Press Call on the Administration Response to Russian Malicious Cyber Activity and Harassment
Via Conference Call
2:42 P.M EST
MR. STROH: Thank you very much and, everyone, thanks for joining our call this afternoon. This will be a background press conference call on the administration response to Russian malicious cyber activity and harassment. I will introduce the senior administration officials that we have here on the call, but as a reminder, they'll be referred to on background as senior administration officials. And secondly, we'll embargo the content of this call until the call concludes, so please no tweeting or filing while the call is ongoing.
SENIOR ADMINISTRATION OFFICIAL: Thanks, everybody. I'll just make some brief comments and then turn it over to my other colleagues.
So today's actions were all approved by President Obama as a package of steps that is in response to very disturbing Russian threats to U.S. national security. And we're responding here to a pattern of Russian behavior that has been evident over some time.
First of all, as you are all aware, in October, we took the very unique step of publicly attributing efforts to interfere in the U.S. election to Russia. And as you know, we've continued to refine and develop our assessment of those Russian efforts and, as President Obama has directed, there will be a report issued summarizing what we know with respect to those efforts. And we can talk about that later in the Q&A.
In addition, as my State colleague can speak to, we've seen other Russian actions that aim to directly interfere with the conduct of U.S. foreign policy, particularly a pattern of harassment of our diplomats inside of Russia. So the range of actions announced today are in response to those Russian provocations and actions. They include a set of sanctions that my colleague from Treasury can speak to, include some important efforts that we're taking with respect to cybersecurity and attribution, and include some actions against some of the Russian personnel and facilities here in the United States. And, again, each of my colleagues will speak to the unique actions taken.
I would just add this is not the sum total of everything that we are doing in response to Russia's actions, including its malicious cyber activities and its interference in our election. As President Obama and others have said, some of those actions will be public and some of them will not. And today, we are announcing a series of the public measures that we're taking, but that should not be mistaken for the sum total of our response.
I'd also note that this should come as no surprise to the Russian government, given that we have warned publicly and privately, including directly from President Obama to President Putin, that there would be a response for these Russian actions. So, again, we've been very clear about our intent here.
The only other thing I'd say by way of an introduction is that this really serves two purposes. One, there has to be a cost and a consequence for what Russia has done. It is an extraordinary step for them to interfere in the democratic process here in the United States of America, and there needs to be a price for that. They need to be held accountable for that. And we believe that this should be of concern to all Americans, as the President said in his statement and to members of Congress from both parties, because this was an attack on our democratic system, and we're responding in kind.
Secondly, we also believe that these steps are important because Russia is not going to stop. We have every indication that they will continue to interfere in democratic elections in other countries, including some of our European allies. There's no reason to believe that they will not try to interfere in future American elections, be they state and local elections, midterm elections, or future presidential elections. And so we also need to publicize what we know about who is responsible, demonstrate that there's a cost, try to reveal what we know about how Russia operates in this space. And, again, more of that information will be in the report that the President has directed be prepared, but some of that is embedded in the response that we're taking today.
With that, I'll turn it over to my colleague to talk through the sanctions in particular.
SENIOR ADMINISTRATION OFFICIAL: Thank you. The number of significant actions that the President took and that Treasury has taken today -- first, I wanted to note that the President has amended the Cyber Executive Order, and that's an executive order that he issued originally in April of last year, which was meant to target malicious cyber activity by state or non-state actors anywhere in the world who were tampering with the infrastructure, who were disrupting the ability of networks of computers -- for example, through DDoS attacks -- or who were misappropriating funds -- basically cyber -- or cyber theft of intellectual property for commercial gain.
The single prong that the President has added today makes clear that we will -- future administrations will have the authority to go after those who are tampering with or misappropriating through cyber means with the purpose or effect of interfering with election processes. And that's basically the progress the President is -- on with the actions today.
Under this new authority, the President has sanctioned nine entities and individuals. First and foremost, two Russian intelligence services -- the GRU and the FSB -- four individual officers of the GRU who are the senior-most ranking leaders of the GRU, as well as three companies -- Russian companies that have provided material support to the GRU's cyber operation. Those companies are the Special Technology Center St. Petersburg, Zorsecurity, and the Autonomous Noncommercial Organization, which is often known by its acronym, ANO PO KSI -- all of which have provided cyber services and training to the GRU.
