Voters at the Topeka Civic Theater in Kansas last year during the midterm elections. The United States Cyber Command took a Russian troll farm off line on Election Day to block any potential interference. Photo Credit: Barrett Emke for The New York Times
By Stan Sundel, Associate Editor for Terrorism and Counterterrorism
Earlier this year, the Washington Post reported that the United States military conducted a cyberattack against an infamous Russian “troll factory,” designed to thwart their nefarious cyber activities during the 2018 midterm elections.[i] U.S. Cyber Command took down internet access of the Internet Research Agency (IRA), the Kremlin-connected company most famous for spreading misinformation throughout the 2016 presidential race. The attack marks the U.S. military’s first attempt to flex its muscles in the digital domain, since being granted new authorities last year by President Trump and Congress to conduct offensive cyber operations against America’s adversaries.[ii]
The cyber gloves are starting to come off. And it’s about time.
For far too long, Moscow has been able to act with near impunity in cyberspace. Russia repeatedly tries to disrupt our democracy through digital disinformation campaigns – and the U.S. has stood idly by.
This recent U.S. strike against the IRA was likely a mere temporary setback for Russia’s sophisticated influence operations. More important is the signal it sends to U.S. adversaries: There will be a price to pay for interfering in our electoral process.
Some critics contend that the U.S. military didn’t go far enough. The Kremlin, they argue, orchestrated a highly aggressive campaign designed to swing a U.S. presidential election. Causing some temporary internet problems for one Russian troll farm is not exactly a proportional response.[iii]
This criticism has some merit. But ultimately, the U.S. must strike a delicate balance between sending signals designed to deter Moscow’s digital misconduct and sparking a risky cycle of escalation. As such, it is essential that our security posture be both tough and smart when dealing with an adversary as dangerous as Russia.
The strike against the IRA is an important first step in resetting our national cyber strategy. This operation deeply penetrated the IRA’s networks, making clear to Moscow the U.S. military’s capability to inflict far greater damage, such as compromising computers and leaking sensitive internal IRA documents.[iv]
Starting small, to send a signal, is shrewd strategy. The U.S now has an opportunity to see how Russia will react to this type of offensive cyber operation. If the Kremlin does not cease and desist its digital aggressions, the U.S. can increase pressure accordingly.
Unfortunately, President Trump has sometimes shown a reluctance to respond to Russia’s provocations. Trump has repeatedly questioned the unanimous assessment of the U.S. intelligence community, which concluded that Russia conducted an unprecedented influence campaign to interfere in the 2016 presidential election.[v] The Trump administration has sustained President Obama’s policy of enacting economic sanctions on selective Russian officials and organizations. Trump, however, has never explicitly expressed support for these sanctions, calling some of them “significantly flawed.”[vi]
The good news is that there is generally broad bipartisan support in Congress for cracking down on the Kremlin. For example, in 2017, the House and Senate voted overwhelmingly – 419 to 3 and 98-2, respectively – to authorize new economic sanctions on key Russian officials in retaliation for Moscow’s meddling in the prior presidential election.[vii] Indeed, the U.S.’s response to Russian election interference is one of the few issues where Republicans have been willing to stand up to President Trump.
The bad news is that Congress is somewhat limited in what it can do to force the Trump administration to act more aggressively against Russia in cyberspace. The FY2019 National Defense Authorization Act (NDAA) gives Trump the go ahead to instruct U.S. Cyber Command to “disrupt, defeat and deter” Russian cyberattacks.[viii] Yet the extent to which Trump will enforce this provision remains to be seen.
Fortunately, there is some accountability built into the NDAA. The law requires the Trump administration to send quarterly reports to Congress on actions taken against Russian cyber operations. If Trump declines to execute adequate digital operations against Moscow, Congress can publicly shame his administration for their passivity. There are few things more important to President Trump than projecting an image of strength. Trump’s fondness for autocrats and dictators is well documented.[ix] Alternatively, he has repeatedly castigated adversaries – from Michael Cohen to Chuck Schumer – as “weak.”[x] If the administration does not take sufficient cyber action against Russia, Congress can turn the tables on Trump and chastise him for his digital dovishness.
There is perhaps no more important national security priority than protecting the integrity of our electoral process. Only a strong deterrence strategy will stop Kremlin-backed actors from continuing to carry out cyber operations against the United States. By tangibly demonstrating that the U.S. has both the capability and credibility to hack back – and escalate the use of force as necessary – we can thwart our adversaries from undermining our democracy in the digital domain.
[i] Ellen Nakashima, “U.S. Cyber Command operation disrupted Internet access of Russian troll factory on day of 2018 midterms” Washington Post, February 27, 2019, https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html?utm_term=.3c4a6ff45413.
[ii] Christopher Bing, “White House pledges to step up cyber offense on hackers,” Reuters, September 20, 2018, https://www.reuters.com/article/us-usa-cyber/white-house-pledges-to-step-up-cyber-offense-on-hackers-idUSKCN1M031I.
[iii] Andy Greenberg, “US Hackers’ Strike on Russian Trolls Sends A Signal – But What Kind?” Wired, February 27, 2019, https://www.wired.com/story/cyber-command-ira-strike-sends-signal/.
[v] Karen Yourish and Troy Griggs, “8 U.S. Intelligence Groups Blame Russia for Meddling, but Ttrump Keeps Clouding the Picture,” New York Times, August 2, 2018, https://www.nytimes.com/interactive/2018/07/16/us/elections/russian-interference-statements-comments.html.
[vi] Ali Vitali, “Donald Trump Signs Russia Sanctions Bill for ‘Sake of National Unity,’” NBC News, August 2, 2017, https://www.nbcnews.com/politics/white-house/donald-trump-signs-russia-sanctions-bill-n788776.
[viii] “John S. McCain National Defense Authorization Act for Fiscal Year 2019: H.R. 5515 – 115th Congress (2018)” congress.gov, accessed March 23, 2019, https://www.congress.gov/115/bills/hr5515/BILLS-115hr5515enr.pdf.
[ix] Krishnadev Calamur, “Nine Notorious Dictators, Nine Shout-Outs From Donald Trump,” The Atlantic, March 4, 2018, https://www.theatlantic.com/international/archive/2018/03/trump-xi-jinping-dictators/554810/.
[x] Betsy Klein and Marshall Cohen, “Trump calls Cohen ‘very weak’ in wake of former lawyer’s new guilty plea,” CNN, November 29, 2018, https://www.cnn.com/2018/11/29/politics/donald-trump-michael-cohen-response/index.html; Rebecca Morin, “Trump accuses Schumer of being ‘weak and passive’ on Iran, Politico, January 31, 2019, https://www.politico.com/story/2019/01/31/trump-schumer-iran-deal-1138778.