FBI declined to comment for this story, and DHS didn’t respond to multiple written and telephone requests for comment.)
But while the Justice Department continues its prosecutions of Russian intelligence officers for their roles in the 2016 election and the military continues to prepare for a possible cyberwar, national security policymakers are grappling with a pair of beyond-thorny questions: How do we stave off another Russian attack on U.S. elections? And what do we do to keep any attack from becoming a cataclysm? Warning Russia directly through an official channel could provide at least some answers.
“I would expect to see some of that same Russian activity to occur again. I think the hotline is a useful tool to raise concerns,” said Michael Daniel, the former White House cybersecurity adviser and president and CEO of the Cyber Threat Alliance. “I am certain at some point the U.S. will use it again.”
Daniel was there for the first and only time the hotline has been used so far.
It was October 2016, not long before the voting for president was set to begin. According to Daniel, the Obama White House decided to warn President Vladimir Putin that it had gathered intelligence that indicated Russia was attempting to disrupt the U.S. election.
"We didn’t have full knowledge and understanding of the scope of the social media and disinformation work,” Daniel said. “We were focused on the threats to the actual infrastructure.”
The decision to contact Russia through the established hotline included a slew of top-level cabinet secretaries, including then-National Security Adviser Susan Rice.
Discussions about when and how to contact Russia spanned weeks, according to four former National Security Council staffers.
“There was a process at the staff level to approve the actual content to make sure we were sending the right message,” Daniel said, adding that no one in the administration knew if or how Russia would respond to the communication.
“The fact that we were using it to communicate our concerns about the potential for Russia using cyber-means to disrupt the election,” he added. “We knew it would convey how serious we were about this issue.”
The message, which was carefully crafted into an agreed template between the U.S. and Russia, eventually made its way to staffers at the Nuclear Risk Reduction Center (NRRC) at the State Department.
The U.S. and Russia created the center in 1987 as a way to establish a direct line of communication in the event of looming nuclear war. More than a quarter-century later, Washington and Moscow signed an agreement to establish the cyberhotline—one tacked on to the old NRRC messaging system and an additional voice line that would extend between the U.S. Cybersecurity Coordinator in the White House and the Russian Deputy Secretary of the Security Council.
“It was a big deal… just like in the cold war, the way you handle nuclear, and now cyber, is to ease involuntary escalation,” said Chris Painter who served as the top U.S. “cyberdiplomat” at the State Department from 2011 to 2017.
Once the 2016 message left the NRRC system, Daniel and his team received notice that it had been delivered to the Kremlin.
“And then, we waited,” Daniel said, adding that everyone involved in the crafting of the message went back to their daily routines.
“It took a couple of days,” he said. “Then, we heard back. Their message was, ‘We need more information.’ That was the last of the communication.”
Two other former National Security Council staffers said that a voice hotline was also used to communicate with the Kremlin about election meddling.
The cyberhotline idea came to fruition in 2013 amid growing concerns in the U.S. administration that its relationship with Russia was on a crash course.
“The hotline was a symbolic gesture that could be used to help build a relationship with Russia and in the event of a real emergency, the administration and Moscow could… chat,” said one former State Department official.
The voice line, Painter said, “was something the Russians wanted… No matter how bad things get between Russia and the United States, it is always answered.”
But the discussions that led to the implementation of the cyberhotlines—the messaging systems and the actual voice line—took several rounds of official talks between the U.S. and Russia.
According to former officials, there was a fundamental disagreement on what cybersecurity meant to Washington and to Russia.
“On our side, cybersecurity means protecting the integrity of information systems, protecting infrastructure that could be damaged through cyberintrusions,” one former official in the State Department said. “The Russians have a much broader definition of cybersecurity. That’s where you get things like monitoring communications of private citizens.”
A former staffer on the National Security Council told The Daily Beast that the voice lines between the White House and the Kremlin were open and at times active during the Obama administration. White House communications personnel conducted a radio check with Russia each day to ensure the lines were working, the source said.
“One of the things we were all trying to figure out at the time is how to get in touch with the Kremlin if anything ever happened or if there was an emergency,” a former official told The Daily Beast. “I remember one of the IT guys that worked in the White House telling me, ‘I can get you a line with anyone in Russia, you just have to tell me who you want to talk to.’”
But there were no real conversations until that day in October 2016.
“Even before we had full awareness of what Russia was doing, it was always going to be difficult to talk about,” said one former State Department official. “We use cyber against each other for espionage and other things. There’s not a lot of trust there to begin with.”
Today, the White House is insisting that it is doing everything it can to prevent a hack of the American political system.
“The Trump administration is working across all levels of government to help protect America’s elections from foreign interference,” said Garrett Marquis, a spokesman for the National Security Council. “These efforts build on the administration’s support to states during past elections.”
But officials inside the administration are worried that Trump might somehow interfere with or block the communications channels..
“There’s no one willing to bring up Russia in meetings with the president,” one former official from the intelligence community said. “Whether it has to do with elections or sanctions—it’s just not something that gets discussed with him in front of large intelligence briefings or meetings.”
For the most part, Russia has been uncooperative in cases of Russian hackers victimizing American companies and individuals, said Luke Dembosky, a partner at Debevoise & Plimpton. Dembosky is a former Deputy Assistant Attorney General for National Security who was stationed in Moscow for nearly three years as the Justice Department’s cyberattaché to Russia.
And, he said, more needs to be done to establish a working relationship with Russia to avoid another cyberfiasco.
“There’s little-to-no cooperation on the day-to-day stuff. The relationships aren’t in place for when something really bad happens,” he said. “You can set up all the hotlines you want but unless there’s some trust between the two countries, it’s going to result in failure.”
—with additional reporting by Anna Nemtsova in Moscow