In addition to the actions taken by the President under the -- executive order, Treasury is targeting two Russian individuals, Evgeniy Bogachev and Aleksey Belan, under the preexisting cyber EO. In both cases, they're notorious cyber criminals who have been responsible for major (inaudible) and havoc in the international financial system, including against American companies.
Bogachev and the cyber criminals associated have been responsible for the theft of over $100 million -- U.S. financial institutions, as well as Fortune 500 (audio drop) universities and government agencies. And Belan has been responsible for compromising at least three major e-commerce companies and misappropriating the data, including private identifying data, from those companies.
As all of these actions make clear, we will not tolerate the abuse of our systems, including our election systems, by foreign actors. And these authorities are standing authorities that can be drawn upon in the future, as well.
I'll now turn it over to my colleague.
SENIOR ADMINISTRATION OFFICIAL: Thank you. I wanted to talk with you all about the Joint Analysis Report that we issued today along with the FBI. As you know, on October 7th of this year, DHS and the DNI issued a joint statement that attributed the compromise of emails from U.S. persons and institutions, including a U.S. political organization, and the subsequent disclosure of those emails to the Russian government.
So today, with this Joint Analysis Report, we are expanding on that statement and providing details on the tools and the infrastructure used by the Russian military and civilian intelligence services to compromise and exploit networks and endpoints associated with the recent election, and -- to include state-owned voter registration databases, as well as a range U.S. government political and private sector entities.
And a key objective in the release of this information today, of course, is to -- particularly the technical124 information is to better help network defenders in the United States and abroad to identify, detect and disrupt Russia's global campaign of malicious cyber activities.
The establishment of the attributions back to the Russian intelligence service is based on a U.S. government assessment that incorporates the technical information that's included in this JAR, the Joint Analysis Report, as well as the intelligence information and collection. Russia's civilian and military intelligence services have been engaged in aggressive and sophisticated cyber-enabled operations targeting the U.S. government and its citizens for a number of years. We are referring to this set of malicious cyber activity as GRIZZLY STEPPE -- and that's S-T-E-P-P-E -- and that becomes relevant for things like finding this JAR on the -- on our website. You can find it at US-CERT -- that's C-E-R-T -- .gov/grizzlysteppe. So again, that's G-R-I-Z-Z-L-Y-S-T-E-P-P-E, all one word.
These operations that we're describing in the JAR included spear-phishing campaigns, which have targeted government organizations, political infrastructure entities, think tanks, universities, political organizations, and corporations. Theft of information from these organizations and, specifically, recently, the public release of that information in operation of targeting other countries, including U.S. allies and partners -- Russian intelligence services have undertaken damaging or disruptive cyberattacks, including on critical infrastructure, in some cases, masquerading as a third parties or hiding behind false online personas which are designed to cause the victim to misattribute the source of the attack.
The JAR itself provides technical indicators that are related to many of these operations. Importantly, it lays out in an extended section of the JAR recommended mitigations, and, equally important, information on how to report incidents or detection of malicious indicators or activities to the U.S. government.
The JAR does recognize that some really excellent work has been done already by security companies and the private sector networks' owners or operators themselves. And some of this information is -- they have provided previously. But we are also providing new indicators of compromised malicious infrastructure identified during our own course of investigations and incident response, along with the Bureau. Again, we're focused on providing network defenders with the tools they need to identify and detect and disrupt Russian malicious activity targeting our country's networks.
So again, in the JAR itself, we have provided some descriptions of approaches that Russian intelligence services used, as well as some of the technical indicators, including Internet protocol addresses, the set of numbers that basically serves as an address for each computer in their use to transmit data to and between computers. These IT addresses are -- reflect infrastructure that the Russian intelligence services are using, and oftentimes it's other people's networks without the owner's knowledge. And they do that, obviously, to hide their malicious activity, but that means that these addresses also host, oftentimes, legitimate websites and other Internet services. And so we are providing this information for network defenders, network administrators to be able to use to try to detect and put on their watch list so that they can be alert to potential malicious activity.
We've also released -- it's not included in the JAR, but separately we've released two malware samples that Russian intelligence services use to broadly conduct their malicious activities, and we've given those to antivirus vendors so that they can be used to help, again, both private sector and government folks defend their networks.
