While the U.S. intelligence machine is certain that Russia interfered with the recent presidential election, lawmakers are just beginning to wrestle with how to deter and retaliate against future cyberattacks.
Leaders from several intelligences agencies appeared before the Senate Armed Services Committee on Thursday, testifying that Russia used cyberattacks and spread disinformation and fake news to impact the outcome of the U.S. presidential election in November. They also said Russia poses a significant threat to American democracy in the future.
James Clapper Jr., director of National Intelligence, told lawmakers that the intelligence community will brief Congress next week on a comprehensive review of the Russian hacking operation. A version of the report will be released to the public as well, but he would not elaborate on the details.
Yet Clapper didn't hesitate to point the finger at Russia's meddling in the recent U.S. presidential election: "We assess that only Russia's senior-most officials could have authorized the recent election-focused data thefts and disclosures, based on the scope and sensitivity of the targets."
The hearing to discuss foreign cyber threats to the United States identified China, North Korea and Iran as potential threats in this area, but it mainly focused on the alleged Russian-orchestrated hacking operation of the U.S. electoral process and President-elect Donald Trump's attempts to discredit the intelligence agencies that confirmed the Russian involvement.
Trump recently said the CIA's conclusion that Russia interfered in the presidential election is "ridiculous" and being used by Democrats as "just another excuse" for his defeat of Hillary Clinton.
On Wednesday, Trump cited WikiLeaks founder Julian Assange to cast doubt that Russia is behind the hacking of the Democratic National Committee. "Julian Assange said 'a 14 year old could have hacked Podesta' -- why was DNC so careless?" Trump tweeted, referring to top Hillary Clinton adviser John Podesta.
Sen. John McCain, a Republican from Arizona and chairman of the Senate panel, called Russia's attempt to interfere with the U.S. election an "unprecedented attack on our democracy."
The goal of the review the Clapper is leading "is not to question the outcome of the election, nor should it be," McCain said. "Every American should be alarmed by Russia's attacks on our nation. There is no national security interest more vital to the United States of America than the ability to hold free and fair elections with foreign interference."
McCain and other lawmakers expressed frustration that there is currently no policy for responding to these types of attacks.
"I don't think any of our intelligence people know what to do if there is an attack, besides report it," he said. "I don't think any of our people, if they see an attack coming, know what specific action should be taken. Maybe I am missing something, but I have asked time after time, 'What do you do in the case of an attack?' And there has not been an answer."
Marcel J. Lettre II, undersecretary of defense for intelligence, agreed with McCain.
"You are right that we have a lot more work to do to put the right deterrence and response framework in place on cyber," Lettre said. "This is somewhat of a new domain of operations and, in some cases, warfare and in my personal opinion the next administration would be well served to focus very early on those questions of continuing to develop [an] overarching policy, a comprehensive approach and an increasingly robust and refined deterrence framework."
Clapper said that such a policy should avoid using a cyber-attack as the go-to retaliatory option.
"When something major happens in cyberspace, our automatic default policy position should not be exclusively to counter cyber with cyber," he said. "We should consider all instruments of national power. In most cases to date, non-cyber tools have been effective at changing our adversary's cyber behavior."
In a direct response to Russian election interference, President Barack Obama sanctioned Russian intelligence services and their top officials, kicked out 35 Russian officials and shuttered two Russian-owned compounds in the U.S.
Lawmakers have had mixed reactions to the move. Many support Obama's actions, but some maintain the response was not strong enough.
"When it comes to interfering with our election, we better be ready to throw rocks," said Sen. Lindsey Graham, a Republican from South Carolina. "I think what Obama did was throw a pebble; I'm ready to throw a rock."
Several lawmakers expressed concern about Trump's efforts to undermine the intelligence community.
"Let's talk about who benefits from a president-elect trashing the intelligence community," said Sen. Claire McCaskill, a Democrat from Missouri. "Who benefits from that -- the American people, them losing confidence in the intelligence community? … Who actually is the benefactor of someone who is about to become commander-in-chief trashing the intelligence community?"
Clapper said there is a "distinction here between healthy skepticism -- and which policy makers, to include policy maker number one -- should always have for intelligence, but I think there is difference between skepticism and disparagement."
Trump has dismissed the CIA's assessment on Russian hacking, saying it was the work of the same people who claimed Iraq had weapons of mass destruction.
Trump said the DNC is to blame for the hacking of its computers and emails. He tweeted Wednesday that the committee did not have a "hacking defense."
Graham said that it could easily be the Republican Party that gets hacked in the next election.
"It's not like we are so much better [at] cyber security than Democrats," Graham said.
"I want to let the president-elect know that it's OK to challenge the info; you are absolutely right to want to do so, but what I don't want you to do is undermine those who are serving in this arena. … When you listen to these people, you can be skeptical, but understand they are the best among us, and they are trying to protect us."
-- Matthew Cox can be reached at firstname.lastname@example.org.