It’s time to make Russia pay for its cyberattacks

Microsoft’s announcement that a hacking group previously linked to the Russian government was behind a recent cyber intrusion that exploited a newly discovered Windows security flaw adds yet another layer of intrigue to Moscow’s meddling.

The software maker said in an advisory on its website there had been a small number of attacks using “spear phishing” emails from a hacking group known widely known as “Fancy Bear.”

{mosads}Microsoft’s disclosure comes against the backdrop of a string of cyberattacks, including an unprecedented hacking campaign aimed at the Democratic National Committee and threats of a cyber disruption of the upcoming U.S. election.

But America is not alone in facing cyberattacks from an unfriendly Russia.

Recently, the United Kingdom has joined the family of nations under siege by cyber intruders. Chancellor of the Exchequer Philip Hammond has said that his country must be able to retaliate in kind against cyberattacks and that hostile foreign actors were developing strategies to undermine the British electrical grids and air traffic control systems.

So the question is: What is the best way for democracies to respond to authoritarian regimes like Russia when they hack? Cyber intervention — proactively or reactively — is not an easy path for democratic nations.

Striking back sounds good, but there are risks and obstacles to its success.

For one, democracies enjoy open societies. We have a passion for freedoms like freedom of expression. We don’t believe in censorship.

Hacking another nation, at least openly, would violate our own value system and call into question our ability to persuade other nations to uphold basic freedoms of expression.

A second obstacle to hacking back Russia is that cyber warfare is often done quietly, below radar, out of public view.

Even if you succeed, there is little public credit and hence you lost the opportunity to demonstrate strength in the face of danger.

And if there is public disclosure of the hack, criticism will follow. Remember what happened when it was disclosed that America was listening to phone calls of European allies!

The best solution to the Russian hacking is to punish Russia in an open, transparent and painful way: sanctions. Tough sanctions.

Russia needs to be isolated and restricted from doing business with American and Western companies. With the latest British cyber invasion, we might get some European help.

We are living in a global hackathon, one that has negative and potentially dangerous consequences for businesses and government, not to mention the fear about our critical infrastructure.

It is time to make Russia pay, or not let them pay or play in the international arena.

Sonenshine is a former undersecretary of State for public diplomacy and public affairs and a frequent contributor to The Hill. She is based at George Washington University.

The views expressed by contributors are their own and not the views of The Hill.