The CIA's new license to cyberattack
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
In 2018 President Trump granted the Central Intelligence Agency expansive legal authorities to carry out covert actions in cyberspace, providing the agency with powers it has sought since the George W. Bush administration, former U.S. officials directly familiar with the matter told Yahoo News.
Why it matters: The CIA has conducted disruptive covert cyber operations against Iran and Russia since the signing of this presidential finding, said former officials.
Driving the news: According to the Yahoo News story, of which I am the lead author, the 2018 covert action finding gives the CIA much more power to undertake such operations without needing prior approval from the National Security Council.
- Under the Obama administration, U.S. officials would discuss proposals for specific potential covert actions for months, or even years, before signing off on them, former officials said.
- Now they can go “from idea to approval in weeks,” a former U.S. official told Yahoo News. And many proposals can now circumvent the NSC entirely, said former U.S. officials. “Trump wanted to push decision-making to the lowest possible denominator,” said another former U.S. official — which means many of these decisions are now being made in-house within the CIA, said former officials.
Of note: These new powers are not related to the CIA’s ability to hack for the purpose of mere intelligence-gathering, said former officials.
- Instead, they are about creating real-world effects like degrading or destroying adversaries’ infrastrastructure or exposing rival intelligence services’ secrets, said these officials.
- The CIA’s new authorities have allowed it to more freely engage in “hack-and-dump” operations of the sort popularized by Russian intelligence via WikiLeaks, where pilfered data is leaked to journalists or released online via personas like Guccifer 2.0, the online front used by Russian operatives to publicize the 2016 hack of the DNC, said former U.S. officials.
- The CIA has already dumped Russia- and Iran-related tranches of data online, said former officials.
Other impacts of the 2018 finding:
1. Financial institutions. It loosens prior restrictions on disruptive or destructive targeting of financial institutions, former U.S. officials said.
- In prior administrations, wiping or dumping hacked banking data was considered an uncrossable line because of the potential effects of retaliation by foreign states on the U.S. banking system, said former officials.
- Treasury Department officials were always particularly vociferously opposed to such measures in the past, said former officials.
- “These were “things CIA always knew were an option, but were always a bridge too far," a former official told Yahoo News. “They had been bandied about at senior levels for a long time, but cooler heads had always prevailed."
2. "Cut-outs." The presidential authorization makes it much easier for the CIA to target “cut-outs” believed to be working surreptitiously for hostile foreign intelligence services at media organizations, charities, religious institutions, or other non-state entities for disruptive or destructive cyber actions, said former officials. In the past, the burden of proof for targeting such entities was high; now, standards have been made far more lax, said former officials.
3. The "big four." The finding explicitly enables the CIA to use these new powers against the “big four” U.S. adversaries — China, Russia, Iran, and North Korea. But even though the CIA already had more legal maneuverability on covert operations against Iran than other U.S. foes, the Trump administration was particularly focused on escalating its activities against Tehran, said former officials.
- These new CIA authorities, as well as a capacious interpretation of prior ones, have contributed to the administration’s “maximum pressure” campaign against Iran, say former officials, with the CIA conducting disruptive cyberattacks against Iranian infrastructure throughout Trump's term.
- This maximum pressure campaign has been tantamount to a “regime destabilization” strategy for some senior Trump-era national security officials, aiming to weaken the Iranian government in order to force it to retreat to its own borders — and even hopefully collapse entirely, say former officials.
- While President Trump “would genuinely want Iranians to come to the table and say, ‘Mercy, we give up, what is it going to take for sanctions to lift and to get maximum pressure off the table, we’ll agree to the whole process to dismantle our nuclear program,’ ” others within the administration have been far less sanguine, a former senior official told me — and have pursued a sort of “soft” or implicit attempt at regime change in Tehran.
The big picture: Some officials emphasize that Trump-era shifts in U.S. offensive cyber operations are part of a natural evolution in U.S. policies in this arena, and that many changes would have been granted under a new Democratic administration as well.
- “It’s not like some cabal of folks who had been sort of outside the national security establishment that were then brought in and hijacked” this process, a second former senior official told me.
