Lately, one of the easiest to find memes is that Obama did too little to prevent Russian hacking. The second easiest line to hear is that he'd did nothing. Somehow, he didn't do enough to prevent the hacking when it wasn't even clear how the hacking would be used against the election or what resources would be attacked. Furthermore, Obama is accused of not having done enough when neither the NSA or CIA had recognized that they had been hacked themselves, and for months it wasn't even clear to the FBI exactly what they were dealing with. Then again in fairness, the FBI and congress were far more preoccupied by the so-called email sandal. But while the Monday morning quarterbacking, feckless blame fixing, and gutless second-guessing continues endlessly about last year's, it's is apparently easy to overlook or simply ignore salient issues or factors that are germane to the discussion. That's doubly true when the primary beneficiary of the hacking refuses to admit that it even occurred. So let's do something just for the sake of discussion since it is presumed that the administration did little or nothing:
- let's set aside that with the threat of Russian hacking looming over the election, Obama sent Homeland security personnel to every state in the country to provide technical support to the states - which the states summarily rejected,
- let's set aside that although the Clinton Campaign and the DNC (and RNC) had been hacked, those organizations declined to provide access to their data with the concurrent FBI email investigation still under way,
- let's set aside that the FBI Russian hacking investigation began in earnest in July 2016,
- let's set aside that although the congressional leaders jibes abridged in September 2016, and that Obama wanted to put out a joint statement in order to not politicize it, McConnell McConnell refused to put out a statement and threatened to politicize not if the administration made public warnings,
- let's set aside that Obama called Putin directly on hacking issue,
- let's set aside after the election Obama ordered a review and assessment of the hacking on the election, and
- let's set aside that the diplomats were ejected, compounds seized and sanctions were imposed.
Let's look instead at just a little bit of history.
In 2011, Obama proposed legislation to improve cybersecurity because it was an urgent threat. The legislative outline identified and called for planning and funding to protect critical infrastructure, networks and systems, and individual privacy.
In 2012 that legislation was blocked in congress.
In 3013 and 2014, Obama reiterated the need for improved national cybersecurity in the wake of the Sony, which North Korea was behind, and other significant breaches thus increasing the priority of the issue. At the time it was stated that:
“The Sony hack showed how we work through a sliding scale. It moved from a criminal act to a terrorist threat attributed to a nation-state, and now the Department of Defense and the president have a role.”
Unfortunately while it may have been an increased priority in the administration, it was not a priority in congress or even with many corporations that were the most at risk. Those calls gor nimproivef security went largely ignored.
In 2015, Obama proposed legislation again to address the growing threats of cybersecurity, and discussed it during the State of The Union address. In February 2015, Obama held a public-private summit to develop strategies for addressing cybersecurity. In conjunction, he requested an increase in funding particularly for defense and homeland security. Congress passed a budget, but it had cut the cybersecurity request made by Obama.
In 2016, Obama submitted his 2017 budget request that included a $19 billion dollar request for cybersecurity. He also introduced the Cybersecurity National Action Plan. In conjunction with his proposal, he introduced the Cybersecurity National Action Plan, he signed the Executive Order enacting the Commission on Enhancing National Cybersecurity. That announcement and discussion got largely overlooked in February 2016 the fight over the Justice Scalia death and Merrick Garland nomination throughout the rest of the year. In December 2016, the Commission completed its work and issued a detailed and specific report of recommendations. It lays mostly dormant as congress hasn't seen fit to take up a serious budget process, more has cybersecurity become a priority for Trump.
In light of the history of fiscal politics, it's kind of hard to state with any veracity that the administration did nothing regarding cybersecurity. It's probably more accurate to state that while the administration was interested in governing, Congress was interested in politics and budget cutting. Congressman Ted Lieu offered an amendment for $3 billion to modernize some government systems (the OPM system had been breached affecting millions of people and was one of the things in need of upgrading.) That request was considered throwing money at a problem. And while the Republicans were pinching pennies and obstructing, Democrats provided little assistance because of privacy and other concerns. Still, other critics insisted that the spending on cybersecurity wasn't enough.
So was the Russia hacking prevented? Hell no. Was it preventable? Considering the state of our politics as well as apathy and recalcitrance from public and private institutions for the past right years, probably not. Did the administration move too slowly or indecisively? Probably so. Did they make mistakes? More than likely. But is it rational or reasonable to claim that Obama did nothing? Not only is that false, doesn't begin to examine the root causes of the issue.
The administration was alone in the woods calling out the dangers of cyberwarfare long before the rest of the government and much of private industry bothered to take notice. Now that the damage is done the naysayers are complaining that the administration should have screamed louder.
Forgetting is apparently easier than taking responsibility.