(TNS) — A former U.S. Attorney who made a name for himself by going after cyber criminals from his office in Pittsburgh said it's time to stop debating who hacked the 2016 election — a swipe at President Donald J. Trump's hesitance to agree it was Russia — and start talking about prevention.
David Hickton, who stepped down from his post as U.S. Attorney for the Western District of Pennsylvania less than week after the November election, moderated a panel on Russian hacking in his new role as head of the University of Pittsburgh's Institute for Cyber Law, Policy, and Security.
“It does not help us for the commander in chief to question the attribution,” Hickton said, referring to U.S. intelligence agencies attributing the hacking to the Russian government. “We can do this, and we've proven it. ... What else could we do?”
The election was marked by Democratic National Committee emails that were hacked and leaked and accusations of meddling by high levels of the Russian government. Pitt Chancellor Patrick Gallagher opened the discussion by saying the hacking posed questions about the integrity of the political process and about what is true.
“Those questions are still with us today, and it's the catalyst of today's panel,” Gallagher said.
Thursday's discussion was the first event held by the institute. More than 400 people registered for the talk held in the Teplitz Memorial Moot Courtroom at Pitt's School of Law.
Hickton was joined by Andrei Soldatov, a Russian investigative journalist and security services expert; Ellen Nakashima, national security reporter for The Washington Post; Luke Dembosky, a former deputy assistant attorney general for national security and former Department of Justice representative at the U.S. Embassy in Moscow and now a cyber security attorney in Washington; and Keith Mularski, supervisory special agent with the FBI in Pittsburgh and a lead investigator of several cyber crimes.
Hickton, a former federal prosecutor who brought an indictment against five Chinese People's Liberation Army officials for commercial espionage attacks against U.S. Steel, Alcoa, Westinghouse and other businesses, said it is important to have consequences for hackers. The People's Liberation Army indictment caused a significant drop in commercial espionage attacks on the U.S., Mularski said.
A similar indictment against those who ordered the DNC hack and meddled in the election might not be possible, the panel said.
“An indictment on whoever hacked the DNC, who did this, I'd love it see it,” Nakashima said. “When are you going to do it?”
Soldatov said proving who performed or directed the attack could be impossible. The Russian government relies on informal actors, non-governmental officials, to carry out hacking attacks. It distances itself from the attacks and allows the attacks to happen outside the slow wheels of the Russian bureaucracy.
“That makes the situation extremely hard, and you cannot actually see the whole picture,” Soldatov said. “It's a problem of attribution.”
The panel seemed to agree the current sanctions on Russia imposed by President Barack Obama haven't stemmed cyber attacks by the country. Hickton, however, did not think the U.S. should throw out the sanctions.
“What are you going to do as the Fourth Estate if our president drops the sanctions,” Hickton asked Nakashima.
“We're going to report the hell out of it,” Nakashima replied.
The panelists stopped short of saying the United States is in a cyber war with Russia. Nakashima said the U.S. is in a constant state of cyber aggression with criminals. Dembosky said cyber attacks could pave the way to war through inroads into a country's infrastructure or financial system.
Mularski said war is not the right word; categorizing cyber attacks as war doesn't do either justice. Cyber attacks could be even more frightening, he said.
©2017 The Pittsburgh Tribune-Review (Greensburg, Pa.) Distributed by Tribune Content Agency, LLC.