Top U.S. intelligence and defense officials caution the threat to the U.S. in cyberspace is not diminishing ahead of November’s midterm elections despite indications that Russia’s efforts to disrupt or influence the vote may not match what it did in 2016.
The warnings of an ever more insidious and persistent danger come as lawmakers and security officials have increasingly focused on hardening defenses for the country’s voter rolls and voting systems.
It also comes as top executives from social media giants Facebook, Twitter and Google prepare to testify on Capitol Hill about their effort to curtail the types of disinformation campaigns used by Moscow and which are increasingly being copied by other U.S. adversaries.
“The cyberthreat to the U.S. is not limited to U.S. elections, a point that is too often missed,” Director of National Intelligence Dan Coats told a conference outside of Washington Tuesday. “The weaponization of cybertools and the relative lack of global guardrails in a cyber domain significantly increases the risk that a discrete act will have enormous strategic implications.
“Foreign influence efforts online are increasingly being used around the globe,” he added.
Others ramp up attacks
Government officials as well as those from private cybersecurity have said repeatedly over the past few months that they have not yet seen a repeat of what Coats himself described as the “robust” campaign Moscow launched in the run-up to the 2016 presidential election.
Still, there are concerns that even if the Kremlin has eased its efforts, other countries and a variety of nonstate actors have ramped up their own campaigns, often learning from Russia’s 2016 exploits.
“I remain deeply concerned about threats from several countries to upcoming U.S. elections — the midterms this year, the presidential elections in 2020 and beyond,” Coats said.
While the director of national intelligence did not name any countries in particular, other officials have previously pointed to China, Iran and North Korea as the main culprits.
Two weeks ago, social media giants Facebook and Twitter announced they had removed hundreds of pages and accounts linked to a disinformation campaign that originated in Iran and targeted the U.S. as well as other countries.
Once major attacks now normal
U.S. cybersecurity officials warn that hacking, phishing attacks and disinformation campaigns have become increasingly popular tools for so-called bad actors’ and that they often escape the attention of the general public.
One reason is that what might have been described as a major cyberattack 10 years ago is often seen now as part of the normal threat landscape.
“We’ve crossed that threshold many, many times,” said John Rood, the Pentagon’s undersecretary of defense for policy. “We are in that environment where on a near daily basis we are being challenged with those activities.”
What worries him, he said, is not the cyberattacks on their own but the prospects of someone combining cyber with a more traditional type of attack on the U.S. homeland.
“Some of our allies or friends have experienced a combination of cyberactivities, manipulation of the electromagnetic spectrum and physical — air, land, sea — domain [attacks], whether that be Ukraine or Georgia.”
Small attacks just as worrisome
Yet other U.S. officials believe it is not the prospect of large-scale cyberattacks that should be the sole reason for concern.
“While I don’t see a dramatic cyberattack coming at us, every day there are small ones,” according to National Security Agency Deputy Director George Barnes.
“The problem is we focus on the big and the slow drip happens out the back,” he said. “And the slow drip is the continued theft of intellectual properties from our industries.”
Part of the problem, according to Barnes and other officials, is the extent to which government and industry in the U.S. in connected to and dependent on cyberspace, creating what they describe as a large and vulnerable “attack surface.”
And despite government efforts to reach out to private companies to share information about the threats, and even about ongoing or imminent attacks, U.S. officials fear the current level of cooperation is still not enough.
As a result, the U.S. is “continually pummeled by nation state and non-nation state sponsored malicious cyber activity,” Barnes said.
In response to the growing pace of attacks, the U.S. military and intelligence agencies have become ever more vocal in identifying the perpetrators and calling attention to their exploits.
Increasingly, they are also talking out loud about hitting back.
“We are not standing idly by,” Coats said.
“Every kind of cyberoperation, malicious or not, leaves a trail,” he said. “Persistence on our part has enabled us to identify and publicly attribute responsibility for numerous cyber attacks and foreign influence efforts and then prepare for the response.”