Less than two months ago, President Obama approved a presidential policy directive spelling out how the federal government would respond to “significant cyber incidents.”
In the shadowy world of cyberconflict, this is often a difficult problem: how to identify the source of an attack and respond appropriately. Mr. Obama set benchmarks.
He defined a significant incident as one that is likely to result in “demonstrable harm” to the national security, economy or foreign relations of the United States, or “to the public confidence, civil liberties or public health and safety of the American people.”
In recent weeks, according to private security experts and government sources, hackers associated with Russia’s government have carried out high-profile intrusions intended to weaken that public confidence and disrupt the U.S. election campaign.
Mr. Obama should do something about it.
The most spectacular act was the hack of the Democratic National Committee on the eve of the party’s convention in July, in which 20,000 embarrassing internal emails were stolen and then made public through WikiLeaks.
The leaked emails showed that DNC staffers leaned against Bernie Sanders; party Chairwoman Debbie Wasserman Schultz was forced to quit, and the campaign of Hillary Clinton was damaged, probably as Russia intended.
This was followed by an upload last week of internal DNC data such as private phone numbers and email addresses.
And in an assault that seems aimed at besmirching Ms. Clinton and sowing discord, hackers obtained and released emails from former Secretary of State Colin Powell that maligned her and Republican nominee Donald Trump.
This adds up to a full-blown attempt by Russia to interfere with the U.S. election cycle and weaken public confidence. It probably won’t work — we don’t think Americans are so easily cowed.
But it calls for a forceful response.
The administration has been hesitating, in part because of fragile negotiations with Moscow over the war in Syria. The FBI probe is not complete, and some senior officials have said they want to wait for the results.
Mr. Obama ought to put his foot down, and soon.
The cyberattacks are of a piece with a larger attempt by Russian President Vladimir Putin to subvert Western democracies and the ideals of a liberal, rule-based international order.
Mr. Putin’s broader campaign has included incitement of war in Ukraine, seizure of Crimea, support for right-wing groups and candidates in Europe and using a tide of war refugees from Syria to create instability.
In responding, Mr. Obama must take advantage of the strength of an open society and call out the perpetrators, telling the American people what is happening.
Mr. Obama does not need to release sensitive intelligence to effectively make the point.
Second, Mr. Obama should order the preparation of economic sanctions against Russian individuals under an executive order he signed that permits sanctions against people linked to malicious cyber-acts.
He must put Russia on notice that such disruptive “active measures,” as the KGB once called them, will not be tolerated.
If Mr. Putin thinks he can get away with generating fog and doubt, the best answer is to drag him and his dirty tricks into the sunshine.
This editorial first appeared in The Washington Post.