We've provided a subseries of questions that companies need to be asking themselves, as well as a list of steps that they can take, some basic cyber hygiene practices that are really important and can actually stop 85 percent of the malicious activity that we see. We're going to continue our NCCIC, our National Cybersecurity Communications Integration Center, to look at the research and analysis, and we will continue to issue subsequent updates to the JAR if and when additional information becomes available.
And so we really urge that folks out there continue to check the US-CERT website and, again, both implement these recommended mitigations, but also provide information to the government to help fill in the bigger picture. What we're asking the companies to do is to take this technical information, go back through their logs and see if they see indications of this malicious activity in the past. Because knowledge of these historical incidents -- even if the bad actors are no longer active in your system -- it's important for the government to know about it and understand it. It helps to fill in the bigger picture, provides greater insight into the scope and scale of Russian activity, and helps all the network defenders.
DHS has added these indicators to the automated information sharing that we have implemented this year, which provides them to companies that sign up at machine speed. And so we encourage companies to continue to sign up to receive those indicators.
SENIOR ADMINISTRATION OFFICIAL: Thanks, I'm here at State. You all saw the statement that we put out earlier today with the other interagency statements on the President's decisions. We implemented two of his decisions. We declared persona non grata 35 Russian officials operating in the U.S. who were acting in a manner inconsistent with their diplomatic and consular duties. And we also have denied Russian personnel access to two Russian-owned compounds in the United States. And this is part of the comprehensive response to their interference in our elections and a pattern of harassment. I have some details on the harassment, as well, but maybe I'll stop there. I've got details on the harassment for later in the conversation.
SENIOR ADMINISTRATION OFFICIAL: Great. Any of you guys want to say -- before we open to questions?
SENIOR ADMINISTRATION OFFICIAL: I would just add that the actions inconsistent with their responsibilities and duties that my colleague referred to were intelligence activities. And the two facilities which the Russians are now denied access to were used for intelligence collection activities, as well.
SENIOR ADMINISTRATION OFFICIAL: And I would just add that from our view, the purpose of the indicator release is really twofold. One is to put the weight of the U.S. government behind the attribution of a lot of this activity to the Russian government and their intelligence services so that network defenders should prioritize fixing those issues and identifying that, because that is sponsored by a government that is carrying out malicious aggressive activity against us. And two, to cause them some operational friction and inhibit their ability, at least for a little while, to carry out their activities and to cause them some problems.
Q Hi, thanks very much. Can you comment broadly on how difficult it would be or easy it might be for President-elect Trump to undo some of the things that you've been announcing today? And specifically how difficult or easy would it be for him to allow some of the officials back into the country who are being asked to leave?
SENIOR ADMINISTRATION OFFICIAL: I'll start and see if any of my colleagues want to weigh in.
First of all, we're taking these actions consistent with our assessment of what Russia has done. To be very clear here, they have been interfering in both the American democratic process and in the conduct of American diplomacy. And so this should be of concern to all Americans -- again, to members of both parties, members of Congress from both parties. This has been a sustained effort to both harass our diplomatic personnel and interfere in our democratic process. And as I said, we have no reason to believe that Russia's activities will cease.
They have been engaged in malicious cyber activity for some time now. They have interfered in democratic elections not just here in the United States, but other countries. So one reason why I think that it is necessary to sustain these actions is because there's every reason to believe that Russia will interfere in future U.S. elections and future elections around the world.
That said, to your question, these are executive actions. So if a future President decided that he wanted to allow in a large tranche of Russian intelligence agents, presumably a future President could invite that action. We think it would be inadvisable. As my colleague just said, these diplomatic compounds were being used for intelligence purposes. That is a direct challenge to U.S. national security, and I don't think it would make much sense to reopen Russian intelligence compounds.
Secondly, the officials who have been PNGed are Russian intelligence agents. So I don't think it would make much sense to invite back in Russian intelligence agents. The officials who were sanctioned were participating in malicious cyberattacks on U.S. critical infrastructure and interfering in our democratic process. So, again, hypothetically you could reverse those sanctions, but it wouldn't make a lot of sense.
I don't know if any of my colleagues have anything they want to add to that.
Q You've made reference at several points to attacks on critical infrastructure in the U.S., and I was wondering does that include the campaign against U.S. companies in 2014, U.S. energy companies? And does it also include other things that you could identify?
