Obama cyber chief confirms 'stand down' order against Russian cyberattacks in summer 2016

WASHINGTON — The Obama White House’s chief cyber official testified Wednesday that proposals he was developing to counter Russia’s attack on the U.S. presidential election were put on a “back burner” after he was ordered to “stand down” his efforts in the summer of 2016.

The comments by Michael Daniel, who served as White House “cyber security coordinator” between 2012 and January of last year, provided his first public confirmation of a much-discussed passage in the book, “Russian Roulette: The Inside Story of Putin’s War on America and the Election of Donald Trump,” co-written by this reporter and David Corn, that detailed his thwarted efforts to respond to the Russian attack.

From left, Toria Nuland, Mark Warner, and Michael Daniel
Former White House cybersecurity coordinator Michael Daniel, right, looks on as former Assistant Secretary of State Victoria Nuland, left, is greeted by committee vice chairman Mark Warner, D-Va. (Photo: Andrew Harnik/AP)

They came during a Senate Intelligence Committee hearing into how the Obama administration dealt with Russian cyber and information warfare attacks in 2016, an issue that has become one of the more politically sensitive subjects in the panel’s ongoing investigation into Russia’s interference in the U.S. election and any links to the Trump campaign.

The view that the Obama administration failed to adequately piece together intelligence about the Russian campaign and develop a forceful response has clearly gained traction with the intelligence committee. Sen. Mark Warner, D-Va., the ranking Democrat on the panel, said in an opening statement that “we were caught flat-footed at the outset and our collective response was inadequate to meet Russia’s escalation.”

That conclusion was reinforced Wednesday by another witness, Victoria Nuland, who served as assistant secretary of state for Europe during the Obama administration. She told the panel that she had been briefed as early as December 2015 about the hacking of the Democratic National Committee — long before senior DNC officials were aware of it — and that the intrusion had all the hallmarks of a Russian operation.

Victoria Nuland appears before a Senate Intelligence Committee hearing. (Photo: Andrew Harnik/AP)
Victoria Nuland appears before a Senate Intelligence Committee hearing. (Photo: Andrew Harnik/AP)

As she and other State Department officials became “more alarmed” about what the Russians were up to in the spring of 2016, they were authorized by then Secretary of State John Kerry to develop proposals for ways to deter the Russians. But most of those steps were never taken — in part because officials assumed they would be taken up by the next administration.

“I believe there were deterrence measures we could have taken and should have taken,” Nuland testified.

As intelligence came in during the late spring and early summer of that year about the Russian attack, Daniel instructed his staff on the National Security Council to begin developing options for aggressive countermeasures to deter the Kremlin’s efforts, including mounting U.S. “denial of service” attacks on Russian news sites and other actions targeting Russian cyber actors.

Daniel declined to discuss the details of those options during Wednesday’s open hearing, saying he would share them with the panel during a classified session later in the day. But he described his proposals as “the full range of potential actions” that the U.S. government could use in the cyber arena “to impose costs on the Russians — both openly to demonstrate that we could do it as a deterrent and also clandestinely to disrupt their operations as well.”

Sen. James Risch, R-Idaho, asked about a “Russian Roulette” passage in which one of Daniel’s staff members, Daniel Prieto, recounted a staff meeting shortly after the cyber coordinator was ordered by Susan Rice, President Obama’s national security adviser, to stop his efforts and “stand down.” This order was in part because Rice feared the options would leak and “box the president in.”

“I was incredulous and in disbelief,” Prieto is quoted as saying in the book. “It took me a moment to process. In my head, I was like, did I hear that correctly?” Prieto told the authors he then spoke up, asking Daniel: “Why the hell are we standing down? Michael, can you help us understand?”

Vladimir Putin with Barack Obama
Russian President Vladimir Putin, left, with then President Barack Obama in Hangzhou, China, summer 2016. (Alexei Druzhinin/Sputnik, Kremlin Pool Photo via AP)

Daniel confirmed to the intelligence panel that the account was “an accurate rendering of what happened” in his staff meeting. He said his bosses at the NSC — he did not specifically mention Rice in his testimony — had concerns about “how many people were working on the options” so the “decision” from his superiors at the Obama White House was to “neck down the number of people that were involved in developing our ongoing response options.”

Daniel added that “it’s not accurate to say that all activity ceased at that point.” He and his staff “shifted our focus” to assisting state governments to protect against Russian cyberattacks against state and local election systems.

But as for his work on developing cyber deterrence measures, “those actions were put on a back burner and that was not the focus of our activity during that time period.”

Instead, Obama officials chose another course of action after becoming frustrated that Republican leaders on Capitol Hill would not endorse a bipartisan statement condemning Russian interference and fearful that any unilateral action by them would feed then candidate Donald Trump’s claims that the election was rigged. They chose a private “stern” warning by Obama to Russian President Vladimir Putin at a summit in China in early September 2016 to stop his country’s campaign to disrupt the U.S. election.

Obama officials were also worried that a vigorous cyber response along the lines Daniel had proposed could escalate into a full scale cyber war. And, they have since argued, they believed that the president’s warning had some impact, noting — as Daniel did in his testimony — that they saw some tamping down in Russian probing of state election data systems after Obama’s private talk with Putin.

But Nuland testified that while the Russians were “a little less active” in September after the Obama warning, Russian activity picked up again in October when the Russians accelerated their social media campaign using phony Facebook ads and Twitter bots.

“We saw an increase in what they were doing in social media,” Daniel agreed. “They shifted their focus.”

Donald Trump and Russia's President Vladimir Putin
Donald Trump and Russian President Vladimir Putin at a conference last November. (Photo: Jorge Silva/Pool Photo via AP)

Nuland also revealed, in response to questions by Sen. Susan Collins, R-Maine, another previously unpublicized dimension to the Russian attack. That summer, Collins said, FBI officials advised the committee that Russian diplomats were traveling around the country in areas they were not — under diplomatic protocols — permitted to visit , apparently to collect intelligence. Asked by Collins if she believed this was part of the Russian so-called active measures attack on the election, Nuland responded, “I do.”

After the November 2016 election, in which Trump defeated Hillary Clinton, Obama did impose new sanctions on Russia’s intelligence services and expelled diplomats. But Nuland testified that most in the administration saw that as only a beginning of what needed to be done. “It’s fair to say that all of us in the process assumed what was done in December and January would be a starting point for what the incoming administration would then build on.”

The Wednesday hearing by the intelligence panel did not touch steps the Trump administration has taken — or in many cases, failed to take — to respond to the Russian election attack. But both witnesses emphasized that there is new urgency to the issue to developing proposals to do so. Daniel noted that a malicious new Russian botnet – known as a “VPN filter” — has been discovered infecting home office routers and allowing hackers to intercept internet communications. He said this was a “type of malware we haven’t seen before” and shows “the intent of the Russians to continue their cyber activities.”

Nuland also noted that other nation-state actors have learned from the Russian playbook, singling out the Chinese who, she said, are now conducting influence operations and disinformation campaigns in Australia, Taiwan and other countries in the region. All this, she said, calls for new U.S. government measures, including the creation of a multiagency “fusion center” — modeled after the National Counterterrorism Center created after the Sept. 11 terror attacks — to collect intelligence and expose “state-sponsored efforts to undermine our democracy” and the appointment of an “international coordinator” to develop coordinated responses with U.S. allies.

Read more from Yahoo News: