The administration did not view cyber activities by Russia as part of a larger overall campaign and limited information-sharing efforts in ways that inhibited a more cohesive response.
The Obama administration had no real game plan for dealing with Russian election interference in 2016, lacking the visibility and policy options to swiftly respond to a range of malicious activity in cyberspace and constrained by the perceived political consequences of going public with what they knew, according to a new report by the Senate Intelligence Committee.
According to interviews of Obama administration officials conducted by committee staff, the administration had only limited visibility and understanding of Russian activities in fall 2016, particularly the targeting of state and local election systems. Those efforts, along with disinformation campaigns on social media, continued even after the administration reached out to warn Moscow to cease its campaign.
Crucially, the report asserts that the Obama administration did not view Russian cyber activity as part of a larger, holistic geopolitical campaign of active measures until August 2016, years into Moscow's campaign and mere months before voters cast their ballots.
Indeed, most officials, including National Security Advisor Susan Rice and White House Cybersecurity Coordinator Michael Daniel, first learned that Russian GRU officers had hacked and stolen Democratic National Committee emails from media reports. Even then, their initial reaction was that it "fell within the bounds of traditional espionage," rather than a precursor to a larger campaign of manipulation.
This view informed the White House response, from how seriously to treat the theft of DNC emails to the speed and breadth of its information sharing efforts to the decision to have the FBI, rather than the National Security Council or intelligence agencies, take the lead on responding to the intrusion. While FBI agents attempted to warn the DNC in 2015 and 2016 that it was being targeted, how the organization responded to those warnings is redacted.
Despite the Obama administration's sluggish response to the 2016 election, Russian cyber activity against the U.S. was "a well-known issue within the administration" prior to that.
On disinformation, former Deputy Secretary of State Antony Blinken recalled a 2014 episode in which a phone call between the Department of State and Ukraine was intercepted by Russian hackers and later posted on YouTube, telling the committee it "fed the larger concern that we had that we were in a new world of misinformation … a new world where information warfare was really the new front line, and that the Russians were using it in increasingly aggressive ways."
The report found that the administration was fearful of responding too forcefully, out of concern that it would be viewed as a partisan act to harm Donald Trump's candidacy and fear that doing so could, in the words of then Chief of Staff Denis McDonough, result in "doing the Russians' dirty work for them" of undermining faith in the integrity of the election.
Following the DNC leaks, the White House received "key insights" from U.S. intelligence agencies about Russian plans to weaponize the information. Just what they may have learned was redacted, but Rice and others advocated Obama be briefed "within an hour or two" of learning about it, followed by the Gang of Eight in Congress during August 2016.
Still, Rice was adamant about restricting the discussion about policy responses within the executive branch, with only a select number of high-level government officials involved in her "small-group" meetings. That group did not include the secretaries of Defense, State, Treasury, the chairman of the Joint Chiefs of Staff or White House cybersecurity coordinator.
While Daniel was not part of the small group convened by the White House, he had been tasked by Homeland Security Advisor Lisa Monaco in June 2016 to tee up a list of potential responses to Russia's cyber activities, which reportedly included the use of denial of service attacks against Russian news sites and other offensive cyber options to deter further meddling.
Those options, which were sent to NSC staffers and other interagency partners, were not synchronized with the Rice's group and led to some confusion. Rice told the committee the response by Daniel "was not part of my small-group process" and that he had sent his response options "to a bunch of people who had no business seeing them."
A lack of information sharing within the federal government and among other stakeholders has been widely cited as one of the biggest mistakes made by the U.S. government responding to Russian interference efforts in 2016.
In a statement, Senate Intelligence Committee Chair Richard Burr (R-N.C.) said the Obama administration "made decisions that limited their options, including preventing internal information-sharing and siloing cyber and geopolitical threats."
Sen. Ron Wyden (D-Ore.) criticized the Obama administration for its decision to "severely limit" its briefings to Congress on Russian interference, excluding committee staff from participating and preventing recordkeeping that could have prompted larger discussions about accountability and notifying the broader public.
"If the Administration had informed the public of Russian hacking and dumping earlier than October 7, and had there been bipartisan condemnation of these operations, the public and the press may have reacted differently to the WikiLeaks releases," Wyden wrote.
Intelligence agencies have admitted the need for faster information sharing around election threats, within the federal government and particularly to stakeholders in state and local government, who are on the front lines of election administration but lack the intelligence apparatus to identify such foreign campaigns.
The Office of the Director of National Intelligence created a new position to specifically address coordination on election threats, while the Department of Homeland Security has worked to ensure that every state has at least one official with the necessary security clearance to receive classified intelligence. The FBI and DHS have also committed to informing state governments when the federal government knows one of their local election systems have been hacked.
While coordination has increased in some areas, it has decreased in others. Notably, the White House cybersecurity coordinator position was eliminated by the Trump administration in 2018, leaving no one at the National Security Council specifically tasked with coordinating executive branch actions on cybersecurity matters.
The report recommends a number of other actions to deter future campaigns by Russia or other countries, including supporting international cyber norms, developing concrete plans to respond to foreign interference in the "highly politicized" environment of a U.S. election, integrating cyberattacks by foreign governments into larger geopolitical foreign policy discussions, collecting better intelligence on the information warfare capabilities of foreign adversaries, providing "substantive and timely" information sharing to federal agencies, Congress and state and local governments about future threats, and clarifying roles and responsibilities within the intelligence community for detecting and mitigating influence operations online.
NEXT STORY: Agencies look to 'low code' to speed development