SENIOR ADMINISTRATION OFFICIAL: Certainly, so I think in broad terms we know that the Russian government has targeted critical infrastructure around the world, and it is part of their normal operating procedures. And if you look at the list of malware and other kinds of activity that are listed in the JAR as being tied to the Russian intelligence services, you would see some of those that are aimed at critical infrastructure, such as BlackEnergy and Havex. So that's the kind of activity that we're talking about.
Q Thank you for doing the call. First of all, I was wondering if you could talk about the chronology of the way you're doing this. Russia has been saying for weeks now if you guys really have evidence that we were behind this, prove it, show us what you have. And so why are you doing the announcement of these retaliatory actions before you're releasing this report that the President has promised that ostensibly would back up the accusations that you've made?
And then for State, you guys are saying that the actions to kick out the diplomats and shutter these compounds are related to harassment, which is kind of a separate issue, but you're rolling it out as part of this big package. So is it fair to say that the decision to move forward with those penalties now is part of your attempt to be tougher on Russia over the cyber actions? Thanks.
SENIOR ADMINISTRATION OFFICIAL: Well, let me just start on that. On your second question, I think for the -- we've been looking at the issue of how to respond to the harassment of our diplomats for some time, but the fact is it's hard for us to separate that from the context of a foreign power also interfering in our democratic election.
So it's fair to say that President Obama's direction was that we should look at these actions as interconnected, and that the same hostile posture and the same flagrant violation of basic norms of international behavior that guided their harassment of our diplomatic personnel are also seen in the interference in our election. So again, that's why we looked at this as a package. And, frankly, if you look at the actions taken with respect to the diplomatic personnel and facilities, they were also related to an intelligence purpose. So just as it was a Russian intelligence effort that was tied to the interference in our election, we see a nexus to Russian intelligence and the actions taken by the State Department today in addition to the response of the harassment of our diplomats. And my State colleague can speak to the harassment of diplomats.
On your first question, look, we don't -- we actually, as you know, publicly put out the assessment that Russia was interfering in our election in early October. So we have been public with that assessment for some time now. Frankly, if you look at who is designated and what entities are designated and what's in the JAR, you begin to get a sense of our assessment of how Russia approached those issues. And what we'll be doing in the report that the President asked for is look comprehensively at the information that we have and the analysis that flows from that information.
This is not in question, though. There's no debate in the U.S. administration about the fact -- and it is a fact -- that Russia interfered in our democratic election. We've established that clearly to our satisfaction. I would never expect Russia to come out with their hands up and acknowledge what they did. They don't do that. They didn't do that -- they still deny that they are intervening in eastern Ukraine. And, frankly, I'd say to journalists, let's look at what they say and what they do. This is a country that has intervened in a sovereign country and denied that they did it, even though everybody could see that they were doing it, with respect to Ukraine; that has bombed civilians in Syria while denying that they were doing it.
So we don't see this as a he said, she said situation, we see this as, there are facts and then there are things that Russia says.
SENIOR ADMINISTRATION OFFICIAL: I would also add, and maybe my colleague can speak to this more directly, but the process of putting together sanctions packages is extremely onerous and requires evidence that can stand up in court. So this is a very intense, elaborate process with a lot of input from agencies across the board.
We don't need to tell the Russian government what it's been doing. It knows what it's doing. We owe it to the American people to explain what the Russian government is doing, and the President's instruction for the U.S. government to do a report on what happened is exactly directed at explaining to the American people what happened. But we don't need to make the case to the Russians, for all the reasons that my colleague has laid out.
SENIOR ADMINISTRATION OFFICIAL: State, you may want to talk about the harassments.
SENIOR ADMINISTRATION OFFICIAL: Yes, the pattern of harassment over several years is really disturbing, and we felt -- and were pleased with the President's decision to do something about it.
They have -- you saw the YouTube video of the June 6th incident where our diplomat was assaulted by a Russian police officer. Embassy officials have been harassed and detained on their routine diplomatic travels around the country. Russian state-owned television has put some of our diplomats at risk by putting personal details about them on TV. They've blocked our ability to make our consulate general in St. Petersburg safe, in terms of the perimeter of security and new construction. They've closed 28 American Corners around the country and the American Center, which is making it impossible for us to do our job in terms of culture, education, and people-to-people ties.
So a whole series of pattern of actions over a number over years is what triggered this part of the decision.
