The Senate Armed Services Committee (SASC( is pushing the Department of Defense to take on a greater role in ensuring election security ahead of the 2018 midterms, including building private sector partnerships and utilizing its Cyber Mission Forces to combat interference campaigns.
Witnesses at a Tuesday SASC Cybersecurity Subcommittee hearing echoed the Senate panel’s assessment that a lack of a national strategy against interference is alarming, and the DoD has a responsibility to lead a whole-of-government effort to prevent future election meddling.
“There is no dispute about what Russia did during the 2016 election cycle. There is clear evidence that Russia attempted to undermine our democratic process through the hacking of independent political entities, manipulation of social media and use of propaganda venues, such as Russia Today, said Sen. Mike Rounds (R-S.D.), the subcommittee chairman, during his opening remarks. “The Department of Defense has a critical role to play in challenging and influencing the mindset of our cyber adversaries and defending the homeland from attacks. Attacks that include cyber attacks by other nations against our election infrastructure.”
Intelligence community reports have previously confirmed Russian attempts at implementing disinformation campaigns to influence the 2016 U.S. presidential election, and the Department of Homeland Security has confirmed that at least 21 states faced hacking attempts of their voting infrastructure.
A report released Tuesday from Director of National Intelligence Dan Coats warned of impending Russian influence operations to meddle in the upcoming midterm elections.
“Influence operations, especially through cyber means, will remain a significant threat to US interests as they are low-cost, relatively low-risk, and deniable ways to retaliate against adversaries, to shape foreign perceptions, and to influence populations. We assess that the Russian intelligence services will continue their efforts to disseminate false information via Russian state-controlled media and covert online personas about US activities to encourage anti-US political views,” Coats writes in his report.
Rounds and Sen. Bill Nelson (D-Fla.), the ranking member on the subcommittee, called on DoD to lead a cyber defense strategy that addresses a lack of consequences on nation-state adversaries and focuses on new solutions such as improving information sharing with a joint interagency task force.
Robert Butler, co-founder of Cyber Strategies LLC and a witness at Tuesday’s hearing, sees an opportunity for DoD to bring in private sector partners to combat election interference with the creation of an integrated fusion center.
“We should coordinate with the Secretary of Defense to immediately stand a joint interagency task force,” said Butler, during his testimony. “This really is something where we need to work together in a public-private partnership.”
An integrated fusion center or task force, similar to the National Counterterrorism Center, would provide improved situation awareness of nation-state cyber threats by incorporating commercial and national security intelligence components, according to Butler.
Improving information security will be critical for DoD officials to address combating election infrastructure cyber threats, according to Dr. Richard Harknett, head of the University of Cincinnati political science department.
“We need a comprehensive, seamless, integrated strategy that pulls together greater resiliency, forward defense, and when necessary, countering and testing cyber activity to reverse current behavior,” Harknett said during his testimony. “Our security will rest on our ability to simultaneously anticipate how adversaries will exploit our vulnerabilities and how we can exploit theirs.”
Without a current national strategy for prevent cyber attacks, Ranking Member Nelson pressed urgency for DoD to figure out how to best utilize its Cyber Mission Forces to prevent future election threats.
“We have been quite disturbed, wondering if we are doing as much as we should as a government to protect ourselves,” said Nelson. “The department has cyber forces designed and trained to thwart attacks on our country through cyberspace, and that’s why we created the Cyber Command’s national mission teams. The Cyber Command knows who the Russian operators are. And then, we ought to use our cyber forces to disrupt this activity. We aren’t.”
Dr. John Sulmeyer, director of the Cyber Security Project, suggested Cyber Mission Forces work on conducting reconnaissance mission on foreign election-related threats and DoD officials improve on the readiness of cyber forces just as they would any other command.
DoD has a role in preventing election attacks from materializing, preempting imminent attacks and retaliating if necessary following an interference campaign, according to Sulmeyer.
“I would not want to bet on the cyber security of U.S. elections on a policy of deterrence if I didn’t have to. Sometimes, like the prospect of defending against a thousand nuclear-tipped missiles, deterrence is the least bad option. That’s not the case in cyber security. We have other options,” said Sulmeyer.
Nelson echoed Sulmeyer’s sentiment in finding better integration of DoD’s cyber and information warfare capabilities knowing that deterrence campaigns have not prevented Russia from planning attempts at election meddling.
“We ought to show Mr. Putin two can play in this campaign. We ought to consider information operations of our own to deter Mr. Putin, like exposing his wealth and that of his oligarchs,” Nelson said. “I would suggest that the department should ensure that its active and reserve component cyber units are prepared to assist the Department of Homeland Security and the governors to defend our election infrastructure.”