The timing of the intrusions is also out of step with the hypothesis on motivation. Trump did not declare his candidacy until June 2015. Few observers took him seriously until well into 2016, and nearly every poll and forecasting model gave him little chance to win as late as the eve of the election. To suggest that the Russian government launched the DNC intrusions with the specific intent to support Trump is to accord the Russians a political prescience that no one in the United States shared. Indeed, Russian press reporting suggests that Trump’s victory took the Russian leadership by surprise. At a minimum, the timing suggests that the intruders did not start out with the intent to support Trump, even if they ultimately pursued that objective.
Finally, the intrusions include a degree of sloppiness that is uncharacteristic of Russian cyber operations. For years, cyber experts have regarded the Chinese as brash and careless in their hacks, typically leaving behind so many forensic clues that they appeared indifferent to the likelihood that investigators might piece them together. Russian operations have been far stealthier. According to published reports, investigators did not detect Russia’s famous Moonlight Maze intrusion for two years after the initial breach in 1996, and it took nearly a year after detection to trace it to Russia.
By contrast, the batch of DNC emails released to the media included one document that was modified using Cyrillic language settings by a user named Feliks Edmundovich – an apparent reference to Feliks Edmundovich Derzhinskiy, the founding father of the Soviet intelligence service. Why would Moscow, known for its razor-sharp tradecraft, leave such seemingly incriminating clues behind? Investigators have attributed the uncharacteristic operational sloppiness to a newfound Russian brazenness. But it might equally suggest that the intrusion was a false flag operation or that Moscow was sending a message that it could interfere in US politics as easily as the US could in Russia’s, perhaps with the intent of negotiating an informal code of conduct with Washington.
Lesson Three: Take a Walk in the Other Guy’s Shoes. One of the reasons that analysts misunderstood Iraq’s behavior in obscuring its destruction of WMD stockpiles was their difficulty seeing the situation through the eyes of the Iraqi leader. To US observers, it was obvious that our threats to attack Iraq were real, and that the only way Saddam Hussein could avoid war was to provide full transparency for UN inspections. Failure to do so could only be regarded as a sign that Iraq was cheating on its WMD obligations.
But from Saddam’s vantage point, there were two even more immediate threats looming: Iran, with whom he had fought a bloody eight-year war in which Iraq had barely avoided defeat, largely due to its use of chemical weapons; and his own elites, whose temptations to unseat him were tempered by Saddam’s reputation for ruthlessness at home and his fierce defiance of enemies abroad. Revealing to Iran and to domestic rivals that he had caved in to pressure to destroy Iraq’s WMD might put Saddam in a precarious situation. Under the circumstances, a policy of equivocation – trying to provide the US with enough WMD inspection compliance to stave off an attack, while leaving enough uncertainty to keep Iran and would-be successors at bay – made sense. The challenge for analysts was to step outside their familiar cultural perspectives and see things from an Iraqi vantage point.
Applying this lesson to the current situation, analysts must envision how the circumstances of the DNC operations might look to key Russian players, assuming Russians were indeed responsible. Would low-level Russian cyber operators have targeted the DNC without specific Kremlin authorization? To answer this question in the absence of direct evidence, one must necessarily engage in some informed speculation. But it is not hard to imagine that Russia’s intelligence services have standing lists of subjects that are priorities for collection: the plans and intentions of various governments, the technical specifications of foreign military systems, the political successions in key countries, and so on. They might be given fairly wide latitude to collect information relevant to these topics, and rewards would flow to those who gather particularly valuable data. It is not improbable that the DNC intrusions had such mundane bureaucratic origins.
But how would things look after the cyber intrusions had uncovered a treasure trove of information about the Clinton campaign? Surely the Russian leadership would recognize that deploying that data publicly would cross a dangerous line separating common espionage from active and illegitimate interference in electoral politics? Here, it is important to consider the possibility that Putin and other Russian leaders believe the US has itself habitually crossed that line, both in Russian elections and in numerous neighboring states. The Russians have repeatedly complained about such activities, at both the presidential and working levels. The publication in 2014 of a telephone conversation between US Assistant Secretary of State Victoria Nuland and US Ambassador to Ukraine Geoffrey Pyatt in which they revealed deep US involvement in Ukrainian politics – a leak that almost certainly came from Russia – could be read as a sign that Moscow was frustrated that its repeated diplomatic protests had failed to quell what it regarded as illegitimate US practices. The temptation to give the US a dose of its own medicine might have been great under such circumstances, even though few Russians believed Trump had any real chance of victory, and might have been rationalized as a way to press Washington to reconsider its involvement in the domestic affairs of Russia and its neighbors.
