On Tuesday, the heads of the NSA, CIA, FBI, and ODNI—America's intelligence community brain trust—gathered before members of the Senate Select Committee on Intelligence to discuss various worldwide threats. And while most of the topics were familiar, the hearing also included a few revelatory moments, insights into fears that were either detailed or confirmed.
The following doesn't comprise every single morsel shared by NSA chief Mike Rogers, CIA head Mike Pompeo, FBI director Christopher Wray, and Director of National Intelligence Dan Coats on Tuesday. But it does take a closer look at what keeps US intelligence agencies up at night—and what they're doing about it.
Russia's Not Done Meddling in the US
Coats made clear from the beginning of the hearing that the chaos Russia created during the 2016 election was only the beginning. “Persistent and disruptive cyber operations will continue against the United States and our European allies, using elections as opportunities to undermine democracy, sew discord, and undermine our values,” DNI Coats said during his opening remarks.
"There should be no doubt that Russia perceived its past efforts as successful, and views the 2018 US midterm elections as a potential target for Russian influence operations."
'There should be no doubt that Russia perceived its past efforts as successful.'
Dan Coats, Director of National Intelligence
His intelligence community colleagues, and members of Congress, clearly agreed with that assessment. It's less clear, though, what the country has actually done to mitigate those threats. Asked by senator Kamala Harris whether the intelligence community has any written policy laying out whose responsibility it is to handle the abuse of social media by foreign adversaries, Coats said he was unsure, and would need to get back to her.
Both Coats and Wray agreed social media companies have been increasingly cooperative with intelligence, but senator Warner expressed skepticism that companies like Facebook and Twitter can adequately police themselves. “I think the companies are slow to recognize this threat,” Warner said. “I don’t believe we have a full plan.”
Despite the unanimous agreement by the intelligence officials that Russian interference would continue to be a threat in the 2018 and 2020 elections, senators repeatedly noted that President Trump has made no such acknowledgement. Instead, Trump has often conflated the issues of Russian interference with the investigation into his own campaign’s possible coordination with Russian actors.
“I wish you could persuade the president as a matter of national security to separate these two issues,” said senator Angus King from Maine. “We cannot confront this threat, which is a serious one, with a whole of government response when the leader of the government continues to deny that it exists.”
Russia's Not Done Attacking Ukraine Either
Although not included in his oral testimony, Coats also provided a written “Global Threat Assessment” to Congress. In it, the intelligence community ticks off expected digital threats from North Korean theft to Chinese hacking of defense contractors to Iranian disruptive attacks against Saudi Arabia and Israel.
The document is clear that Russia has been laying the groundwork for similar attacks on American infrastructure, and isn’t stopping now.
Perhaps most disturbing among those is a warning that Russia will continue to escalate its attacks on Ukraine, where it’s been testing critical infrastructure hacking technique that have included the first-ever hacker-induced blackouts. “We expect that Russia will conduct bolder and more disruptive cyber operations during the next year, most likely using new capabilities against Ukraine,” it reads. “The Russian Government is likely to build on the wide range of operations it is already conducting, including disruption of Ukrainian energy distribution networks, hack-and-leak influence operations, distributed denial-of-service attacks, and false flag operations.”
While that might sound like a faraway Ukrainian problem, the document is clear that Russia has been laying the groundwork for similar attacks on American infrastructure, and isn’t stopping now. “In the next year, Russian intelligence and security services will continue to probe US and allied critical infrastructures,” it reads.
Pompeo Alludes to the CIA's Secret Deterrence Plan
Given repeated testimony that Russia will likely attempt to meddle in the 2018 midterm elections and other upcoming democratic NATO elections around the world, some senators pressed the question of how to deter cyberattacks proactively, and how to respond if and when they occur.
"We've had more than a year to get our act together and address the threat posed by Russia and implement a strategy to deter further attacks," Warner said. "I believe we still don't have a comprehensive plan."
Again, many of the senators noted the disparity between Trump's remarks about the Russian threat and the intelligence community's conclusions.
"Has the president directed you and your agency to take specific actions to confront and blunt Russian influence activities that are ongoing?" asked senator Jack Reed of Rhode Island.
"We're taking a lot of specific efforts to blunt Russia," Wray answered. But he added when pressed, "Not as specifically directed by the President."
