from Digital and Cyberspace Policy Program and Net Politics

To Secure the Election: Tame the Russian Bear in Cyberspace

National Security Agency (NSA) Director General Paul Nakasone addresses a briefing on election security.
National Security Agency (NSA) Director General Paul Nakasone addresses a briefing on election security. REUTERS/Carlos Barria

As the U.S. presidential election approaches, U.S. Cyber Command will have to consider tougher measures to impose costs that change Russia's behavior in cyberspace.

July 13, 2020

National Security Agency (NSA) Director General Paul Nakasone addresses a briefing on election security.
National Security Agency (NSA) Director General Paul Nakasone addresses a briefing on election security. REUTERS/Carlos Barria
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Dr. Scott Jasper is a lecturer at the Naval Postgraduate School in Monterey, California. He is the author of Russian Cyber Operations: Coding the Boundaries of Conflict.

On June 14, Russian President Vladimir Putin described the United States as a country gripped by a “deep internal crisis” due to the refusal by opponents of President Trump to accept his “obvious” 2016 election victory and his legitimacy as leader. Meanwhile, Russian English language outlets pushed a common theme that protests and fires in the United States over racial injustice were a coup or uprising staged by the “Deep State” against the Trump administration. These public messages, combined with Russia’s aggressive social media influence campaigns and targeted cyber operations, aim to sow division in American society and affect the upcoming presidential election.

More on:

Russia

Influence Campaigns and Disinformation

Elections and Voting

While Chinese and Iranian state hackers have recently been caught targeting the presidential campaigns of both major U.S. political parties, U.S. intelligence officials have singled out Russian efforts in particular. For example, in January, security experts revealed the Russian military’s efforts to hack into the Ukrainian gas company Burisma to find information on Hunter Biden in order to smear former Vice President Joe Biden, the Democratic candidate for president. Russian cyber actors have also been renewing their efforts from the 2016 presidential election to hack voter databases and election infrastructure, and should be expected to target mail-in ballot systems. Despite investments in security, IT departments in election offices are no match for professional Russian hackers. Facebook has also admitted that the Internet Research Agency, a Russian company that carries out online influence operations, is improving its methods to bypass the platform’s disinformation filters.

U.S. agencies have previously attempted to respond to Russian election interference after it has occurred. Following the hacking of the Democratic National Committee’s (DNC) servers during the 2016 U.S. presidential election, the investigation led by Special Counsel Robert Mueller yielded criminal indictments for Russian military operatives. In addition, the U.S. Department of the Treasury has sanctioned Russian cyber operatives, and even Russian oligarchs, along with their companies. Nonetheless, indicting Russian hackers has not deterred Russian election interference, and sanctions have even backfired after producing unexpected consequences, like causing the global price of aluminum to soar [PDF].

The United States has also broadly responded to malicious Russian cyber activity with a name and shame strategy, exemplified by its condemnation of Russia for cyberattacks targeting Georgia in October. This strategy tries to enforce and build international consensus for rules for responsible state behavior but falls short of imposing costs that change Russia’s strategic calculus. Alternatively, the U.S. military is capable of achieving this by targeting the sources of Russian cyber operations in Russia’s cyber territory; General Paul Nakasone, commander of U.S. Cyber Command, recently hinted at this prospect when he told Congress that “My top priority is a safe and secure election that is free from foreign influence.”

Cyber Command has been empowered by relaxed rules and new authorities, which have enabled it to conduct persistent engagement [PDF] in cyberspace against foreign adversaries, including Russia. The strategy leverages a defend forward approach, which uses network exploitation, cyber-enabled influence operations, and degrading cyberattacks in day-to-day efforts to disrupt and deter foreign cyber operations. The command tested this strategy during the 2018 U.S. midterm election. Using emails, pop-ups, text, and direct messages, U.S. operatives told Russian social media trolls spreading disinformation that they had been identified. They also messaged hackers working for Russian military intelligence. The trolls persisted, and on Election Day, and for a few days during the vote count, Cyber Command took Internet Research Agency servers offline by blocking their internet access. U.S. senators from both political parties praised the operation, but the Russian Federal News Agency said the attack “did not stop work entirely.”

During this time, the command also sent teams to several European countries to find and expose Russian hacking tools on their networks. Moreover, as part of its malware inoculation initiative, it uploaded Russian military-grade malware to VirusTotal, a private website for crowdsourcing threat analysis. These efforts to confront Russian cyber activity before the election appear to have been successful, as the Department of Homeland Security reported that there were no indications of compromise in election infrastructure and minimal disinformation was spotted around Election Day.

More on:

Russia

Influence Campaigns and Disinformation

Elections and Voting

As the 2020 election approaches, the National Security Agency, also led by General Nakasone, has continued to disclose Russian threat information publicly to defend U.S. networks. For example, a recent advisory detailed innovative email exploitation tactics of Sandworm, a Russian military cyber unit blamed for cyberattacks targeting energy companies in Ukraine.

Nonetheless, given the range of possible Russian tactics to interfere in this year’s election, Cyber Command will have to consider tougher methods to impose costs that change Russian behavior. Open source reports indicate that the command has contemplated its own form of information warfare. This could include targeting senior Russian officials and business elites with limited cyber operations that show access to sensitive personal accounts and the capability to inflict cost if election interference continues. 

As it weighs its options, Cyber Command will undoubtedly conduct thorough planning and risk assessments that consider the possibility of Russian retaliation and discovery or reuse of exploits that the command uses against it. That said, it will continue its strategy of persistent engagement and even explore new, more punishing measures to undermine Russian interference in the upcoming U.S. election. This will send a clear warning to Moscow that it will pay a price for attempting to disrupt the democratic process.

Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close