Top security agencies are coordinating actions to thwart foreign hackers, prevent Russia-linked individuals from entering the United States and freeze any of their assets subject to U.S. jurisdiction. They are also passing intelligence to social media firms, and helping state and local election officials shore up their defenses.
For months American military cyber-operators, aided by intelligence from the National Security Agency (NSA), have been targeting Russian spies to disrupt their plans by repeatedly knocking them off the Internet, confusing their planners and depriving them of their hacking tools. The goal is to prevent them from attacking U.S. voting systems, according to security officials, speaking on the condition of anonymity because of the matter’s sensitivity.
The State Department this year has revoked the visas of two Ukrainians deemed to be engaged in activities designed to influence the election and advance Russia’s interests. The Treasury Department imposed sanctions last month on four Russia-linked individuals — including one of the Ukrainians, who was labeled an “active Russian agent” — to prevent them from interfering in the electoral process, the first time that the U.S. government has taken such an action before an election.
A vital missing ingredient, however, has been messaging from the top, such as a declaration from the president that the United States will not tolerate efforts — in particular from the Kremlin — to interfere in the election. And disinformation experts say that Trump has reinforced Russian President Vladimir Putin’s attempts to stoke American social divisions with Trump’s inflammatory and unfounded remarks about racial and cultural issues, the novel coronavirus and the security of voting by mail.
“We get better at exposing Russia’s activity, and when the president denies it or calls it into question, that gives Putin the space and opportunity he doesn’t deserve,” H.R. McMaster, Trump’s former national security adviser, said in an interview. He wrote about Putin’s “playbook” in his new book, “Battlegrounds.”
But officials say even if Trump is not publicly voicing support for agencies’ efforts, he is not impeding them, and the NSA, FBI and Department of Homeland Security (DHS) have made securing the election a top priority.
One result is an increasingly effective working relationship between federal officials and Silicon Valley, whose biggest companies had distanced themselves from the U.S. government after the 2013 revelations by former NSA contractor Edward Snowden about the extent of government surveillance relying on their networks.
That tension, the government’s failure to anticipate the Russians’ operations and the Obama administration’s reluctance to publicly call out Moscow until late in the campaign, hobbled the response in 2016. Both the government and social media companies were focused on traditional cyberattacks as opposed to more subtle influence operations, such as fake social media accounts that worked to discourage African Americans likely to support Democrat Hillary Clinton from casting ballots on Election Day.
But this election year the FBI, also armed with NSA intelligence, has tipped Facebook, Twitter and other tech companies to networks of fake accounts created by Russian operatives, which have cut short the attempts of these actors to polarize voters and undermine support for Democratic nominee Joe Biden.
With this improved relationship and other initiatives, the government is “light-years” ahead of where it was in 2016 — and even the midterms, said David Imbordino, the NSA’s election security lead, who did not discuss operations in an interview with The Washington Post.
Targeting the trolls
In 2016, some state election officials were wary of allowing the federal government to help them safeguard their systems. Today, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has relationships with officials in all 50 states and the District of Columbia and has installed malware-tracking sensors on every state election network to spot potential intrusions. In some states, such as Florida, it has those sensors in every county.
The hardening of these networks has diminished the prospect of a successful foreign interference effort this year, elections officials say.
“We feel very confident in where we are and how far we’ve come” in securing election systems, said Carol F. Rudd, elections supervisor for Washington County, Fla., one of two counties in the state to have its systems hacked by Russian military spies in 2016. She has seen no such attempts this year.
The election is still threatened by domestic efforts to cast doubt on its integrity and by Russian efforts to amplify those messages, experts say. The U.S. intelligence community’s head of counterintelligence, William Evanina, this month told Hearst Television that Russia, China and Iran have sought to “amplify divisive messages put forth by Americans, to include the president.”
Democratic lawmakers are upset at the administration’s decision to withhold in-person briefings on foreign election threats to the full Congress, and some former officials, including Trump’s former homeland security adviser Tom Bossert, fear that the president and senior officials may not level with the public if foreign — especially Russian — influence is detected.
Moves to strengthen the nation’s defenses against foreign interference began in the closing days of the Obama administration, which declared election systems to be “critical infrastructure.” This allowed the government to prioritize election security efforts and facilitate assistance to state and local election offices.
