Reading Cyber Command's message to Russia
According to a Washington Post report Tuesday (and confirmations in Russian media), the U.S. Cyber Command disrupted the internet access of Russia's Internet Research Agency on Election Day in 2018 — a clear attempt to send a message to the so-called "troll farm" to back off.
Why it matters: The gambit is a public example of the Department of Defense's new "defending forward" emphasis in cyber defense, which aims to increase activities in foreign networks to disrupt potential attacks.
The big question: Does sending signals this way work? Experts from intelligence, national security and academia seem to think it's at least worth a chance.
The big picture: The IRA hackers are Russia's most prominent purveyors of social media misinformation. But they work year-round, election years and not.
- Stifling the group on one day — even Election Day — would not be a crippling blow. That doesn't mean the move was meaningless.
- Michael Morell, former deputy director of the CIA and current host of the Intelligence Matters podcast, explained it like this via email: "The action was most likely designed to do two things: one, stop any activities that Moscow may have had for Election Day itself, and two, send a message that we can — and will — reach out and take such actions in the future."
- "And, yes," he continued, "such a 'statement' can be effective. If an adversary believes that they are not going to be able to do what they want to do, they may well not even try. It is an important part of deterrence."
- "Demonstrating that we are willing to make it more difficult for cyber adversaries and to throw up hurdles for them is worth doing,” said Lisa Monaco, former assistant to the president for homeland security and counterterrorism in the Obama administration.
Yes, but: There are multiple unknowns on both sides of the message.
- As of now, we're aware of two components of Cyber Command's signaling campaign: this Election Day move and an earlier effort to contact IRA operatives directly and ask them to knock it off — a not-so-subtle hint that we could identify who they were.
- But there very well might be more than just those two actions in play.
- "Will we look back 10 years from now and think November 2018 was when everything changed? Probably not," said Ben Buchanan, an assistant teaching professor at Georgetown whose book, "The Cybersecurity Dilemma," concerns how nations interpret cyber actions. "But it could be part of a larger effort that could have a bigger effect, for better or for worse."
- Buchanan doesn't think there's much chance that Russia would misinterpret this kind of signaling. But signaling campaigns can be tricky, he said. "There's no shared understanding of what cyber actions mean. They're more ambiguous than troop deployments."
What's next: With cyber activities, it's hard to gauge what will provoke a response and what kind of response that would be.
- But Michael Daniel, former White House cybersecurity coordinator and current CEO of the Cyber Threat Alliance, said via email we should anticipate some kind of response: "That’s why we need to be careful and judicious in the use of these capabilities, because the potential for escalation is high."