WASHINGTON — The U.S. government is mounting a major effort to prevent a repeat of 2016 – when federal agencies were slow to address Russia’s attempts to manipulate the presidential election – and is taking a range of actions despite the disinterest of President Trump, who questions reports that the Kremlin is intent on undermining American democracy.
Top security agencies are coordinating actions to thwart foreign hackers, prevent Russia-linked individuals from entering the United States and freeze assets subject to U.S. jurisdiction. They are passing along intelligence to social media firms, and helping state and local election officials shore up their defenses.
For months American military cyber operators, aided by intelligence from the National Security Agency (NSA), have been targeting Russian spies to disrupt their plans by repeatedly knocking them off the Internet, confusing their planners and depriving them of their hacking tools. The goal is to prevent them from attacking American voting systems, according to security officials, speaking on the condition of anonymity because of the matter’s sensitivity.
The State Department this year revoked the visas of two Ukrainians deemed to be engaged in activities designed to influence the election and advance Russia’s interests. The Treasury Department imposed sanctions last month on four Russia-linked individuals – including one of the Ukrainians who was labeled an “active Russian agent” – to prevent them from interfering in the electoral process, the first time that the U.S. government has taken such an action before an election.
A vital missing ingredient, however, has been messaging from the top, such as a declaration from the president that the United States will not tolerate efforts, particularly from the Kremlin, to interfere in the election. And disinformation experts say Trump has reinforced Russian President Vladimir Putin’s attempts to stoke American social divisions with Trump’s inflammatory and unfounded remarks about racial and cultural issues, the novel coronavirus and the security of voting by mail.
“We get better at exposing Russia’s activity, and when the president denies it or calls it into question, that gives Putin the space and opportunity he doesn’t deserve,” H.R. McMaster, Trump’s former national security adviser, said in an interview. He wrote about Putin’s “playbook” in his new book, “Battlegrounds.”
But officials say that even if Trump is not publicly voicing support for agencies’ efforts, he is not impeding them, and that the NSA, the FBI and the Department of Homeland Security (DHS) have made securing the election a top priority.
One result is an increasingly effective working relationship between federal officials and Silicon Valley, whose biggest companies had distanced themselves from the U.S. government after the 2013 revelations by former NSA contractor Edward Snowden about the extent of government surveillance relying on their networks.
That tension, the government’s failure to anticipate the Russians’ operations and the Obama administration’s reluctance to publicly call out Moscow until late in the campaign, hobbled the response in 2016. The government and social media companies were focused on traditional cyberattacks as opposed to more subtle influence operations, such as fake social media accounts that worked to discourage African Americans likely to support Democrat Hillary Clinton from casting ballots on Election Day.
But this election year the FBI, using NSA intelligence, has tipped Facebook, Twitter and other tech companies to networks of fake accounts created by Russian operatives, which have cut short the attempts of these actors to polarize voters and undermine support for Democratic nominee Joe Biden.
With this improved relationship and other initiatives, the government is “light-years” ahead of where it was in 2016 – and even the midterms, said David Imbordino, the NSA’s Election Security lead, who did not discuss operations in an interview with The Washington Post.
– – –
In 2016, some state election officials were wary of allowing the federal government to help them safeguard their systems. Today, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has relationships with officials in all 50 states and the District of Columbia and has installed malware-tracking sensors on every state election network to spot potential intrusions. In some states, such as Florida, it has those sensors in every county.
The hardening of these networks has diminished the prospect of a successful foreign interference effort this year, elections officials say.
“We feel very confident in where we are and how far we’ve come” in securing election systems, said Carol Rudd, the elections supervisor of Washington County, one of two Florida counties to have its systems hacked by Russian military spies in 2016. She has seen no such attempts this year.
The election is still threatened by domestic efforts to cast doubt on its integrity, and by Russian efforts to amplify those messages, experts say. The U.S. intelligence community’s head of counterintelligence, William Evanina, this month said Russia, China and Iran have sought to “amplify divisive messages put forth by Americans, to include the president.”
Democratic lawmakers are upset at the administration’s decision to withhold in-person briefings on foreign election threats to Congress, and some former officials, including Trump’s former homeland security adviser Tom Bossert, fear that the president and senior officials may not level with the public if foreign influence is detected.
