The U.S. military’s top cyber official said Russia launched a ‘concerted effort’ in 2018 to meddle with the U.S.’s midterm elections and was successfully fought off.
Gen. Paul Nakasone, the commander of U.S. Cyber Command and the director of the National Security Agency, wrote in Foreign Affairs Tuesday that Cyber Command and the NSA teamed up ‘to protect against meddling in the midterm elections.’
‘Experts from both organizations formed the Russia Small Group, a task force created to ensure that democratic processes were executed unfettered by Russian activity,’ Nakasone recalled.
Paul Nakasone, the commander of U.S. Cyber Command and the director of the National Security Agency, says in a Foreign Affairs piece published Tuesday that the military’s cyber fighters are increasingly prepared to engage in combat with online adversaries
Nakasone wrote that the Russia Small Group, which consisted of members of the Cyber Command and the National Security Agency, allowed the 2018 midterms to happen ‘unfettered by Russian activity.’ Russian President Vladimir Putin is photographed Tuesday
The Russia Small Group found areas where the technical infrastructure could be compromised, which then allowed the Department of Homeland Security to ‘harden the security of election infrastructure.’
The group also shared information with the Federal Bureau of Investigation so the agency could go after foreign trolls on U.S. social media platforms, Nakasone wrote.
Cyber Command also participated in what are called ‘hunt forward’ missions, where foreign countries allow American operatives to search for malware on their networks, which in turn prepares them for threats aimed at the U.S.
‘Thanks to these and other efforts, the United States disrupted a concerted effort to undermine the midterm elections,’ Nakasone wrote. ‘Together with its partners, Cyber Command is doing all of this and more for the 2020 elections.’
The broader point of Nakasone’s piece in Foreign Affairs, which was co-written by Michael Sulmeyer, his senior adviser, was to defend the U.S.’s more aggressive stance in cyberspace, saying the mission has evolved over the last decade from ‘a reactive and defensive posture’ to keep pace with sophisticated threats.
Nakasone and Sulmeyer wrote that the military’s cyber fighters are increasingly prepared to engage in combat with online adversaries rather than wait to repair networks after they’ve been penetrated.
‘We learned that we cannot afford to wait for cyber attacks to affect our military networks. We learned that defending our military networks requires executing operations outside our military networks. The threat evolved, and we evolved to meet it,’ wrote Nakasone.
As an example, Nakasone cited a mission from last October in which Cyber Command dispatched an elite team of experts to Montenegro to join forces with the tiny Balkan state targeted by Russia-linked hackers.
This particular ‘hunt forward’ mission helped protect an ally but was also an opportunity for the U.S. to improve its own cyber defenses before the 2020 election, Nakasone wrote.
The proactive strategy is a change from a decade ago when Cyber Command was first established in the wake of a punishing cyber attack on the Defense Department’s classified and unclassified networks.
Cyber Command, created in 2010 to protect U.S. military networks, was initially more focused on ‘securing network perimeters.’
In recent years, though, Cyber Command has gone on the offensive, as 68 cyber protection teams ‘proactively hunt for adversary malware on our own networks rather than simply waiting for an intrusion to be identified,’ Nakasone said.
It’s also doing more to combat adversaries on an ongoing basis and to broadly share information about malicious software it uncovers to make it a less effective threat.
‘Some have speculated that competing with adversaries in cyberspace will increase the risk of escalation – from hacking to all-out war. The thinking goes that by competing more proactively in cyberspace, the risk of miscalculation, error, or accident increases and could escalate to a crisis,’ Nakasone wrote.
He said that while Cyber Command takes those concerns seriously, ‘We are confident that this more proactive approach enables Cyber Command to conduct operations that impose costs while responsibly managing escalation.
In addition, inaction poses its own risks: that Chinese espionage, Russian intimidation, Iranian coercion, North Korean burglary, and terrorist propaganda will continue unabated.’