To Defend Against Election Interference, the US Military Launched a Cyberwarfare Offensive

cyber

Staff Sgt. Tyler Ellingson (left), 100th Communications Squadron mission defense team supervisor, and Staff Sgt. Stephen Spor, 31st CS noncommissioned officer in charge, mission defense team, analyze information systems for potential malicious activity as part of a training scenario during exercise TACET VENARI, held at the U.S. Air Forces in Europe Regional Training Center, Ramstein Air Base, Germany, Mar. 8, 2019. U.S. Air Force photo by Master Sgt. Renae Pittman via DVIDS.

The US military has been engaged in a multiyear, global cybersecurity offensive targeting potential adversaries who intend to interfere in Tuesday’s presidential election.

As part of that effort, US Cyber Command has been operating in foreign networks to preemptively disrupt cyberattacks on America’s electoral process. In short, the Pentagon’s overall strategy to secure America’s election is to play the “away game,” said Brig. Gen. William Hartman, commander of the Cyber National Mission Force at US Cyber Command.

“We’re looking at foreign adversaries: Russia, China, Iran, any other foreign adversary who’s attempting to interfere with our elections,” Hartman said in August. “We’re looking for them in foreign space.”

In the wake of Russia’s attack on the 2016 presidential election (which Moscow still denies), the Department of Defense partially shouldered the responsibility of defending against foreign attacks on America’s elections. Gen. Paul Nakasone, the head of Cyber Command and the National Security Agency, declared that defense of the 2020 election was his top priority. For his part, US Secretary of Defense Mark Esper said election security will be an “enduring mission for the Department of Defense.”

“Our adversaries will continue to target our democratic processes — this is a reality of the world we live in today. Guarding against these threats requires constant vigilance,” Esper said during the 2nd Annual National Cybersecurity Summit in September 2019.

Many defense officials also warn that the threats against the 2020 presidential election are more severe than in 2016, necessitating a more aggressive American cybersecurity campaign ahead of time.

“We’re looking at the spectrum of all of our adversaries, Russia, China, Iran, and ransomware actors,” Dave Imbordino, the election security lead with the National Security Agency, said at a cybersecurity conference in August. “There’s more people in the game. They’re learning from each other.”

cybersecurity, coffee or die

Soldiers and civilians listen to Ohio Army National Guard Chief Warrant Officer 4 Rich Kerwood and members of the FBI at the conclusion of a staged raid of a building containing suspected cybercriminals during Cyber Shield 19 at Camp Atterbury, Indiana, April 17, 2019. Photo by Spc. William Phelps/Joint Force Headquarters-Illinois National Guard, courtesy of DVIDS.

Soldiers and civilians listen to Ohio Army National Guard Chief Warrant Officer 4 Rich Kerwood and members of the Federal Bureau of Investigations at the conclusion of a staged raid of a building containing suspected cyber-criminals during Cyber Shield 19 at Camp Atterbury, Ind., April 17, 2019. Photo by Spc. William Phelps via DVIDS.

Reflecting the Pentagon’s novel role as defender of America’s elections, US Cyber Command teamed with the National Security Agency to form an interagency group called the Russia Small Group to defend the 2018 midterm elections from foreign cyberattacks. This task force coordinated its actions with the Department of Homeland Security and the FBI.

With the Pentagon in the lead, shoring up the security of America’s elections became a forward-leaning, aggressive enterprise, rather than a reactive “whack-a-mole” effort, in which government agencies defend against attacks that are already underway.

“The biggest success out of 2018 wasn’t the 2018 midterms. The biggest success was [that] we put in place, both organizationally and from a business practice standpoint, a focus on an enduring mission to protect the democratic process,” Hartman, the election security lead for US Cyber Command, said in February, according to a Pentagon release.

The Russia Small Group’s success gave rise to the Election Security Group, marking a new combined effort by the NSA and Cyber Command to “disrupt, deter and degrade adversaries’ ability to interfere and influence the US elections,” according to the Pentagon.

The US has now adopted a more aggressive election defense posture, involving what are known as “hunt forward” operations in which US cybersecurity teams travel to different countries around the world to look for malicious cyber activity. These teams report back to Cyber Command and other agencies, providing forward observations from the global cyber front lines to anticipate how the US may be attacked in the future.

“In a hunt forward operation, we are able to work with partner nations and receive an invitation to execute operations in their country,” Hartman said. “These are generally countries that are in the near abroad of adversaries that we’re potentially concerned about.”

election cybersecurity, coffee or die

Army Sgt. Kyle Plumley, an intel analyst for Joint Force Headquarters out of Columbus, Ohio, works three laptop computers May 16 as part of Cyber Shield 2018 at Camp Atterbury, Indiana. Cyber Shield provides a collective training event that, in part, prepares soldiers to actively monitor for internal network threats. Photo by Staff Sgt. Chad Menegay/US Army, courtesy of DVIDS.