Lesson Four: High Stakes Require Great Caution. Attempting to understand – not justify – the perspectives of the Russians is particularly important in light of press reports that the US is considering possible retaliatory steps against Moscow. Just as the flawed National Intelligence Estimate on Iraq WMD figured prominently in the arguments for going to war, analytic judgments about Russia’s involvement and intent in the election intrusions are likely to be important variables in future US policy decisions about dealing with Russia.
As Robert Jervis points out in his classic work, Perception and Misperception in International Politics, differing perceptions of an adversary’s intentions are often at the heart of policy disputes. Some adversaries fall into the category of “vulgar minded bullies,” or what he calls the “deterrence model.” In these cases, the “submission to an outrage only encourages the commission of another one and a greater one.” Their aggression must be resisted, often by force, or they will increase their aggressiveness. Nazi Germany is the textbook example.
Other states fit what he terms the “spiral model.” Their apparent aggression is motivated by fear and insecurity rather than ambition and aggrandizement. Deterrence and coercion, so appropriate when dealing with bullying states, become counter-productive in spiral model situations, because they exacerbate the insecurities at the root of the adversary’s aggression and trigger a dangerous escalatory spiral of hostility.
So in the case of Russia’s role in the US elections, are we dealing with a deterrence model or a spiral model? The answer is not immediately obvious. Yet answering this question correctly has important implications for the policies we adopt toward Moscow.
The stakes are high. The intrusions highlight the importance of addressing broader questions of how we protect the integrity of our political system and deal with other cyber actors who might have an interest in intrusions. Retaliation could preclude working with Moscow against ISIL and other terrorist groups, encourage further cooperation between Russia and China against US interests, and even escalate into kinetic warfare. Failure to draw a tough enough line, on the other hand, might invite even more damaging Russian interference in US affairs. Crafting an effective policy depends to a great degree on a rigorous and objective analytic approach to understanding exactly what occurred and why.
George Beebe is the President of BehaviorMatrix LLC, a text analytics company. He formerly served as chief of Russia analysis at the CIA, and as special advisor to Vice President Cheney on Russia and the Former Soviet Union.
Image: Vladimir Putin at his April 2016 “Direct Line” appearance. Kremlin.ru
 National Intelligence Estimate, “Iraq’s Continuing Programs for Weapons of Mass Destruction,” October 2002, accessed at http://nsaarchive.gwu.edu/NSAEBB/NSAEBB129/nie.pdf
 “US Secretary of State Colin Powell’s Speech to the United Nations Security Council,” published in The Guardian, 5 February 2003, https://www.theguardian.com/world/2003/feb/05/iraq.usa
 “C.I.A. Judgment on Russia Built on Swell of Evidence,” Mark Mazetti and Eric Lichtblau, The New York Times, December 11 2016, http://www.nytimes.com/2016/12/11/us/politics/cia-judgment-intelligence-russia-hacking-evidence.html
 "Advance Questions for Lieutenant General Keith Alexander USA, Nominee for Commander, United States Cyber Command," published by Senate Armed Services Committee, accessed at: http://armed-services.senate.gov/statemnt/2010/04%20April/Alexander%2004- 15-10.pdf
 Shaun Waterman, “Chinese Cyberspy Network Pervasive,” Washington Times, 30 March 2009.
 “Bears in the Midst: Intrusion into the Democratic National Committee,” https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/, June 15, 2016
 “What we know about Russia’s role in the DNC email leak,” Lauren Carroll, Politifact, 31 July 2016, http://www.politifact.com/truth-o-meter/article/2016/jul/31/what-we-know-about-russias-role-dnc-email-leak/
 “Report to the President of the United States,” The Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction, March 31, 2005, p. 175.