The Trump administration, despite the president publicly challenging findings about Russian interference, has continued this effort.
In March 2018, DHS helped launch the Elections Infrastructure Information Sharing and Analysis Center, which serves more than 8,800 election jurisdictions by providing cyberthreat alerts and running CISA’s remote security monitoring. Also that year Trump signed an executive order permitting the imposition of sanctions in the event of foreign interference, and he also signed a national security memo that streamlined approval for offensive cyberoperations.
U.S. Cyber Command ran a campaign to keep Russian trolls off the Internet for several days around the midterm elections in 2018. And today, Cybercom and the NSA are undertaking broader and more sophisticated actions, including against the Russian military spy agency, the GRU, and a botnet run by Russian-speaking criminals, U.S. officials said.
“Our goal is to make it as difficult as possible for an adversary to execute an operation that may interfere with some type of U.S. election system or may influence a U.S. citizen or entity,” Brig. Gen. Joe Hartman, Cyber Command election security lead, said in an interview, without discussing operations. Hackers need malware, network access and servers, he said. “The ability to take those things away from an adversary prevents them from achieving their tactical or strategic objective.”
Cybercom is also helping foreign allies find malware used by Russian and Chinese hackers, then disclosing it. In August, the NSA and the FBI revealed Russian malware used by the GRU. The same month, the State Department’s Global Engagement Center issued a report exposing websites and organizations as Russian sites spreading disinformation.
NSA intelligence led to last month’s takedown by Facebook and Twitter of a Russian operation called Peace Data, which recruited U.S. journalists to write articles intended to undermine support for Biden and his running mate, Sen. Kamala D. Harris (D-Calif.). In October, an FBI investigation led to the neutralizing of another Russian operation — this one targeting conservative voters — on three mainstream platforms.
In each case the accounts and pages were removed before they could accrue large followings and spread content virally — an improvement over 2016, officials said.
“Today, the awareness about state-sponsored threats is high, and the infrastructure to fight such foreign operations seems to be working well,” said Colin Crowell, Twitter’s former vice president for public policy whose team probed Russian influence on the platform after the 2016 election and who left the company last year.
The bureau, CISA and the Office of the Director of National Intelligence have also briefed candidates, parties and the congressional intelligence committees on foreign threats to the election and their systems. The last briefings for the campaigns are expected this week.
CISA and the FBI will have round-the-clock command posts on Election Day to monitor threats and share information across the government. CISA will share data with state and local election officials and social media firms, and it has launched a rumor-control Web page to debunk disinformation about voting security.
The National Security Council has a designated official coordinating the agencies’ efforts: Brian Cavanaugh, who reports to national security adviser Robert O’Brien. Under O’Brien, the NSC has held more than 70 election security meetings since September 2019, several of them at the Cabinet secretary level, officials said.
The Treasury Department’s sanctions have enabled social media firms to take more aggressive action against foreign influence. Shortly after Ukrainian lawmaker Andrii Derkach was added to a sanctions list last month, Google removed 14 accounts linked to him, including a Gmail account and a YouTube channel, which he used to spread disinformation involving the Ukraine and the 2016 U.S. presidential election. Google was able to remove the accounts as violations of their terms of service that require customers to obey U.S. law, a Google spokeswoman said.
By this point in the election in 2016, the Russians had hacked and released tens of thousands of emails from the Democratic Party and Hillary Clinton’s campaign chairman. This year to date, there has been nothing similar.
“On the interference side, when you compare to 2016, the level of activity is dramatically different,” CISA Director Christopher Krebs said during a Hayden Center webinar on election security this month. “At this point we’re not seeing the same level of high-stakes coordinated campaign targeting [election and voting] infrastructure.”
Noting the strides taken by the federal, state and local governments and social media companies, Cybercom’s Hartman urged Americans to refrain from “giving a foreign adversary more credit than they’re actually due.”
In the end, McMaster said, the biggest threat to the election is not Russia. “It’s what we’re doing to ourselves,” he said. “The Russians cannot create these fissures in our society, but they can widen them.”
Elizabeth Dwoskin contributed to this report.