Some senators also expressed frustration that President Trump did not enact sanctions Congress passed against Russia in response to 2016 election meddling. "There are no repercussions," senator King said, noting that the inaction existed during the Obama Administration as well. "We have no doctrine of deterrence. How are we ever going to get them to stop doing this if all we do is patch our software and try to defend ourselves?"
'It's important that the adversary know it; it is not a requirement that the whole world know it.'
CIA Director Mike Pompeo
But Pompeo offered a soft rebuttal, alluding to retaliatory cyberattacks or other clandestine operations. "While I can’t say much in this setting, I would argue that your statement that we have done nothing does not reflect the responses that, frankly, some of us at this table have engaged in and the United States government has engaged in both during and before this administration," Pompeo said. Though observers widely assume that the US participates in "hacking back," it is rare to hear acknowledgement of these campaigns.
Senator King pressed that "deterrence doesn't work unless the other side knows it." To which Pompeo replied, "It's important that the adversary know it; it is not a requirement that the whole world know it."
Chinese Companies—And Students—May Pose a Risk
Senators on both sides of the aisle showed early anxiety over China's role in the world Tuesday. “I’m not sure in the 240-some-odd year history of this nation we’ve ever faced an adversary to have this scale, scope, and capacity,” said senator Marco Rubio of Florida.
Both Democrat Mark Warner and Republican Tom Cotton expressed fears over the close relationship between Chinese tech companies like Huawei and the Chinese government. In particular, they expressed concerns that this technology could be used for surveillance purposes. During the hearing, Cotton asked the full panel of intelligence experts to raise their hands if they would recommend consumers use products made by Huawei or ZTE, another Chinese telecom giant. None raised their hands.
This mounting pressure on Capitol Hill is already prompting changes in the private sector. Last month, Verizon reportedly decided it would no longer sell Huawei phones—under pressure from the US government—following AT&T’s decision to also pull out of a deal to sell the Chinese company’s new phone.
In a statement, a Huawei spokesperson said the company is "aware of a range of U.S. government activities seemingly aimed at inhibiting Huawei's business in the U.S. market" and that its technology "poses no greater cybersecurity risk" than any other vendor.1
Rubio’s line of inquiry extended beyond business to the world of academia, asking the FBI director Christopher Wray about the “risk posed to US national security by Chinese students, particularly those in advanced programs in science and mathematics.” Wray said that the use of “non-traditional collectors” of intelligence is common in academic settings.
“They’re exploiting the very open research and development environment we have, which we all revere, but they’re taking advantage of it,” Wray said. Even if his comments have a kernel of truth, Wray's comments still amount to a sweeping generalization about students from China, one that could complicate an already fraught period in immigration policy in America.
Pompeo Denies Shadow Brokers Negotiations—And Confirms Them
Pompeo also expressed displeasure with a pair of articles last week that described how the US government attempted to negotiate with Russians in an attempt to buy back highly NSA secret documents and hacking tools obtained by an unknown group calling itself the Shadow Brokers. In response to questions from senator Susan Collins, he called media reports from The New York Times and the Intercept “atrocious, ridiculous, totally inaccurate.”
Pompeo flatly denied that the CIA had offered any money to Russian sources, countering the Times and Intercept accounts that those sources were offered $1 million, and received $100,000, in US government funds as an initial payment. “The Central Intelligence Agency did not provide any resources or money to these individuals who proffered government information, directly or indirectly, at any time,” Pompeo said.
But Pompeo’s denial itself contained confirmations of elements of the story. He argued, for instance, that the agency hadn’t sought any of the compromising information, or “kompromat,” about Russian collusion with Donald Trump that the Russian sources had offered unsolicited—exactly as the articles stated. And he reinforced the articles’ central accounts: That the US government had in fact negotiated to achieve the return of the NSA’s secrets. “The information we were working to try to retrieve might well have been stolen from the US government,” Pompeo said. “It was unrelated to to the issue of kompromat that appears in each of those two articles.”
Andy Greenberg, Issie Lapowsky, and Lily Hay Newman contributed to this report.
1Update: 9:12 AM ET 02/14/2017 This story has been updated to include comment from Huawei.
- For a deeper look into Russia's infrastructure hacking—and why it's so scary no matter where you live—check out Andy Greenberg's in-depth feature from last summer
- Here's how Russia hacks elections, both in the US and abroad. Get ready for more of it this year
- There's never a bad time to peruse WIRED's guide to digital security, but this feels like an especially good one