Monday, July 16 — a date which might live in infamy.
Today’s summit between President Donald Trump and Russian President Vladimir Putin will, of course, deal with the escalating arms race; since 1969 with the start of the Strategic Arms Limitation Talks — SALT — both countries have sought to limit the other’s nuclear weapons.
Except those aren’t the arsenals we should worry about. The real arms race is in cyberspace.
Instead of Intercontinental Ballistic Missiles (ICBMs) and Multiple Independently Targeted Re-Entry Vehicles (MIRVs), we have Advanced Persistent Threats (APTs), the Internet Research Agency (IRA) and the Glavnoye Razvedyvatel’noye Upravleniye (GRU). Also known as the Main Intelligence Directorate of the General Staff, the GRU is Russia’s real threat to U.S. sovereignty.
This was underscored by Friday’s indictment of twelve Russian intelligence officersaccused of hacking Hillary Clinton’s campaign and the Democratic National Committee. Traditional tactics — “spear-phishing” and vulnerability exploitation — were combined with operation-specific malware called XTunnel. The result was a mismatch of epic proportions.
In cyberspace, Russia is targeting U.S. cities, counties and states. Traditional playbooks and treaties don’t apply to this new battlefield. And Russia is exploiting this to maximum benefit.
When the latest indictments were announced, I was in a briefing in Nashville given by Matthew Travis, Deputy Under Secretary for the National Protection and Programs Directorate (NPPD) of the Department of Homeland Security (DHS). Attacks on our election infrastructure are increasing, he said, and DHS continues to see Russian influence on divisive issues.
Which makes the meeting between Trump and Putin another mismatch: Trump is good at Twitter; Putin is masterful at manipulating it. Trump has bashed the mainstream media over fake news; Putin has manufactured much of it. This is a digital cold war fought via social media, networks and mass media.
The only thing Putin respects is power. Don’t expect from him a “mea culpa” or, as President Trump said, a “ ‘Perry Mason’ moment.” The tools and tradecraft used by Russia to conduct its influence operations are just one click away; cryptocurrency, like Bitcoin, masked its digital transactions to lease servers and to buy fictitious domain names.
Positive steps have been taken to combat threats. One is DHS’s establishment in March of the Elections Infrastructure Information Sharing Analysis Center (EI-ISAC) — although it’s a little tardy, based on what our government knew about election interference. According to Andrew Dolan, Director of Stakeholder Engagement for the Multi-State Information Sharing Analysis Center (MS-ISAC), a related DHS project, 830 counties and all 50 states have joined the EI-ISAC.
But that only solves one part of the problem. Defending against spear-phishing and network attacks isn’t the same as countering a massive influence operation run by a state actor like Russia. Or perhaps China. That takes money. A lot of it:
- $53 billion? The amount spent on National Intelligence Programs in 2016.
- $1 billion? The amount spent on 2016 presidential campaign ads.
- $100,000? The amount spent by the Internet Research Agency — the Russian troll farm — on Facebook ads in 2016.
With $53 billion and a very contentious presidential election looming, the average person might think our government would have made finding a Russian influence operation a priority.
According to an investigation done by the Washington Post, Facebook contacted the FBI in June 2016 with its suspicions about a possible espionage operation. Did the FBI already know and not share? It declined to comment to the Post.
What we do know is that the FBI had information on American citizens being targeted by Russian intelligence and said virtually nothing. An Associated Press investigation showed the FBI knew for more than a year that “scores” of private emails of U.S. government officials were being targeted; only two of the 80 people interviewed by the AP got a heads-up about that.
According to the indictment of thirteen Russian nationals on Feb. 16, “Beginning in or around June 2014, and continuing into June 2015, public reporting began to identify operations conducted by the ORGANIZATION in the United States.”
With all this, finding the perpetrators of this scheme to influence our elections should be easy. All the FBI had to do was read the April 2, 2015, article from The Guardian, a British news site. The entire operation was laid out: “The nondescript building has been identified as the headquarters of Russia’s ‘troll army,’ where hundreds of paid bloggers work round the clock to flood Russian internet forums, social networks and the comments sections of western publications … .”
It should have been a foregone conclusion for the FBI to visit Facebook. It didn’t. No one from U.S. law enforcement or the intelligence community came by to even state the obvious. Even though the FBI and DHS run a program designed to do just that, the Domestic Security Alliance Council.
Senator Mark Warner (D-VA), vice chairman of the Select Committee on Intelligence visited Facebook in June 2017. He inquired about the use of Facebook to disseminate negative ads against Hillary Clinton.
During his visit, Facebook asked Warner for help. Specifically, about any Russian operations or ‘troll farms’. Instead of information-sharing that could help, Facebook got a busy signal.
Many think Facebook should have known. But it was never a fair fight. Facebook opened to the world in September 2006; it went public in 2012 — not even 14 years old. Yet, it should have discovered an extensive, sophisticated influence operation that escaped the attention of $53 billion in intelligence program spending? And the FBI? And DHS? And NSA?
Facebook’s foe had more than 100 years of experience in influence operations, starting in 1917 with the Cheka. Through the years, it became the NKVD, KGB and now the FSB, SVR and GRU. It had the experience of two world wars, various revolutions and a decades-long Cold War.
Adm. Mike Rogers, director of the National Security Agency, was asked during a Congressional hearing why the United States hasn’t aggressively countered Russian propaganda. His answer: “I don’t think we’ve come yet to a full recognition of the idea that we’re going to have to try to do something fundamentally different. I think we still continue to try to do some of the same traditional things we’ve done and expecting to do the same thing over and over again yet achieve a different result.”
Maybe the first thing to do, to counter Russian influence in future elections, is have NSA, DHS and the FBI read more British newspapers. There was nothing “fake” about their news on Russia.
Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. He previously worked as a senior advisor in the U.S. State Department Antiterrorism Assistance Program and as senior law enforcement advisor for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.