Since 2014 Russia has used Ukraine as a “testing ground” for its cyberwarfare tactics, underscoring what some security experts say is a case study for the new kinds of cybersecurity threats the US and its Western allies can anticipate from Moscow.

“The threats Ukraine faces are harbingers of things to come for the US and its other allies,” said Junaid Islam, chief technology officer and president of Vidder, a California-based cybersecurity firm.

“It is in the national strategic interests of both the United States and Ukraine to cooperate deeply in cybersecurity because Ukraine is a canary in the cyberspace coal mine,” Islam said.

Hunt forward operations thwarted what US officials called a “concerted” effort by foreign adversaries to interfere in the 2018 midterm elections. They also gave the US invaluable insights about how to “inoculate” the country’s computer systems against foreign malware.

“I think we’ve learned a lot through 2016, 2018 with the Russia Small Group. And as we roll into 2020, as NSA’s No. 1 priority is the safety and security of the elections, it’s going to take the entire US government to be marshalled to make sure that our democratic processes are not impeded by malicious cyber activity,” Wendy Noble, executive director of the NSA, said in September.

America’s revamped election cyberdefenses include better intelligence gathering, improved cooperation among US government agencies and military units charged with cybersecurity, as well as proactive operations to “impose costs on countries that seek to interfere” with US elections.

“It’s not enough to just know and understand what our adversaries are doing. The nation expects us to do something about it,” the NSA’s Imbordino said in December.

election cybersecurity, coffee or die

US Army Chief Warrant Officer 3 Clinton Store studies course content during Cyber Shield 18 at Camp Atterbury Indiana, May 8, 2018. Cyber Shield gathers soldiers, airmen and civilian cybersecurity professionals to prepare participants for roles in the National Guard’s Defensive Cyber Operations Elements. Photo by Staff Sgt. George Davis/Ohio National Guard, courtesy of DVIDS.

U.S. Army Chief Warrant Officer 3 Clinton Store studies course content during the training week of Cyber Shield 18 at Camp Atterbury Ind., May 8, 2018. Cyber Shield gathers Soldiers, Airmen and civilian cyber security professionals to train and conduct exercises that prepare participants for roles in the National Guard’s Defensive Cyber Operations Elements. Photo by Staff Sgt. George Davis via DVIDS.

As part of the “defend forward” concept outlined in the Defense Department’s 2018 cyber strategy, the US military has “developed our capabilities and increased our capacity to allow us to detect, locate, and exploit threats in the cyber domain with the same focus and energy as we do in the physical domains,” Esper said.

“By defending forward, we are able to see and understand malicious cyber behavior, allowing us to publicly expose that activity and its culprits,” Esper added. “It’s also posturing us to take action against these threats, at their source, before they reach the homeland.”

The Election Security Group also works with the National Guard, allowing national-level intelligence to be dispersed across the country to protect election operations at every level of government.

“The primary way that we work with the states is really working by, with and through DHS and FBI, which is absolutely a critical component of how we interact,” Hartman said in December, according to a Pentagon release. “And the National Guard is present in all 50 states, three territories, and District of Columbia, which allows us to potentially look at something that may be occurring in the United States and see if we can track that activity to any foreign actor or to any foreign space.”

Nolan Peterson is a senior editor for Coffee or Die Magazine and the author of Why Soldiers Miss War. A former US Air Force special operations pilot and a veteran of the wars in Afghanistan and Iraq, Nolan is now a conflict journalist and author whose adventures have taken him to all seven continents. In addition to his memoirs, Nolan has published two fiction collections. He lives in Kyiv, Ukraine, with his wife, Lilya.
More from Coffee or Die Magazine
With the US and India deepening their military ties, the Himalayan mountain chain marks another geopolitical flashpoint with China.
With its iconic folding wings and six machine guns, the Corsair proved exceptionally lethal in World War II and beyond.
Letter bombs mailed to the US Embassy in Madrid and Spanish government offices triggered elevated security at Naval Station Rota.
The Air Force will officially reveal the replacement for the B-2 stealth bomber on Friday, Dec. 2.
When he was released, after 28 months as a prisoner, he thought he would face charges. Instead, he was told he’d won the highest award for valor.
A Connecticut man faces up to 20 years behind bars for trying to join Islamic State group terrorists.
The annual matchup was first played in 1890 and has since become something much bigger — and more important — than just a football game.
A blaze erupted on the aircraft carrier Abraham Lincoln, injuring nine sailors before it was extinguished.
The encounter highlighted a trend of increasingly aggressive Chinese military behavior in the region.
Marines and sailors see the landing assault ships Tripoli and America as light carriers.