As he accepted the Republican nomination for president in summer 2016, Donald Trump promised, “We will make America safe again.”
“The most basic duty of government is to defend the lives of its citizens,” he said. “Any government that fails to do so is a government unworthy to lead.”
This promise is worth revisiting as the nation tries to understand a massive hack, blamed on Russia, that affected many departments of the federal government and thousands of businesses. Yesterday, the Cybersecurity and Infrastructure Security Agency labeled the incident a “grave threat.” Although the scale of the intrusion is still difficult to grasp, President Trump’s approach to Russia has clearly failed to keep America safe.
Much about the hack is unknown. First, officials seem not to fully understand what was breached and what hackers acquired. Second, they are not forthcoming about what they do know, offering bland statements that suggest serious concerns but don’t outline them. Third, members of Congress have offered doomsaying interpretations but can’t divulge classified information. They might be exaggerating for partisan effect, or it could be a reprise of the early days of the coronavirus pandemic, when members frantically tried to warn the public but the administration paid no mind.
Regardless of the details, it’s hard not to see this hack as a fruit of Trump’s refusal to push back on Russian cyberaggression. The best defense against hacks is deterrence, but rather than deter the Kremlin, the president has repeatedly refused to even acknowledge previous Russian actions—basically giving Vladimir Putin an invitation to continue and amplify attacks, secure in the knowledge that whatever sanctions lower-level officials impose, Trump is uninterested in retaliating. The president has remained publicly silent about the new hack even now.
The problem is not that Trump is an active Russian agent. (There is no evidence that he is, despite some hysterical claims.) Nor is it that members of his campaign colluded with Russia in 2016 (though they did). Instead, as I wrote in April 2019, Trump refuses to protect the country from Russian hacking, “because it’s politically inconvenient and personally irritating to him.” The president is so furious over the implication that Russian assistance helped him triumph in 2016 that he has been unable to bring himself to acknowledge not only what happened then but anything that has happened since with regards to Russia.
During the 2016 campaign, despite having been briefed on Russia’s role by United States intelligence officials, Trump continued to speculate that the person who hacked the Democratic National Committee “could be somebody sitting on their bed that weighs 400 pounds.” In July 2017, in Poland, he momentarily seemed to acknowledge Russia’s role—“I think it was Russia”—and then promptly muddied the waters: “and I think it could have been other people in other countries. It could have been a lot of people.” At his disastrous summit with Putin in July 2018, Trump announced that he trusted the Russian president’s denials more than he did his own government. “They said, ‘I think it is Russia,’” he said. “I have President Putin. He just said it is not Russia. I will say this: I do not see any reason why it would be.” Trump’s chief of staff reportedly warned against bringing up Russia around the president because it enraged him. Trump never condemned Russian interference in 2016, and his administration blocked some efforts at strengthening election-security defenses.
The irony is that, despite the protestations of some members of the Trump “resistance,” there’s little reason to believe Russia’s meddling was responsible for his victory. There were many factors in that win—Trump’s effective messaging, his willingness to froth up racism, the Hillary Clinton campaign’s strategic choices, FBI Director James Comey’s handling of an investigation into Clinton’s email—but the Russian actions appear to have been a small factor, if they were one at all.
The greater problem was the principle: Russia challenged American sovereignty and took from Trump’s reaction the clear message that they could get away with it. The Trump administration, over the past four years, has imposed a long list of sanctions on Russia for a wide variety of problematic actions—including its hacking attempts related to the 2016 and 2018 elections. But the impact of those actions was continually undercut by the president’s repeated public statements downplaying Russian culpability and signaling his conciliatory approach to Putin’s regime.
In 2020, rather than target election systems or social media—both of which had been hardened somewhat—Russia seems to have gone after other parts of the government, in what amounted to a clever bait and switch. In the first weeks after the election, the U.S. congratulated itself on keeping the election safe, only to learn that Russia had been wreaking havoc elsewhere.
Trump’s failure to protect America has not yet received the attention it deserves—perhaps because it is overshadowed by the coronavirus pandemic, another example of Trump failing to protect Americans. If experts are right about the gravity of this hack, however, the U.S. will be dealing with the consequences for years to come. Even if the damage proves moderate, the U.S. finds itself with badly deficient cyberdefenses that need to be repaired.
Either way, it’s clear that the federal government’s posture will soon change. Yesterday, President-elect Joe Biden promised to impose “substantial costs” on hackers. “Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation,” he said. That should be a dramatic test of a different approach to Russia.