By C. Todd Lopez
WASHINGTON (Aug. 08, 2020) -- As November approaches and a new general election is on the minds of most Americans, preserving the security of that election is on the minds of cyber experts at U.S. Cyber Command and the National Security Agency. Officials there say that unlike in 2016, where Russia was the biggest threat to election security, there are now new threats that pose a risk.
"We're looking at the spectrum of all of our adversaries, Russia, China, Iran, and ransomware actors," said Dave Imbordino, the election security lead with the National Security Agency, during a panel discussion Friday that was part of the 2020 DEF CON convention.
For the 2020 election, Imbordino said, there are more threats to consider, and it's easier for those threats to get involved.
"There's more people in the game," Imbordino said. "They're learning from each other. Influence is a cheap game to get into now with social media. It doesn't cost a lot of money. You can try to launder your narratives online through different media outlets. That's something we're laser-focused on as well."
Army Brig. Gen. Joe Hartman, commander of the Cyber National Mission Force at U.S. Cyber Command and also the election security lead for Cybercom, said that since 2018, Cybercom hasn't let its guard down in regard to election security. While in 2016, he said, the Defense Department was focused on other things, by the 2018 midterm election, Cybercom and NSA had set up the "Russia Small Group" to deal with potential Russian interface during that election. They haven't lost focus since then.
"For us that never stopped. I got back to the command about a year ago in 2019. And we didn't start up ... this thing called the election security group. It was already working, and it never stopped working [since] 2018," he said. "We think we're in a much better position now, certainly, than we were in 2016 or 2018."
What are the threats to U.S. elections? Influence operations are a primary threat. That involves the creation of information online by adversarial nations, often through proxy groups, to create discord and influence opinion in the U.S.
Imbordino said the Russian-operated Internet Research Agency, for instance, has set up operations overseas to generate misleading and divisive information to influence voter opinion.
"They have set up something in Africa, Ghana, in terms of ... having people there trying to put stuff online, posting things about, you know, socially divisive issues, using covert influence websites to be able to get their narrative out," he said. "That's kind of a shift in tactic we've seen from Russia side."
China, he said, has proven effective in doing the same in their own part of the world, in Taiwan and Hong Kong, for instance.
"Them becoming potentially more aggressive in the U.S. space is something that we need to monitor and be prepared for," Imbordino said. "For the Chinese cyber threat ... they're a little bit different in terms of the scale and breadth of the targets they go after. Every U.S. citizen is a target of China, just because of the big data, the PII [personally identifiable information] that they're interested in collecting ... I think that sets them uniquely apart."
Iran is also getting into the influence game, he said, and is learning from what other adversaries are doing.
Hartman said Cybercom has capabilities now on the home front to defend against threats to national elections, including on-call defensive cyber elements in "war rooms" that are ready to respond if called upon by agencies like DHS or FBI, for instance. But that's not all, he said.
"We have elements that are sitting over in other op centers, and they are prepared. If we see an adversary that's attempting to do something to interfere with that election ... we have the ability to play the away game," he said. "We have the ability to go out in foreign space and look at what you're doing. And we have the ability to make you stop doing that."