Moves to strengthen the nation’s defenses against foreign interference began in the closing days of the Obama administration, which declared election systems to be “critical infrastructure.” This allowed the government to prioritize election security efforts and facilitate assistance to state and local election offices.
The Trump administration, despite the president publicly challenging findings about Russian interference, has continued this effort.
In March 2018, the DHS helped launch the Elections Infrastructure Information Sharing and Analysis Center, which serves more than 8,800 election jurisdictions by providing cyberthreat alerts and running CISA’s remote security monitoring. Also that year Trump signed an executive order permitting the imposition of sanctions in the event of foreign interference and he also signed a national security memo that streamlined approval for offensive cyber operations.
U.S. Cyber Command ran a campaign to keep Russian trolls off the Internet for several days around the midterm elections in 2018. And today, CyberCom and the NSA are undertaking broader and more sophisticated actions, including against the Russian military spy agency, the GRU, and a botnet run by Russian-speaking criminals, U.S. officials said.
“Our goal is to make it as difficult as possible for an adversary to execute an operation that may interfere with some type of U.S. election system or may influence a U.S. citizen or entity,” said Brig. Gen. Joe Hartman, Cyber Command election security lead, in an interview, without discussing operations. Hackers need malware, network access and servers, he said. “The ability to take those things away from an adversary prevents them from achieving their tactical or strategic objective.”
CyberCom is also helping foreign allies find malware used by Russian and Chinese hackers, then disclosing it. In August, the NSA and the FBI revealed Russian malware used by the GRU. The same month, the State Department’s Global Engagement Center issued a report exposing websites and organizations as Russian sites spreading disinformation.
NSA intelligence led to last month’s takedown by Facebook and Twitter of a Russian operation called Peace Data, which recruited U.S. journalists to write articles intended to undermine support for Biden and his running mate, Sen. Kamala Harris, D-Calif. In October, an FBI investigation led to the neutralizing of another Russian operation, this one targeting conservative voters, on three mainstream platforms.
In each case the accounts and pages were removed before they could accrue large followings and spread content virally, an improvement over 2016, officials said.
The FBI, the CISA and the Office of the Director of National Intelligence have also briefed candidates, parties and the congressional intelligence committees on foreign threats to the election and their systems. The last briefings for the campaigns are expected this week.
CISA and the FBI will have round-the-clock command posts on Election Day to monitor threats and share information across the government. CISA will share data with state and local election officials and social media firms, and it has launched a rumor control site to debunk disinformation about voting security.
The Justice Department last month charged an employee of a Russian troll factory known as the Internet Research Agency with fraud conspiracy related to alleged ongoing election influence.
The National Security Council has a designated official coordinating the agencies’ efforts: Brian Cavanaugh, who reports to national security adviser Robert O’Brien. Under O’Brien, the NSC has held more than 70 election security meetings since September 2019, several of them at the Cabinet secretary level, officials said.
The Treasury’s sanctions have enabled social media firms to take more aggressive action against foreign influence. Shortly after Ukrainian lawmaker Andrii Derkach was added to a sanctions list last month, Google removed 14 accounts linked to him, including a Gmail account and a YouTube channel, which he used to spread disinformation involving Ukraine and the 2016 U.S. presidential election. Google removed the accounts as violations of its terms of service that require customers to obey U.S. law, a company spokeswoman said.
By this point in the election in 2016, the Russians had hacked and released tens of thousands of emails from the Democratic Party and Clinton’s campaign chairman. This year to date, there has been nothing similar.
“On the interference side, when you compare to 2016, the level of activity is dramatically different,” said CISA Director Christopher Krebs, during a Hayden Center webinar on election security this month. “At this point we’re not seeing the same level of high-stakes coordinated campaign targeting [election and voting] infrastructure.”
Noting the strides taken by the federal, state and local governments and social media companies, CyberCom’s Hartman urged Americans to refrain from “giving a foreign adversary more credit than they’re actually due.” In the end, he said, “the U.S. population should be confident that the government’s working together.”
– – –
The Washington Post’s Elizabeth Dwoskin contributed to this report.
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.