How Do You Solve a Problem Like the Kremlin?

Confirming what was already suspected, U.S. intelligence community announced that the Russians were indeed responsible for hacks on the DNC and other politicians.

Thus far, Washington hasn’t retaliated in any way, other than sternly accusing the Kremlin of attacks. Putin & Co. have denied any involvement in interfering with the U.S. political process, as talks with them about both a Syrian ceasefire and nuclear-security pact have stalled.

“We will respond in a time and place and manner of our choosing,” U.S. National Security adviser Lisa Monaco said. “And when we do so, we will consider a full range of tools, economic, diplomatic, criminal law enforcement, military…some of those responses may be public, some of them may not be.”

How and when we respond is tricky. The New York Times reports that Obama’s options include imposing sanctions on or indicting Russia, not to mention the extreme decision “to attack and disable Russian computer servers or expose the financial dealings of President Vladimir V. Putin and his oligarch friends.” With the presidential election on the horizon, there is much at stake. A Kremlin ally, for instance, told Reuters that electing Hillary Clinton would escalate nuclear tensions.

At the heart of this cybersecurity discussion, is also the important distinction between cyber espionage and cyberattacks—or Russia’s motivations behind these hacks. Cyber espionage involves theft of information (such as gaining insight into the inner workings of a campaign) by using hackers and malware. If the latter is weaponized, then it becomes a cyberattack. An act of warfare, a cyberattack aims to shut down command/control centers and disrupt economies by using malware instead of bombs. Both require a response plan that’s twofold: providing tighter security and counter espionage.

Attacks may have grown more sophisticated, but security has evolved, too. A defensive tactic can now double as proactive strategy. By protecting networks with a behavior-analytics platform—which baselines user and entity behavior, while prioritizing risks—the government would be using technology that’s more intelligent (because it’s powered with machine learning) and therefore detects attacks early.

Just as importantly, advanced behavioral analytics can give risk-management teams insight into the who-what-where-and-when of intended breaches. Thus, counter espionage teams can lead the attack toward disinformation and harmless, controlled areas of the network, while studying the attack and learning to better defend any given enterprise.

This knowledge is power—and threat visibility is where that profound change will truly begin.