Q Hi, thanks for doing this. Just to be clear here, the Russians that are being expelled from here and denied access to these -- you called them recreational compounds -- are you saying, one, these very intelligence officers are involved, or is that something they -- out of Moscow? And two, are you talking about a compound within the embassy compound or someplace else, say in Washington?
SENIOR ADMINISTRATION OFFICIAL: I can speak to that, but I believe my colleague would be best positioned to do so.
SENIOR ADMINISTRATION OFFICIAL: The compounds are not part -- are not contiguous with the embassy. One is in Maryland and one is in New York. They are compounds that the Russian government owns and that they use for multiple purposes -- as described by my colleague, intelligence, but also recreational, as well. And under the Foreign Missions Act, we have the authority to restrict their access to these properties based on their pattern of behavior.
SENIOR ADMINISTRATION OFFICIAL: And just to be absolutely clear, there are 35 Russian diplomats -- actually intelligence officers -- who were PNGed by State. The denial of access to the two compounds is all Russian personnel. The Russian missions in Washington, in New York -- all Russian personnel will be denied access to those two compounds beginning at noon tomorrow, or December 30th. And those who were PNGed have 72 hours from the moment of having been informed to leave. So they should be gone, by my calculation, that would be Sunday -- by noon on Sunday. And for the Russian speakers among you, I will wish you s novym godom.
Q Thanks very much. First of all, President-elect Trump said on Wednesday that we ought to "get on with our lives" when asked about sanctioning Russia. So there have been reports that some of the other actions, the not-public actions that were to be taken against Russia was going to be left to the next administration. Is that the case? Or are there other non-public actions that are already being taken? And is your decision -- will your decision in any way change based on the signals coming from the President-elect that he does not believe that this is a matter that should be pursued, the election matter itself?
And would you describe the harassment against our diplomats in Moscow as unusual, or -- are you focused on the normal pattern of behavior, or is this unusual between us and the Russians in terms of what you've seen, as you just described?
SENIOR ADMINISTRATION OFFICIAL: So on your first question, as you've heard us say many times, our approach is that there's one President at a time, and that President Obama is going to execute the duties of his office until January 20th. And he is acting in what he believes to be the best interest of the United States.
I'd say a couple of things. One is, there are any number of actions that we're taking -- some we announce, some we don't -- that will be in process as the next administration takes office. So again, there may be things that commence while we're in office in addition to what we're saying today. When the new administration takes office, it's entirely their judgment as to whether or not they continue down the course that we have set in a number of different areas.
I guess what I'd suggest is that the Russian actions have been sustained over an extended period of time, and by any definition are against the national interests of the United States, not the interests of President Obama. The harassment of our diplomats -- which is not in line, frankly, with the way things have been in the past; it's been escalating steadily for some time -- is a direct threat to the ability of the United States of America to conduct diplomacy. And I would think that that would be of concern to future administrations.
The interference in our election is a pattern that we see in other Western democracies, including some of our closest allies. And I think future administrations would find it concerning if there are efforts to undermine the democracies of our closest allies in the world.
What we've seen in general with their malicious cyber activity has targeted our critical infrastructure beyond even our election process. So I would think that the malicious cyber-targeting of American critical infrastructure would be of concern to future administrations. I'd note, from our own consultations, that this is an issue of great concern to American business, and so I would expect that future administrations would be concerned about the threat to the American economy from malicious Russian cyber activity.
So again, as I said earlier, some of the actions we're taking have to do with Russian intelligence efforts, which, again, are aimed at harming the national security of the United States. I would think that future administrations would be concerned about those efforts. If they aren't, then they should explain why, and they'll have the opportunity to explain why. But I think clearly we're taking these actions because of what has been a pattern of behavior over an extended period of time that we've seen replicated in other countries, and we believe it's the right approach to take.
I don't know if my colleagues want to comment on the kind of historical perspective of harassment.
SENIOR ADMINISTRATION OFFICIAL: Well, my understanding -- and I'll leave it to my colleague -- but my understanding is the State Department assesses that the pattern of Russian harassment of our diplomatic mission in Russia is unprecedented for the post-Cold War era, that this really was a change in behavior in the last two or so years.
But I'll turn it over to my colleague for the authoritative comment.
SENIOR ADMINISTRATION OFFICIAL: Just to agree with you and my colleague, nothing to add from here. Exactly right.
