This weekend we’re being treated to claims the CIA is convinced the Russian government used its hacking prowess to support Trump’s election this year, along with equally vehement claims that, in the absence of publicly provided evidence, we have every reason to be skeptical of US intelligence assertions.
Do I have any more access to the intelligence backstory than you do? No. But from what I do know, I suggest two starting points for making sense of this tangle.
1. To the extent they have evidence for their claims, US intelligence agencies are unable to reveal them. The specifics of this evidence would make it clear what methods were used to obtain it, which would make those methods worthless from that point on. Moreover, the techniques for acquiring defensive information on how US sites have been hacked are largely the same as those used for the US hacking of foreign sites. If the disclosures were only defensive in nature, a stronger case could be made that it is in the interest of the intel folks to come clean, but they are unlikely to disavail themselves of offensive weapons.
2. Security breaches of the type exemplified by possible Russian hacking of the RNC, DNC and other sites are likely commonplace; they certainly occur much more often than reported. (It is not in the interest of hacked entities to publicize this fact unless their hand is forced. They may not even know it has happened.) Before we bewail our victim status, however, we should note that the US government, and private and semi-private actors in the US, play this game like everyone else. In the end, if the allegations about Russia are true, what we have experienced in this country is a PSYOP action not so dissimilar in intent and effect from similar actions launched from here.
I’d like to see a debate over whether aggressive exploitation of foreign cyber vulnerabilities by US agencies comes at the expense of domestic cybersecurity and the security of the overall transnational system. The US has enjoyed first mover advantage in many areas of weaponized technology, but the long term consequence is, or will be, that these methods will eventually return to threaten us.