U.S. Cyber Command has begun targeting Russian operatives, warning them that the military is tracking their activities in an attempt to deter them from disrupting the fast-approaching midterm elections, according to defense officials.
Begun in recent days, the operation is the first under a new presidential order easing restrictions on offensive cyberspace actions against foreign networks and represents Cyber Command’s initial foray into safeguarding U.S. elections, officials said.
The news comes as President Trump’s national security adviser, John Bolton, warned officials in Moscow this week that he considered Russian interference in the American election process “intolerable.”
The digital alerts, which could take the form of text or direct messages, pop-ups or emails, are implicit warnings meant to stay below the level of an armed attack, so as not to provoke the Russians into counterattacking, officials said. Their targets include military hackers and “trolls” financed by Russian oligarchs.
“The U.S. government leadership has made it clear that it will not accept any foreign interference or attempts to undermine or manipulate our elections in any way,” Cybercom spokesman Joseph Holstead said, while declining to confirm the operation. “This includes the whole-of-government effort to protect election infrastructure and prevent malign, covert election influence operations.”
The campaign, first reported by the New York Times, is part of Gen. Paul Nakasone’s increased focus on deterring such aggression, which the “dual-hatted” head of Cyber Command and the National Security Agency has called his first priority.
“There is nothing more important, no other priority that is higher at the NSA than the security of the midterm elections,” Nakasone said at a conference last month. “We looked at what our adversaries have done previously and what they might do in the future. . . . The forces that are working are well trained, ready to do what is necessary in terms of securing the elections in 2018.”
This month, Nakasone noted the United States is facing adversaries such as Russia and China that are “looking to really take us on below that level of armed conflict,” whether to steal intellectual property or disrupt elections. And so, he said, “our military must be able to . . . compete below the level of armed conflict.”
“This is what great-power competition looks like today,” Nakasone said, “and it’s what we will look at as we look to the future.”
The initiative also reflects the Defense Department’s commitment to helping the Department of Homeland Security protect American elections, officials said.
It is not clear how effective a deterrent such warnings will be against Russian operatives such as those who brazenly assaulted U.S. political campaigns and ran disinformation operations to sow discord in the 2016 election season and sought to tip it in favor of Donald Trump.
Such messages could indicate to the Russians that if they continue malicious activities, they might become the target of U.S. sanctions or indictments, experts said.
In recent months, the U.S. government has obtained indictments against and imposed sanctions on Russian operators who sought to undermine the U.S. political system. The targets include officers with Russia’s military spy agency, the GRU, and individuals working for the Russia-based Internet Research Agency, a troll farm financed by an oligarch close to President Vladimir Putin. On Friday, the Justice Department charged a Russian woman with interfering in the midterm elections.
“Simply telling individual Russian operators that the American intelligence community is aware of them individually, and watching them, is a big deal,” said Thomas Rid, a strategic-studies professor at Johns Hopkins University who has researched Russian cyberspace operations. “In the past few months, GRU officers have already been exposed, indicted, humiliated and ridiculed, even in Russia. Such semi-covert messaging is likely to inject friction, if not fear, into the ranks of Russian covert operators.”
Other experts were less sanguine.
“I’m skeptical that mere warnings to Russian operatives will serve as an effective deterrent,” said Michael Carpenter, a former deputy assistant U.S. secretary of defense who handled Russia policy. “I think it’s more likely to drive them to try other attack vectors. If there were a way to disrupt their operations, however, I don’t think that should be out of bounds.”
Under the recently signed National Security Presidential Memorandum 13, the Cybercom operation was authorized without having to go through layers of approvals from other government agencies, which would have been the case in the past, officials said.
Congress has also authorized such operations.
“In 2016, the Russians essentially had an open playing field,” said Sen. Jack Reed (R.I.), the Senate Armed Services Committee’s ranking Democrat. “We’re trying to close that down.
Sen. Ben Sasse (R-Neb.), Reed’s colleague on the panel, said: “Make no mistake — we are late to this fight. This is just the start of what has to be an aggressive and strategic campaign to win the shadow war that Vladimir Putin is waging against free people around the world. That’s why American leadership is needed to quickly expose Putin’s lies and knock down his cyber-spooks.”
Paul Sonne contributed to this report.