WASHINGTON – Military cyberofficials are developing information warfare tactics that could be deployed against senior Russian officials and oligarchs if Moscow tries to interfere in the 2020 U.S. elections through hacking voting systems or sowing widespread discord, according to current and former U.S. officials.
One option being explored by U.S. Cyber Command would target senior leadership and Russian elites, though likely not President Vladimir Putin, which would be considered too provocative, said the sources, who spoke on the condition of anonymity because of the issue’s sensitivity. The idea would be to show that the target’s sensitive, personal data could be hit if the interference did not stop, though officials declined to be more specific.
“When the Russians put implants into an electric grid, it means they’re making a credible showing that they have the ability to hurt you if things escalate,” said Bobby Chesney, a law professor at the University of Texas at Austin. “What may be contemplated here is an individualized version of that, not unlike individually targeted economic sanctions. It’s sending credible signals to key decisionmakers that they are vulnerable if they take certain adversarial actions.”
Cyber Command and officials at the Pentagon declined to comment.
The military has long used psychological operations — dropping hundreds of thousands of leaflets in Iraq, for instance, to persuade Iraqi soldiers to surrender to the U.S.-led coalition during the Gulf War. But the internet, social media and smartphones have vastly extended the reach and precision of such tactics.
The development comes as numerous agencies within the Trump administration seek to ensure the United States is shielded against foreign efforts to disrupt the 2020 elections, even as President Donald Trump himself has cast doubt on or belittled his own intelligence community’s finding of Russian interference in 2016.
The intelligence community last month issued a classified update assessing that Russia’s main goal in the 2020 campaign continues to be to sow discord. “It’s always been about exacerbating fault lines in our society,” said one senior U.S. official.
In the past year, Congress and the Trump administration have eased restraints on the military’s use of cyberoperations to thwart foreign adversaries. The push is part of a move by military officials such as Gen. Paul Nakasone, who heads both CyberCom and the National Security Agency, the government’s powerful electronic surveillance arm, to weave cyberoffensive capabilities into military operations.
‘It’s a really big deal’
The 10-year-old command’s foray into influence operations reflects an evolution in thinking. “It’s a really big deal because we have not done a good job in the past of integrating traditional information warfare with cyberoperations,” Chesney said. “But as Russia has demonstrated, these two are increasingly inseparable in practice.”
While other military organizations, such as Joint Special Operations Command, also have cyber and information warfare capabilities, CyberCom is the first to turn such powers toward combating election interference.
“In 332 days, our nation is going to elect a president,” Nakasone told a defense forum this month. “We can’t let up. This is something we cannot be episodic about. The defense of our nation, the defense of our elections, is something that will be every single day for as long as I can see into the future.”
The options being considered build on an operation CyberCom undertook last fall in the run-up to the midterm elections. Beginning in October 2018, CyberCom used e-mails, pop-ups and texts to target Russian internet “trolls” who were seeding disinformation on U.S. social media platforms. The trolls worked for the Internet Research Agency, a private entity controlled by a Russian oligarch close to Putin. CyberCom also messaged hackers working for Russian military intelligence, indicating their identities were known and could be publicized. Although the command did not sign its messages, the Americans knew there would be no mistaking who had sent them, officials said at the time.
When the trolls persisted, CyberCom, beginning on Election Day and for at least two days afterward, knocked their servers offline. The Americans also sent messages aimed at spreading confusion and discord among IRA operatives, including computer system administrators. Some personnel were so perturbed that they launched an internal investigation to root out what they thought were insiders leaking personnel information, according to U.S. officials.
The new options contemplate targeting key leaders in the security services and the military and potentially some oligarchs. The messaging would be accompanied by a limited cyberoperation that demonstrates the Americans’ access to a particular system or account and the capability to inflict a cost, said individuals familiar with the matter. The message would implicitly warn the target that if the election interference did not cease, there would be consequences.
The options do not envision any attempt to influence Russian society at large, which officials saw as having limited success given Putin’s control of the country, including much of the media.
‘No appetite for it’
Some see the new options as potentially effective at altering a key official’s decisionmaking calculus without being hugely escalatory because they do not seek to foment a popular uprising, which is Putin’s big fear, analysts note.
Another possibility involves disinformation aimed at exploiting rivalries within the Russian government and power elites. In 2016, National Security Council aides in the Obama administration developed cyber options against Russia similar to those being contemplated by CyberCom now, but “no one had an appetite for it,” a former senior official said.
“There is a night-and-day difference between 2016 and this,” said a second former U.S. official, who said that CyberCom’s thinking several years ago was much more limited and conventional.
Any operation would be reviewed by other agencies, including the State Department and CIA, and require the defense secretary’s approval. It would be aligned with other potential U.S. efforts, such as sanctions or indictments, officials said.
Sending a ‘useful message’
Cyberoperations alone are usually not sufficient to transform an adversary’s behavior. “It can serve a useful message of ‘We’re watching and be careful not to go further,’ ” said Michael Carpenter, a former senior defense policy official in the Obama administration. But generally, he said, it is likely to be more effective when used with other tools such as sanctions.
Cyber Command got a boost in August 2018 when Congress clarified that cyber actions that fall below the use of force can be conducted as “traditional military activities,” distinct from covert action. That was a key change that meant that clandestine operations such as the IRA takedown last fall, for instance, would not get delayed by disputes about whether they were covert operations.
Also enhancing CyberCom’s flexibility was Trump’s signing the following month of a national security presidential memorandum that revised the process by which cyberoperations are vetted and approved, leaving the final decision with the defense secretary even if other agencies object.
No single office within the Defense Department oversees cyber, electronic warfare and psychological operations. So this month, Congress created a Senate-confirmed position of principal information operations adviser to coordinate strategy and policy in this area across the Pentagon and with other agencies.