Voting has begun for the 2020 presidential election primary season — but it's not the beginning of the U.S. government's defense against foreign interference and influence in our elections.
At the Reagan National Defense Forum last December, Army Gen. Paul M. Nakasone, U.S. Cyber Command commander and director of the National Security Agency, laid out the Defense Department's role in election security. "We began the ability for us to defend the presidential elections not today, not six months from now. We began it the day after the midterm elections," he said, "We have not let up in terms of our ability to understand what our adversaries are doing."
The Defense Department plays an important role in that whole-of-government partnership, spearheaded by the NSA and CYBERCOM's Election Security Group, formed in the wake of the successes of the Russia Small Group during the 2018 midterms.
It's not enough to just know and understand what our adversaries are doing; the nation expects us to do something about it."
- David Imbordino, National Security Agency election security lead
David Imbordino, the NSA election security lead, and Army Brig. Gen. William Hartman, CYBERCOM's election security lead and commander of Cyber National Mission Force, co-lead the joint Election Security Group. Its purpose is to align the two organizations' resources, efforts and actions to disrupt, deter and degrade adversaries' ability to interfere and influence the U.S. elections.
"The biggest success out of 2018 wasn't the 2018 midterms," Hartman said. "The biggest success was we put in place, both organizationally and from a business practice standpoint, a focus on an enduring mission to protect the democratic process."
The Election Security Group's primary objectives are to generate insights on foreign adversaries that lead to improved cyber defenses and to impose costs on countries that seek to interfere. It directly supports partners, such as the Department of Homeland Security and the FBI, by collecting, declassifying and sharing vital information to enable agencies' efforts in election security.
"[The FBI will] engage with social media companies," Imbordino said. "That information can enable a social media company to then use their platform, where they have very unique insights that we don't have, to mitigate and potentially unravel [malicious] social media influence campaigns."
When NSA and CYBERCOM see a cyberattack happening against a certain victim, they communicate that information to appropriate government offices, which, in turn, work with private-sector partners to provide notification and enable future cyber defense.
"We look at adversary meddling in an election on two different fronts. One is covert influence, and then there's interference," Imbordino said. "For interference, what we're talking about is an adversary trying to go change a vote total, targeting election infrastructure, voter rolls. Influence is more of the social media component of trying to influence public opinion."
"It's not enough to just know and understand what our adversaries are doing," he continued. "The nation expects us to do something about it. Enabling our partners with the right information at the right classification level they need to take action to defend our democracy against these threats is essential and allows all of the tools of the government to be employed in this fight."
Guiding all of CYBERCOM's efforts is their underlying framework for the continuous execution of cyberspace operations, known as persistent engagement — the concept of constant contact with adversaries in cyberspace, engaging beyond DoD networks to "defend forward," officials said, noting that persistent engagement enables CYBERCOM to be postured to impose cost against foreign malicious actors before they reach the homeland.
An example of persistent engagement in action is "hunt forward" operations that involve deploying defensive cyber teams around the world at the invitation of allies and partners to look for adversaries' malicious cyber activity. These teams send insights back from these missions, enabling defense for U.S. and partner networks, and providing real-time situational awareness for CYBERCOM to better protect the nation from foreign attacks in cyberspace.
"In a hunt forward operation, we are able to work with partner nations and receive an invitation to execute operations in their country," Hartman said. "These are generally countries that are in the near abroad of adversaries that we're potentially concerned about."
Hunt forward operations produce detailed information identifying risks and threats to critical infrastructure, networks and data. These insights will enable the U.S. to detect and defend against potential cyber threats to the upcoming 2020 elections, he explained.
If malware is discovered on hunt forward operations, CYBERCOM can publicize malicious software through antivirus portals, imposing costs of time, money and access on the adversary.
Follow Defense Department news, at www.defense.gov/, https://www.facebook.com/DeptofDefense or https://twitter.com/DeptofDefense