U.S. forces are taking an aggressive approach in cyberspace ahead of November’s presidential election, aiming to wipe out threats from foreign countries and other actors before they have a chance to disrupt voting or other critical, election-related systems.
“Cyber Command needs to do more than prepare for a crisis in the future; it must compete with adversaries today,” Gen. Paul Nakasone, head of U.S. Cyber Command, and senior adviser Michael Sulmeyer said in a piece published Tuesday in Foreign Affairs magazine.
The strategy, described by top officials at U.S. Cyber Command as “hunt forward,” reflects the military’s increased desire to move away from what they describe as a “reactive and defensive posture,” and confront evolving threats head-on.
“U.S. forces must compete with adversaries on a recurring basis, making it far more difficult for them to advance their goals over time,” the officials wrote, outlining the strategy for the public with the presidential election now less than three months away. “Additionally, cyber effects operations allow Cyber Command to disrupt and degrade the capabilities our adversaries use to conduct attacks.”
Nakasone and Sulmeyer say the more proactive approach to protecting the upcoming U.S. election began, in part, in October 2019, after a team from Cyber Command traveled to Podgorica, Montenegro, to investigate attempts, possibly by Russia, to infiltrate that country’s networks.
In the process, the Cyber Command team “saw an opportunity to improve American cyber defenses ahead of the 2020 election,” they said in the article.
Nakasone and Sulmeyer also say they are building on efforts from 2018, when Cyber Command joined with the National Security Agency to form the Russia Small Group (RSG) to help protect the congressional mid-term elections, shoring up vulnerabilities within the U.S. election infrastructure, sounding alarms about Russian disinformation campaigns, and hunting for malware.
“Thanks to these and other efforts, the United States disrupted a concerted effort to undermine the midterm elections,” they wrote. “Together with its partners, Cyber Command is doing all of this and more for the 2020 elections.”
Critics point out that the more aggressive approach to cyber defense carries risks. Namely, they worry that whether due to a miscalculation or an accident, a confrontation in cyberspace could escalate and lead to all-out war.
But U.S. Cyber Command officials argue the risk is manageable and that the “hunt forward” strategy allows them to impose necessary costs on adversaries like Russia, China, Iran and North Korea.
“Inaction poses its own risks: that Chinese espionage, Russian intimidation, Iranian coercion, North Korean burglary, and terrorist propaganda will continue unabated,” Nakasone and Sulmeyer wrote in the magazine. “So, the question is how, not whether, to act.”
Determining whether Cyber Command’s “hunt forward” approach is paying off may be difficult.
U.S. officials charged with protecting key voting-related systems said at least so far, there are no signs of any country-directed attacks on the United States.
“We are not and have not seen specific targeting of those election systems that has been attributable to nation-state actors at this time,” Matthew Masterson, senior cybersecurity adviser for the Cybersecurity and Infrastructure Security Agency (CISA), told the Atlantic Council on Tuesday.
“(We) aren’t seeing a broad campaign in that way,” he said, adding, “We’re cognizant that’s in the playbook.”
Evidence of meddling
Earlier this month, U.S. counterintelligence officials warned they have evidence that Russia, China and Iran are trying to meddle with the November election.
“We assess that Russia is using a range of measures to primarily denigrate former Vice President (Joe) Biden and what it sees as an anti-Russia ‘establishment,’” National Counterintelligence and Security Center Director William Evanina said in a statement.
“Some Kremlin-linked actors are also seeking to boost President (Donald) Trump’s candidacy on social media and Russian television,” he added.
China and Iran, according to Evanina, appear to prefer a Biden presidency.
But for now, descriptions by counterintelligence officials portray such efforts by Russia, as well as by China and Iran, more as disinformation campaigns as opposed to attacks on computer systems and networks that could play a key role in collecting and tabulating votes.
Most of the activity on that front, for the time being, appears to be coming from criminal actors with no definitive ties to Russia, China or other U.S. adversaries.
“We do see regular scanning, regular probing of election infrastructure as a whole, what you’d expect to see as you run IT systems,” said CISA’s Masterson, citing the use of ransomware as a top concern.
“What we see is an ability to shut down county (local government) networks as a whole, which obviously has an impact on the election office to operate,” he said.
Still, U.S. election security officials are optimistic that measures put in place since 2016 will be enough to ward off any attacks.
"I've said it before, and I'll say it again: The 2020 election will be the most secure election in modern history," CISA Director Chris Krebs told reporters last month.