recommended reading

Trump Acknowledges Russian Hacking, Points to Poor Defenses

President-elect Donald Trump speaks during a news conference in the lobby of Trump Tower in New York, Wednesday, Jan. 11, 2017.

President-elect Donald Trump speaks during a news conference in the lobby of Trump Tower in New York, Wednesday, Jan. 11, 2017. // Evan Vucci/AP

Russia hacked Democratic political organizations in a campaign to sow chaos during the 2016 election, President-elect Donald Trump acknowledged for the first time Wednesday.

But that’s not the real issue, Trump said during his first press conference since the election.

Echoing an emerging theme of the Trump transition, the president-elect insisted America’s broader cyber vulnerabilities should be the real focus, rather than Russia’s information campaign, which U.S. intelligence leaders say was partly directed at aiding Trump’s election.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

“We have no defense,” Trump told reporters. “We’re run by people that don’t know what they’re doing.”

Trump did not directly respond to a question about whether he believes Russian President Vladimir Putin ordered the breaches or if he would reverse or curtail a series of actions President Barack Obama took last month to punish Russia for its information operations.

He called the Russian hacking operation “bad,” but added people should also consider the damaging information exposed by the leak, including internal conflicts within Hillary Clinton's campaign. He also criticized the Democratic National Committee for having poor “hacking defense.”

“As far as hacking, I think it was Russia, but I think we also get hacked by other countries,” Trump said.

He later suggested other actors might have compromised DNC networks also. That allegation has not been backed up by intelligence agencies or by private-sector cybersecurity firms that examined DNC servers, though it would not be unusual for other nations’ spy agencies to attempt to breach a political organization’s networks.

“We’re hacked by everybody,” Trump said, referencing a report from a little-known cybersecurity firm that listed government last among 17 industries in the maturity of its cyber defense.

Trump reiterated a pledge to launch a 90-day cybersecurity review to raise U.S. digital defenses, which he said will be spearheaded, in part, by the intelligence community. The president-elect earlier suggested the review would be led by the Defense Department, raising concerns about military interference in a realm traditionally managed by civilian agencies.

Currently, the Homeland Security Department is responsible for the cybersecurity of civilian government agencies and for aiding the private sector in securing critical infrastructure, including, as of last week, election systems.

“We have some of the greatest computer minds anywhere in the world that we’ve assembled,” Trump said. “We’re going to put those minds together and we’re going to form a defense.”

Trump’s statements echoed those made by his Secretary of State nominee Rex Tillerson earlier in the day.

Asked if he would advise Trump to reverse or roll back Obama’s executive orders punishing Russia, Tillerson replied that “what’s really required is a comprehensive assessment of our cyber threats or cybersecurity policies…We do not have a cybersecurity policy. We do not have a comprehensive strategy around a threat.”

Tillerson acknowledged the intelligence community’s conclusion that Russia was responsible for the breaches and said he believes such an operation could only have been directed by Russian President Vladimir Putin. He declined to fully endorse the intelligence conclusions, however, because he has not had a classified briefing on the topic.

Attorney General Nominee Jeff Sessions similarly hedged during the first day of his confirmation hearings Tuesday while Homeland Security nominee Gen. John Kelly said he has “high confidence” in the conclusion.

Trump also attacked intelligence officials during his press conference for allegedly leaking a report containing unverified and salacious charges against him. That report was published by Buzzfeed news Tuesday evening.

“I think it’s disgraceful that intelligence agencies allowed any information that turned out to be so false and fake [to be released],” he said, adding “that’s something that Nazi Germany would have done and did do.”

The disputed report was not produced by U.S. intelligence agencies and there’s no evidence intelligence officials were responsible for leaking it.

The incident could further damage an already icy relationship between Trump and the intelligence agencies he will soon lead.

The president-elect criticized Democrats and the Obama administration for responding more forcefully to the DNC hacks than to other breaches, especially the 2015 China-linked breach at the Office of Personnel Management, which compromised sensitive security clearance information about more than 20 million current and former federal employees and their families.

“They didn’t make a big deal out of that,” he said.

In fact, the government created a new security clearance agency in the wake of the OPM breach that is secured by the Defense Department rather than by civilian information security workers. However, the U.S. government did not publicly attribute nor retaliate against China following the breach.

Outgoing Director of National Intelligence James Clapper has explained that disparity by describing the OPM breach as the sort of traditional espionage operation that U.S. spy agencies also engage in. Russian breaches at the DNC and the Clinton campaign fall outside that category because they leaked the information to WikiLeaks and elsewhere in an effort to undermine Clinton’s campaign and boost Trump.

“People who live in glasses houses,” Clapper told members of the Senate Armed Services Committee last week, should not get too worked up about traditional espionage.

Threatwatch Alert

Stolen credentials

Hackers Target Phones to Get Access to Cryptocurrencies

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov