By Matt Bevan
The US President Donald Trump has accused a veteran national security reporter at The New York Times of treason.
His crime? Reporting the US had developed the capability to interfere with the Russian power grid.
For people following modern cyber warfare closely, the report wasn’t much of a surprise.
It was more of a confirmation of something we suspected the US was able to do.
The report came after years of public warnings from US agencies that Russia had inserted malware that could sabotage American power plants, oil and gas pipelines or water supplies.
The New York Times merely confirmed the Pentagon now had the ability to retaliate, if needed. So why was the President so furious with the revelation?
A distraction from Iran
One possibility is Mr Trump did not wish to aggravate Russian President Vladimir Putin, who he has seemed reluctant to push back against, even in the face of acts of Russian aggression such as the power grid interference.
Another is that he was horrified the prospect of cyber conflict with Russia could be raised in a week where he wanted to be talking about conventional conflict with Iran.
There’s a sense of deja vu to the Trump administration’s sabre rattling over Iran this week, following Iran’s alleged attack on two tankers in the Gulf of Oman.
Mr Trump’s decision to shift aircraft carriers and troops into the region feels eerily like the lead-up to the 2003 declaration of war on Iraq, something he has spent years criticising.
Aside from filling analysts with dread, the boots-on-the-ground approach reflects an administration preoccupied with old solutions, while apparently actively ignoring the new ones.
US previously used malware against Iran
A decade ago, the United States was taking a very different approach to containing the nuclear threat from Iran.
Cybersecurity experts say Israel and the United States, under the Obama administration, used a computer virus called “Stuxnet” to infect and sabotage parts of the Iranian nuclear program.
The virus infected a uranium enrichment facility and broke up to 1,000 centrifuges, crippling the plant’s ability to create nuclear fuel.
Stuxnet did not stop Iran’s nuclear enrichment program completely — it simply slowed it down.
The program was stopped in 2015 when the Obama administration, along with other powers, struck a deal to give sanctions relief to Iran if it shut down its centrifuges.
But there’s no reason to think that Stuxnet was the limit of the US’s ability to screw around with Iran. And since that attack a decade ago, the scope of what cyber weapons are able to achieve has expanded considerably.
A Cold War in the power grid
In the middle of the Ukrainian winter in 2015, 230,000 people in the country’s west suddenly lost power.
Their lights, televisions and, more importantly, heaters went off for six hours because substations belonging to three electricity distribution companies were hit by a cyber attack and shut down.
Experts say the culprit was the Russian Government, which had made the first successful cyber attack on a power grid.
The alleged attack in Ukraine was fairly small, but it sent a shudder through global governments.
Electricity is essential to modern life. A blackout doesn’t need to last all that long before people start to die. They freeze to death in their unheated homes. They can’t call an ambulance or fire truck because their phones don’t work. Their dialysis machines don’t work.
The problem is when it comes to cyberwar, offence is a lot easier than defence.
Attacking another country’s power infrastructure is a lot easier than stopping attacks on your own.
As David Sanger described in his 2018 book The Perfect Weapon, this has led to a situation where governments are rushing to infect each other to create a stalemate.
This is why the Pentagon in the US has been working to infect Russia’s power grid — to ward off any attacks on its own.
Pentagon feared Trump would stop it
Mr Trump’s storm of tweets in the wake of The New York Times report raised eyebrows.
In addition to denying the story was true, he claimed The New York Times hadn’t considered the consequences of publishing the story.
This is mystifying for a number of reasons.
First, the Trump administration’s National Security Council specifically told The Times it had no concerns about the publication of the report.
And second, surely the only “consequence” of the news was that Russia had now been warned of the potential repercussions of a cyber attack. Mr Trump’s own national security adviser John Bolton promised just last week that Russia would pay the price if it launched cyber attacks on the United States.
Mr Trump’s anger on this issue falls into a pattern, though.
Mr Trump has been careful throughout his presidency to avoid antagonising Mr Putin, and any actions taken against Russia since the 2016 election hack have been forced upon him by Congress.
The President has contradicted his own intelligence authorities on issues related to Russia several times and deferred to Mr Putin instead.
Which may be why, as The New York Times reports:
“Pentagon and intelligence officials described broad hesitation to go into detail with Mr Trump about operations against Russia for concern over his reaction — and the possibility that he might countermand it or discuss it with foreign officials”.
Mr Trump is being cut out of discussions about the serious threat Russia poses to US and western sovereignty, and instead he is focusing on potential conflict with a country that has already named its price for de-escalating the threat of nuclear war.
Iran has explicitly said that if the US honours the sanctions deal struck in 2015, it will stop enriching uranium.
Russia has not offered such a clear path to de-escalating the cyber threat.
Matt Bevan is the host of the ABC News podcast Russia, If You’re Listening and the newsreader on RN Breakfast.