The Obama administration is close to announcing a series of measures to punish Russia for its interference in the 2016 presidential election, including economic sanctions and diplomatic censure, according to U.S. officials.
The administration is finalizing the details, which are also expected to include covert action that likely will involve cyber operations, the officials said. An announcement on the public elements of the response could come as early as this week.
The sanctions part of the package culminates weeks of debate in the White House about how to revise an executive order from last year meant to give the president authority to respond to cyberattacks from overseas, but which did not originally cover efforts to influence the electoral system.
The Obama administration last year rolled the order out to great fanfare as a way to punish and deter foreign hackers who harm the United States' economic or national security.
The threat to use it last year helped wring a pledge out of China's president that his country would cease hacking U.S. companies' secrets to benefit Chinese firms.
But officials this fall concluded that it could not, as written, be used to punish the most significant cyber-provocation in recent memory against the United States - Russia's hacking of Democratic organizations, targeting of state election systems and meddling in the presidential election.
With the clock ticking, the White House is working on adapting the authority to punish the Russians, according to the officials, who spoke on the condition of anonymity to discuss internal deliberations. President Obama last week pledged there would be a response to Moscow's interference in the U.S. elections.
One clear way to use the order against the Russian suspects would be to declare the electoral systems part of the "critical infrastructure" of the United States. Or it could be amended to clearly apply to the new threat - interfering in elections.
Administration officials would also like to make it difficult for President-elect Donald Trump to roll back any action they take.
"Part of the goal here is to make sure that we have as much of the record public or communicated to Congress in a form that would be difficult to simply walk back," said one senior administration official, who like others spoke on the condition of anonymity to discuss internal deliberations.
Obama issued the executive order in April 2015, creating the sanctions tool as a way to hold accountable people who harm computer systems related to critical functions such as electricity generation or transportation or who gain a competitive advantage through cybertheft of commercial secrets.
The order allows the government to freeze the assets in the United States of people overseas who have engaged in cyber acts that have threatened U.S. national security or financial stability. The sanctions would also block commercial transactions with the designated individuals and bar their entry into the country.
But just a year later, a Russian military spy agency would hack into the Democratic National Committee and steal a trove of emails that were released a few months later on WikiLeaks, U.S. officials said. Other releases followed, including the hacked emails of Hillary Clinton's campaign chairman, John Podesta.
"Fundamentally, it was a low-tech, high-impact event," said Zachary Goldman, a sanctions and national security expert at New York University School of Law. And the 2015 executive order was not crafted to target hackers who steal emails and dump them on WikiLeaks or seek to disrupt an election. "It was an authority published at a particular time to address a particular set of problems," he said.
So officials "need to engage in some legal acrobatics to fit the DNC hack into an existing authority, or they need to write a new authority," Goldman said.
Administration officials would like Obama to use the power before leaving office to demonstrate its utility.
"When the president came into office, he didn't have that many tools out there to use as a response" to malicious cyber-acts, said Ari Schwartz, a former senior director for cybersecurity on the National Security Council. "Having the sanctions tool is really a big one. It can make a very strong statement in a way that is less drastic than bombing a country and more impactful than sending out a cable from the State Department."
The National Security Council concluded that it would not be able to use the authority against Russian hackers because their malicious activity did not clearly fit under its terms, which require harm to critical infrastructure or the theft of commercial secrets.
"You would (a) have to be able to say that the actual electoral infrastructure, such as state databases, was critical infrastructure, and (b) that what the Russians did actually harmed it," said the administration official who spoke on the condition of anonymity. "Those are two high bars."
Though Russian government hackers are believed to have penetrated at least one state voter-registration database, they did not tamper with the data, officials said.
Some analysts believe that state election systems would fit under "government facilities," which is one of the 16 critical infrastructure sectors designated by the Department of Homeland Security.
Another option is to use the executive order against other Russian targets - say, hackers who stole commercial secrets - and then, in either a public message or a private one, make clear that the United States considers its electoral systems to be critical infrastructure.