NSA official: Russian attribution only the first step in hack response

Publicly attributing this summer's political campaign hacks to state-directed Russian hackers is the necessary precondition for further steps against Moscow, the NSA's deputy chief said Tuesday.

Publicly attributing this summer’s political campaign hacks to state-directed Russian hackers is the necessary precondition for further steps against Moscow, the NSA’s deputy chief said Tuesday.

The remarks signal that stronger retaliatory action from the U.S. might be in the cards as a result of hackers breaking into various Democratic organizations, including the Democratic National Committee.

“Attribution in a context like that is something that’s a necessary precursor for any other action the government decides to take,” Rick Ledgett told an audience at the AFCEA 2016 Cybersecurity Summit.

He had been asked what difference it would make now the government had come out and — in an unprecedented move — accused Russia of trying to “interfere” in U.S. elections. Ledgett said since responsibility had been established, sanctions or other policy responses could follow.


“First you need  to a foundation of … attribution … and then [on top of that] you have building blocks of increasingly severe consequences,” he said.

White House Press Secretary Josh Earnest said the Obama administration was weighing a “proportional” response.

“The president has talked before about the significant capabilities that the U.S. government has to both defend our systems in the United States but also carry out offensive operations in other countries,” Earnest told reporters traveling with the president on Air Force One Tuesday, “There are a range of responses that are available to the president.”

There are indeed a variety of policy responses available to the administration, officials say — but none of them are particularly attractive.

Some reports have suggested that the Justice Department is attempting to build a criminal case against the hackers. Others, that Treasury is studying what sanctions might be available under the president’s emergency declaration, which creates the legal basis for unilateral U.S. sanctions against individuals and companies engaged in hacking.


Sanctions against individual Russian hackers — like the indictment in 2014 of five Chinese cyber-warriors, officers in the People’s Liberation Army — would be largely symbolic.

But it would show U.S. prowess in attribution, as well as shaming the attackers without requiring the public disclosure of intelligence sources and methods — as a public indictment likely would.

“If you look at our all-tools approach to cyber,” said one U.S. national security official recently of the Russian hacks, “it’s up to each agency or department to examine whether and how the tools in their toolbox might be used.”

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at

Latest Podcasts