Erica D. Borghard is a senior fellow with the New American Engagement Center at the Scowcroft Center for Strategy and Security at the Atlantic Council.
In the lead-up to last week’s election, senior Trump administration officials issued a spate of warnings about Russian and Iranian interference efforts. These included cyber operations to gain access to election infrastructure, as well as cyber-enabled information operations. Yet, despite these concerns, serious foreign interference apparently did not come to fruition on Election Day. As the Department of Homeland Security’s Chris Krebs stated, “after millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies.” Clearly, this success should be celebrated, though there are two risks that require continued vigilance.
First, it is likely too early to declare victory. As General Paul Nakasone, head of U.S. Cyber Command, noted on election day, defense of the elections has not ceased: “This is the start of a timeframe that we see between now and the certification of the vote.” In international politics, transfers of power—and even the early days of a new administration—can provide adversaries a window of opportunity to exploit for their own strategic ends. That is why an orderly and seamless transition is so important. The fact that the United States appears to be grappling with a contested election, with President Trump refusing to concede to President-Elect Biden, compounds the risks that are already present during any transition.
The digital realm poses the most likely and direct avenue for adversary activity. The most obvious concern is that, in the context of either a contested election or even an orderly transition, adversaries could leverage cyberspace to further undermine the confidence of the American people in democratic institutions or sow domestic unrest. This would likely take the form of information operations that play off of existing domestic cleavages aiming to exacerbate uncertainty in general; undermine the legitimacy of the process for ascertaining the election outcome or the transition; or even galvanize Americans to protest or conduct acts of violence. Unfortunately, foreign actors may be aided in their efforts by witting and unwitting actors within the United States.
Less widely discussed but equally significant, foreign actors could conduct more significant cyber operations against critical infrastructure than what was observed in the weeks before the election to test interagency and public-private responsiveness. Specifically, adversaries could endeavor to take advantage of perceived U.S. distraction to test the resilience of the government’s command and control and ability to respond to a domestic incident. In the past, adversaries have gained access to critical infrastructure ostensibly for intelligence collection purposes, such as when Russian-affiliated threat actors were discovered in a number of systems, including in the energy and nuclear sectors. Now, adversaries could step up these efforts or undertake more costly cyberattacks—beyond intrusions—to expose weaknesses in U.S. government incident response capabilities, rather than to inflict costs against U.S. critical infrastructure in cyberspace for coercive or signaling purposes.
Second, what explains the apparent success of Election-Day security? From the perspective of outside observers (and, most importantly, the American people), it is difficult to ascertain what accounts for the absence of a negative outcome. As one academic speculated on Twitter, is the lack of meaningful election interference due to successful defensive efforts by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI)? DHS, for instance, established a Countering Foreign Interference Task Force and has been rapidly disseminating information to the public about mis- and dis-information. And the FBI quickly launched an investigation of intimidating robocalls that went out to voters in critical states. Or, is it due to the success of Cyber Command’s defend forward [PDF] strategy to disrupt, deny, and degrade adversary capabilities and infrastructure outside of U.S.-controlled cyberspace? Or, was it a combination of interagency efforts? Did adversaries try and somehow not succeed due to factors beyond the U.S. government’s own efforts? Alternatively, is it because, for some reason, U.S. adversaries decided it was not worth it to conduct sustained election interference? If the latter is true, identifying the specific reason for the absence of motivation is essential because it should shape how the United States understands adversary intent and influence U.S. strategy going forward.
The answers to these questions are more than academic. Elections will remain an appealing target for threat actors, and the U.S. government needs to institutionalize a recurring process for evaluating outcomes and implementing best practices. This should include systematically assessing alternative explanations and counterfactual arguments and scenarios. All of this requires developing meaningful metrics and improving data collection and analysis. Without a baseline understanding of the threat environment, it is impossible to measure deviations from it or gauge the impact of strategies on adversary behavior. Creating lessons learned that can be referred to for the next election is especially vital given the relative infancy of strategies, such as the defend forward concept, and the evolution of organizations such as the Cybersecurity and Infrastructure Security Agency and Cyber Command.
While all of these scenarios are hypothetical, they should serve as a reminder that political leaders and the American people should exercise calm and caution as the process continues to unfold, and to think ahead to how the U.S. could learn from this latest experience. The United States should also be careful not to assume that its own actions alone account for what appears to be a positive outcome. Rather, an important takeaway should be for the United States to improve strategic intelligence collection against adversary intent, capabilities, and operations to anticipate and prepare for future adversary activity.