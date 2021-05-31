



NPR’s Michel Martin speaks with Glenn Gerstell, the former general counsel for the National Security Agency, about the recent cyberattack which Microsoft said targeted government agencies.

MICHEL MARTIN, HOST:

We’re going to take another look at the massive cyber attack that Microsoft announced recently. The software giant said it discovered the breach last week. They said they believed it started with Russian hackers breaking into an email marketing company called Constant Contact, targeting the United States Agency for International Development, or USAID, among others. While the federal government played down the attack, Microsoft says it appears to be linked to the same Russian group behind the SolarWinds attack late last year.

Now, this all comes weeks before President Biden and Russian President Vladimir Putin meet in Geneva. And, of course, this is just the latest escalation in the already strained relationship between the two countries. Given the frequency and severity of these cyber attacks, we wanted to know what could be done to prevent them. Or is it some kind of new normal that we have to deal with if we can’t fix it?

We called Glenn Gerstell for this. Previously, he was General Counsel for the National Security Agency and is now Senior Advisor at the Center for Strategic and International Studies. It’s a global affairs think tank here in Washington, DC Glenn Gerstell, welcome. Thanks for join us.

GLENN GERSTELL: Thank you. Happy to join.

MARTIN: And I want to mention in the spirit of full disclosure that Microsoft and Constant Contact are financial backers of NPR. That being said, let’s start at the top. How important is this attack, in your opinion?

GERSTELL: The attack is more significant for its daring and timing than for the actual consequences. So we just saw with the Colonial Pipeline ransomware attack, a cyberattack that had far bigger consequences with people lining up for gas shortages on the East Coast. This attack, as I said, did not have the same physical consequences. But, my boy, the timing was just amazing. We’re here just weeks after President Biden issued an executive order aimed at addressing the federal government’s cybersecurity posture, weeks after the president announced sanctions against Russia and kicked out some diplomats for the extraordinary attack on SolarWinds. And here we apparently see the same people – insecure but certainly based in Russia, criminals or maybe the state itself, the government itself – undertaking a very, very visible attack.

MARTIN: And so I was going to ask you – yes – why do you think these attacks continue to happen despite the sanctions that the Biden administration has already imposed, you know, on Russia? And do you think the government is doing enough to protect itself against these threats and also for us, the public?

GERSTELL: Well, your question is really the key. And I think the lesson we take from that is that in some ways our cyber insecurity in this regard is a chronic disease for which we don’t have a single cure. It is not a disease for which there is a particular medicine that we could take to get rid of it. Unfortunately, however, we are at the onset of this chronic disease. It will get worse before it gets better. It will eventually get better. But in the meantime, we have sophisticated attackers, nation states and criminals who can co-opt legitimate servers and businesses, as well as computers and software. And that proves, unfortunately, that our current system of deterrence is simply not working.

MARTIN: So, as we said, Russian President Vladimir Putin and US President Joe Biden are preparing for their summit in Geneva next month. Russia, should I say, has denied responsibility for this and the attack on SolarWinds. But I think most people now know that, you know, chaos is their mark – isn’t it? – that Russia – that one of their goals is right – is to create dissension and chaos. And we saw it in the 2016 election. We have seen it since. How do you think the president should handle this? In your opinion, is there something that should take place at this meeting to resolve this issue?

GERSTELL: Well, I’d sure like to be a – so to speak, a fly on the wall at this meeting and listen to what’s being said. But I think we can probably predict what is going to be said, which is that President Biden will take a very hard stance and complain to his Russian counterpart that it is totally, totally unacceptable that we followed this malicious cyber activity in Russia. There is no doubt that this is happening either because of the Russian government itself, possibly through its foreign intelligence service called SVR or through criminal gangs in Russia who are apparently allowed to operate because you can’t imagine than anyone would dare to do such an extraordinary thing. in Russia, it would have international repercussions without at least a wink and a nod from the Kremlin.

And we know what the answer will be. Putin will say, oh, absolute nonsense, # 1, no proof of that. You can’t show me particular hands on a particular keyboard that proves it’s Russian. And we probably can’t. And also, he will say what he said before, which is to say, look; if you violate Russian laws, I will crack down on you. But I don’t see any evidence that anyone has violated Russian law, which means that in fact, it is okay for Russians to engage in cyber malevolence abroad. So I don’t think the meeting itself, other than sending a message to President Putin, is going to accomplish much. We need to do a lot more. And I know the administration recognizes it. But this is a first step.

MARTIN: So before I let you go, you know, I feel like there’s a set – I guess the government has a whole manual on cybersecurity and cybersecurity response, like, you know , retaliatory measures or – so to speak. But – I know this is a deeper subject than what we have time to enter, but what about the regulation of cryptocurrency? That seems to be the mechanism by which these foreign criminals and evildoers get away with it, doesn’t it? So, is this something that needs to be on the table?

GERSTELL: Well, sure. Two points here – one, the regulation of cryptocurrency, which is a very difficult subject, would likely have a big effect on reducing ransomware. It’s not going to stop malicious cyber activity that is purely aimed at creating havoc, and it’s not going to stop spying, which the Russians do in a lot of these cases.

But more generally, you have pointed out that we have to do several things. In other words, it’s not just about regulating cryptocurrency. It is a step. We need coordinated international sanctions to make sure it is illegal for countries to export cyber malware. We need to do a lot more here in terms of better connections between the private and public sectors to fight and stop cyber attacks when they occur. So there are a lot of steps we can take, and it all comes back to my point of view that this is a chronic disease, which you fail to deal with with just one thing, but a whole lot. series of things, which all together will do that. much better problem.

MARTIN: This is Glenn Gerstell, former General Counsel for the National Security Agency and currently Senior Advisor for the International Security Program at the Center for Strategic and International Studies. Glenn Gerstell, thank you very much for your time.

GERSTELL: Thank you very much. I appreciate it.

(PIECE OF MUSIC)