SENIOR ADMINISTRATION OFFICIAL: I just want to emphasize that, of course, the Joint Analytic Report contains information also that does go beyond just the election's malicious cyber activity, and again, to highlight activity aimed at critical infrastructure but also other non-governmental organizations, really a broad campaign. And the list of actors and actor sets, and of malware, et cetera, including BlackEnergy and Havex, is an indication of how broad this campaign is and how serious it is.
Q Thanks very much. Can you explain to us why these activities come -- why these actions come at the time that they do? There was obviously a debate about taking each of the steps that you've announced today prior to the election. There was -- there's obviously been concern about retaliation by the -- and escalation by the Russians. Can you say whether or not you believe in retrospect that you wish you had acted earlier? And can you also on just one factual issue tell us whether or not the facilities that you've closed in New York and Maryland you believe were just generally intelligence facilities, or whether they were used as part of the DNC and other hacking activity here?
SENIOR ADMINISTRATION OFFICIAL: Your second question obviously kind of gets pretty precise on intelligence equities, so I don't think we can speak to that.
On the timing question, look, I'd say there are a range of factors here. Number one, each one of these steps takes a different amount of time to prepare. As you know -- and my colleague can speak if he wants to -- sanctions packages are time consuming, as you're establishing both the basis for the action and then refining the target list. The JAR itself is a complex procedure, as we are putting together the information that we can share publicly that provides the best possible guidance about what we know. And then obviously, the response to the harassment is something we've been focused on for some time.
So a number of points. First of all, with respect to how this fit around the election, I think our first priority was to publicly disclose the information. So before we were going to take an action, the most important thing was to make public what we knew, and we did that on October 7th. And that was a fairly unique, if not unprecedented, step to come out with a common view of the U.S. intelligence community that a foreign power, Russia, was interfering in our election. So point one is getting out that information.
We also wanted to give a warning directly to the Russians accompanying that public message and also in private, which he did at numerous times, about the fact that we knew what they were doing, and that we would be preparing a response. And we therefore wanted to have them absorb that message and have that effect -- see how that affected their behavior.
We also, frankly, in the run-up to the election were very focused on securing the election itself. And we have no indication at all that the efforts included tampering with the vote. And so in terms of a priority for a lot of our cybersecurity efforts, we wanted to make sure that our election was secure. And the warning to Russia combined with our efforts to secure the voting process I think was a priority.
Let's also bear in mind that even as we have made this disclosure and were preparing these steps, material had been hacked and was being released. So it's not as if that genie could be put back into the bottle. We were putting this together and preparing a response in the context in which this information had been shared with other parities and was being publicly released and widely reported on by our news media. So what we wanted to do then is methodically work through these different elements: What could we do on sanctions? How are we going to deal with Russia's diplomatic presence here in the United States? What are we doing with the JAR? And how are we preparing other elements? And that takes some amount of time to put together. And we also wanted to, again, do some of this as a package.
So I think the President has been very deliberate: Let's gather the information; when we had enough confidence to put it out, we released it publicly. We issued a warning. We worked to secure our election. We worked to develop these responses. When the responses were complete, we aligned them so that we would be doing this as a package. And that I think explains the nature of the timeline.
I don't know if anybody wants to speak to individual components of that process in terms of how they were put together.
SENIOR ADMINISTRATION OFFICIAL: I think I can just add that from the very start of when, even going back some time, we have been engaging diplomatically with the Russians and raising our concerns about their activity -- even if not all of that became public -- whenever we learn about or detect intrusions into companies or organizations, we do notifications to those companies, and we go and we tell them. DHS began ramping up its coordination, as my colleague was talking about, in order to make sure that we doing everything possible to secure the electoral infrastructure. We started that back in the summer.
All this has been building for some period of time. So it's not like all of these actions sort of popped in kind of right now out of the blue, they are really part of a long-term effort that we've been building over time to push back on this kind of Russian behavior, and they're setting the stage for the fact that we will have to continue to deter and push back on this kind of behavior going into the future.
MR. STROH: All right. Thank you very much for participating in today's call and, as of now, the call is concluded and the embargo is lifted. Thanks, everyone. Have a nice day.
END 3:27 P.M. EST
Barack Obama, Press Call on the Administration Response to Russian Malicious Cyber Activity and Harassment Online by Gerhard Peters and John T. Woolley, The American Presidency Project https://www.presidency.ucsb.edu/node/321091