Military officials have said new authorities, approved over the last year, enabled CyberCom to be more aggressive — and effective — in what they privately say was an apparent success. Nakasone, who also heads the National Security Agency, stopped short of saying it was CyberCom that made the difference, telling Rounds that safeguarding the election was the agencies’ “number-one priority.”
Nakasone assumed his dual posts in May and has privately told Pentagon leaders that having the two agencies under a single director was key to the operation’s outcome.
Last week the Justice and Homeland Security departments reported there was no evidence that any foreign government had “a material impact” on the election or campaign infrastructure.
The lawmakers, who received a classified briefing Wednesday on the operation, lamented the military could not be more forthcoming about its campaign.
“I wished that the American people could have heard more of what you told us,” Sen. Richard Blumenthal (D-Conn.) said. “It was success. Very few of the American public know about the successes.’’
The counter-Russia campaign marked the first operational test of a presidential order granting CyberCom more latitude to undertake offensive operations without having to seek approvals from other agencies, which can be time-consuming.
Also pivotal was a new provision included in this year’s National Defense Authorization Act clearing the way for more clandestine cyberoperations that don’t rise to acts of war, categorizing them as “traditional military activity.”
The campaign was carried out by the Russia Small Group, which Nakasone set up last year, drawing personnel from CyberCom and the NSA.
The group took action under a new strategy of “persistent engagement,” or sharing threat information with the FBI and Department of Homeland Security so they can share it with the private sector to help firms secure their networks, raising the costs for an attacker.
Another aspect of persistent engagement involves continually confronting the adversary, in this case Russia, forcing it to devote resources to defending its networks and reducing its ability to cause mischief inside U.S. networks.
One element of CyberCom’s operation reportedly involved a form of electronic signaling to Russian hackers and “trolls” who conduct disinformation campaigns on social media. The warnings indicated the Americans knew where the Russians’ command-and-control systems were and could disrupt them if need be, according to officials, who spoke on the condition of anonymity to describe sensitive operations.
Officials have been reluctant to disclose additional details, saying that doing so could help U.S. adversaries. Some senators seemed torn by that.
“The enemies know what they’re doing,” Blumenthal said. “We know what they’re doing. . . . They know we know what they’re doing. The only ones who are in the dark, really, are the American people.”
Some former senior intelligence officials argue that the operation could have been just as successful if the NSA and CyberCom had been led by separate individuals.
“NSA supports all of the unified military commands, not just one,” said James R. Clapper Jr., the former director of national intelligence. “I don’t agree that the only way that [intelligence] support can be rendered is through dual-hatted leadership.”
Rounds earlier this week told The Washington Post that CyberCom’s operation prevented “what would have been some very serious cyber incursions.” Said Rounds: “The fact that the 2018 election process moved forward without successful Russian intervention was not a coincidence.”
He, too, refrained from disclosing details, but said, “I can just tell you that the types of cyber activity that Russia, through multiple agencies and third parties [was conducting], was most certainly impacted during this process.”
Joseph Marks contributed to this report.