Americans concerned about cybersecurity and foreign influence operations may have been tempted to collectively exhale a sigh of relief in the immediate aftermath of the recent presidential election. Years of investment in election security seemed to have paid off. Over a month after the 2020 election, there have been no confirmed cases of foreign entities penetrating America’s electoral infrastructure to change vote tallies. Before he was abruptly fired, Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs claimed his agency had no evidence that the election was tampered with by foreign adversaries.
Any hopeful feelings that the United States may have turned a corner in cybersecurity or that Russian intelligence officers were either deterred from targeting the United States or simply snoozing at their keyboards were dashed this week when the Trump administration acknowledged a massive cybersecurity breach that may have enabled Russian intelligence to steal enormous amounts of information from across key federal agencies and departments, including the State Department, the Department of Homeland Security, Treasury, Commerce, and parts of the Pentagon.
While the impact of the recent hack will not be known for some time, two things should be immediately deduced from recent events. The first is that election security is only one piece of a still lacking comprehensive national cybersecurity strategy. Second, history reminds us that foreign intelligence activity—in elections and beyond—remains an enduring national security threat that will never be completely put to rest.
Previous data breaches of this scale, such as the 2014 hack of the Office of Personnel Management in which Chinese intelligence exfiltrated sensitive and personal information about over 22 million federal employees and military personnel, were a wakeup call about the vulnerability of federal networks, but by 2017 election security enjoyed the lion’s share of government attention. This was understandable. During the 2016 presidential elections, and then again during the 2018 midterms, Russian hackers had probed the electoral infrastructure of all fifty states. By 2020 election officials and cybersecurity experts had good reason to worry. In the runup to election day U.S. officials warned that Russian hackers had, in fact, targeted American electoral infrastructure and had also stolen data for unknown purposes.
While the Russian foreign intelligence services caught both American technology companies and the public off guard in 2016 with their aggressive campaign of network probing and the information operations conducted by the Internet Research Agency, in 2018 the U.S. government was better prepared to respond. In the aftermath of the 2018 midterms, General Paul Nakasone, Director of the National Security Agency and Commander of U.S. Cyber Command, identified some key improvements, including “persistent engagement to contest adversary campaigns, the power of enabling partners, and the ability to impose costs.” That the U.S. intelligence community seemed blindsided by the recent Russian cyber operation suggests there is still much work to be done, but this is a race without a finish line.
Cybersecurity matters garner more media attention now than even a decade ago, partly because we are now more acutely aware of the threat. Cyber operations are routinely covered by non-specialist news outlets and the myriad investigations into 2016 electoral interference kept the topic center stage in recent years. It may therefore seem that the character of foreign intelligence operations in 2020 is more hoodie and mouse than cloak and dagger, but the drive to compete for national advantage via the hidden hand endures. If such activity seems here to stay, it is because it never left.
Foreign intelligence operations have been a feature of the American electoral landscape since the Cold War, although the advent of the world wide web and social media have turbocharged the tactics and velocity. So alarmed was the Soviet Union at the prospect of a Barry Goldwater administration that, in 1964, its intelligence services attempted to flood the American media landscape with disinformation claiming that Goldwater was a Ku Klux Klan sympathizer. Again in 1984 the Soviets covertly took out full page ads in the newspaper screaming “Reagan Means War!” to paint the incumbent Ronald Reagan as a warmonger and help the Democratic nominee, Walter Mondale.
The Soviets were disappointed in their Cold War electoral efforts, but in 2016 they moved beyond pure candidate preferences to add a goal of simply sowing chaos by identifying cultural cleavages in American society and then driving wedges into them from the comfort of their desks in St. Petersburg, Russia. They then sat back and watched Americans dance to their tune though public gatherings, protests and counterprotests, and by engaging with their fraudulent digital content millions of times. Although it is true that Russian content was dwarfed by domestic American content, they were surely pleased with the return on their limited investment. If the 2020 election was more secure than officials had feared, we now know that while candidates were holding fall events and many Americans were early voting, Russian intelligence operatives were exfiltrating untold amounts of American government information through their own “back doors.”
Terrorism, noted former CIA and NSA director Michael Hayden, is “not a problem to be solved, but a condition to be managed,” and so it is with foreign intelligence operations as well. We will always have some level of interference because influence operations are a form of covert action or “active measures,” a way for states in the international system to attempt to achieve their preferred military or foreign policy outcomes while keeping their hands hidden, or at least with “plausible deniability.” Leading intelligence scholars have rightly pointed out that the deniability of much covert action more often seems to be characterized by “implausible deniability” but the cyber domain complicates this somewhat due to the so-called “attribution problem” in which conclusively blaming the actor responsible is a complex challenge.
America has not seen the last of foreign meddling because countries that have the capability to collect foreign intelligence and conduct covert action will do so when it serves their strategic purposes. In fact, as the recent Iranian effort to intimidate Floridian would-be Democratic voters by masquerading as the pseudo-militia group the Proud Boys has shown, we can expect more interference by a greater diversity of actors in the future. And crucially, despite the fact that electoral interference, in particular, gets the most media coverage, elections aren’t the only times that adversaries are attempting covert influence in America. How readily Americans engaged with foreign disinformation, and even added their own to the mix, reveals just how potent this avenue of attack on our social fabric remains, and no hostile power would readily give up such an advantage. Given their durable allure as deniable policy options, influence and cyber operations will never entirely be deterred, but the U.S. can both raise the costs on its adversaries as well as harden its civil society through resilience improvement.
Although cyber-attacks and foreign influence operations will remain a tempting asymmetric avenue of international competition, there are numerous policy, regulatory, and civic actions that can and should be taken to harden both our critical infrastructure and our societal resilience to information operations. For instance, Congress has legislation it can pass, state election authorities can still improve, and all Americans need to urgently improve their digital literacy and knowledge of basic civics. The government and the governed both have vital roles to play.
Social media companies have come a long way from willful denial of their platforms’ utility to hostile intelligence services to doing a better job identifying fraudulent activity. The U.S. government has made admirable efforts at debunking fake news head-on, working across its traditional stovepipes, such as the partnership between NSA, FBI and CISA, and sharing intelligence with the private sector. Further, there are a bevy of think tank initiatives and academic research efforts focused on combatting malign foreign interference. These are promising foundations, but, like terrorism, there will always be measures we must keep in place, and we must update our defenses in response to adversary innovation. As the recent Russian hack has shown, after the 2020 election it might have seemed that the danger had passed, but that was only a mile marker on a much longer journey.
David V. Gioe is a History Fellow for the Army Cyber Institute at West Point where he also serves as Associate Professor of History. He is a Visiting Senior Research Fellow in the Department of War Studies at King’s College London and Director of Studies for the Cambridge Security Initiative’s International Security and Intelligence program. This analysis is the view of the author and does not represent any official position of the Department of Defense or the United States Government.