The US military has been engaged in a multiyear, global cybersecurity offensive targeting potential adversaries who intend to interfere in Tuesday’s presidential election.
As part of that effort, US Cyber Command has been operating in foreign networks to preemptively disrupt cyberattacks on America’s electoral process. In short, the Pentagon’s overall strategy to secure America’s election is to play the “away game,” said Brig. Gen. William Hartman, commander of the Cyber National Mission Force at US Cyber Command.
“We’re looking at foreign adversaries: Russia, China, Iran, any other foreign adversary who’s attempting to interfere with our elections,” Hartman said in August. “We’re looking for them in foreign space.”
In the wake of Russia’s attack on the 2016 presidential election (which Moscow still denies), the Department of Defense partially shouldered the responsibility of defending against foreign attacks on America’s elections. Gen. Paul Nakasone, the head of Cyber Command and the National Security Agency, declared that defense of the 2020 election was his top priority. For his part, US Secretary of Defense Mark Esper said election security will be an “enduring mission for the Department of Defense.”
“Our adversaries will continue to target our democratic processes — this is a reality of the world we live in today. Guarding against these threats requires constant vigilance,” Esper said during the 2nd Annual National Cybersecurity Summit in September 2019.
Many defense officials also warn that the threats against the 2020 presidential election are more severe than in 2016, necessitating a more aggressive American cybersecurity campaign ahead of time.
“We’re looking at the spectrum of all of our adversaries, Russia, China, Iran, and ransomware actors,” Dave Imbordino, the election security lead with the National Security Agency, said at a cybersecurity conference in August. “There’s more people in the game. They’re learning from each other.”
Reflecting the Pentagon’s novel role as defender of America’s elections, US Cyber Command teamed with the National Security Agency to form an interagency group called the Russia Small Group to defend the 2018 midterm elections from foreign cyberattacks. This task force coordinated its actions with the Department of Homeland Security and the FBI.
With the Pentagon in the lead, shoring up the security of America’s elections became a forward-leaning, aggressive enterprise, rather than a reactive “whack-a-mole” effort, in which government agencies defend against attacks that are already underway.
“The biggest success out of 2018 wasn’t the 2018 midterms. The biggest success was [that] we put in place, both organizationally and from a business practice standpoint, a focus on an enduring mission to protect the democratic process,” Hartman, the election security lead for US Cyber Command, said in February, according to a Pentagon release.
The Russia Small Group’s success gave rise to the Election Security Group, marking a new combined effort by the NSA and Cyber Command to “disrupt, deter and degrade adversaries’ ability to interfere and influence the US elections,” according to the Pentagon.
The US has now adopted a more aggressive election defense posture, involving what are known as “hunt forward” operations in which US cybersecurity teams travel to different countries around the world to look for malicious cyber activity. These teams report back to Cyber Command and other agencies, providing forward observations from the global cyber front lines to anticipate how the US may be attacked in the future.
“In a hunt forward operation, we are able to work with partner nations and receive an invitation to execute operations in their country,” Hartman said. “These are generally countries that are in the near abroad of adversaries that we’re potentially concerned about.”
Since 2014 Russia has used Ukraine as a “testing ground” for its cyberwarfare tactics, underscoring what some security experts say is a case study for the new kinds of cybersecurity threats the US and its Western allies can anticipate from Moscow.
“The threats Ukraine faces are harbingers of things to come for the US and its other allies,” said Junaid Islam, chief technology officer and president of Vidder, a California-based cybersecurity firm.
“It is in the national strategic interests of both the United States and Ukraine to cooperate deeply in cybersecurity because Ukraine is a canary in the cyberspace coal mine,” Islam said.
Hunt forward operations thwarted what US officials called a “concerted” effort by foreign adversaries to interfere in the 2018 midterm elections. They also gave the US invaluable insights about how to “inoculate” the country’s computer systems against foreign malware.
“I think we’ve learned a lot through 2016, 2018 with the Russia Small Group. And as we roll into 2020, as NSA’s No. 1 priority is the safety and security of the elections, it’s going to take the entire US government to be marshalled to make sure that our democratic processes are not impeded by malicious cyber activity,” Wendy Noble, executive director of the NSA, said in September.
America’s revamped election cyberdefenses include better intelligence gathering, improved cooperation among US government agencies and military units charged with cybersecurity, as well as proactive operations to “impose costs on countries that seek to interfere” with US elections.
“It’s not enough to just know and understand what our adversaries are doing. The nation expects us to do something about it,” the NSA’s Imbordino said in December.
As part of the “defend forward” concept outlined in the Defense Department’s 2018 cyber strategy, the US military has “developed our capabilities and increased our capacity to allow us to detect, locate, and exploit threats in the cyber domain with the same focus and energy as we do in the physical domains,” Esper said.
“By defending forward, we are able to see and understand malicious cyber behavior, allowing us to publicly expose that activity and its culprits,” Esper added. “It’s also posturing us to take action against these threats, at their source, before they reach the homeland.”
The Election Security Group also works with the National Guard, allowing national-level intelligence to be dispersed across the country to protect election operations at every level of government.
“The primary way that we work with the states is really working by, with and through DHS and FBI, which is absolutely a critical component of how we interact,” Hartman said in December, according to a Pentagon release. “And the National Guard is present in all 50 states, three territories, and District of Columbia, which allows us to potentially look at something that may be occurring in the United States and see if we can track that activity to any foreign actor or to any foreign space.”