February 6, 2018
A Plan to Thwart Russian Meddling
By Rachel Ansley
“We have a model that we should be thinking about when countering disinformation, and that’s CVE: Countering Violent Extremism,” said Hurd, adding: “The Department of Homeland Security is the entity designed to do that.”
Speaking at the Atlantic Council on February 6, Hurd, noting that “disinformation is part of covert action,” added, it “requires the creation of a counter-influence operation against Russia.” While covert operations fall to the US intelligence community, specifically the Central Intelligence Agency (CIA), the National Security Act of 1947 mandates that the CIA may not perform such operations within the United States.
Considering the nature of the threat posed by disinformation, Hurd, a former CIA agent, claimed that DHS is the next best candidate in light of the department’s ongoing work to counter the spread of radical extremism. “Countering an Islamic extremism message is very similar to countering a disinformation campaign,” he said.
The US intelligence community concluded that Russia interfered in the 2016 presidential elections that were won by US President Donald J. Trump. CIA Director Mike Pompeo told the BBC in a recent interview that he expects Russia will meddle in the midterm elections as well.
As Moscow is unable to compete against the United States and other Western powers in conventional arenas, Russia relies on asymmetrical warfare, such as disinformation, said Hurd. The threat of Russian interference in elections is real, but there is not yet a cohesive strategy to defend against it. With US congressional elections looming later in 2018, “this is a problem we need to be prepared for,” Hurd cautioned.
Until Washington is able to acknowledge the threat posed to US democracy, let alone counter it, “the Russians are winning here,” he said.
According to Hurd, an effective strategy to fight disinformation requires government cooperation with the private sector. For example, social media companies—namely Facebook and Twitter—have played an important role in the investigation into the methods and scope of Russian interference in the 2016 election. Hurd also called for increased US cooperation with allies, namely Ukraine, a country he described as “ground zero on this fight.”
“The center of gravity of this geopolitical struggle is Ukraine,” said Hurd.
Hurd said he would vote for the Ukrainian Cybersecurity Cooperation Act, expected to be presented in the US House of Representatives on February 6. For better or for worse “what happens in Ukraine is going to happen in the rest of Europe,” he said.
Following Hurd’s keynote, Dmytro Shymkiv, Ukraine’s deputy head of presidential administration, spoke about the new legislation which will require both US and Ukrainian officials to deepen their mutual cooperation in arenas ranging from government to education. According to Shymkiv, this cooperation is essential because understanding Ukraine’s experiences with Russian cyber operations may inform US strategy and defenses against the same threat.
Russia is “using Ukraine as a playground,” said Shymkiv, but “the target is Western civilization.”
Strong political statements are a step in the right direction, he said, but it is important to look at “examples of places where attacks in Ukraine were scaled and used elsewhere.” In 2015, energy plants in Ukraine were the target of a cyberattack that caused a widespread blackout. While rapid responses by plant employees mitigated the attack’s impact, it was later discovered that the malware had been in place over six months, collecting data from the plants. US power companies experienced a similar attack in 2017.
“The world is not cooperating well on cybersecurity,” said Shymkiv, adding: “There needs to be much stronger cooperation between states and players.” Though industry will play an important role, “we also need to remember that the final responsibility for the citizens is the government,” he said.
Echoing Hurd, Shymkiv said: “Government and industries need to find ways to regulate this area so that disasters can be mitigated and the enemy trying to destroy our world can be stopped.”
The keynote remarks, which opened a conference hosted by the Atlantic Council’s Eurasia Center on Russian Cyber Operations in Ukraine and Beyond, were followed by a panel which took a more technical look at Ukraine’s experiences with Russian cyber warfare.
Cyberattacks in Ukraine have been classified as “a massive coordinated cyber invasion,” said Oleh Derevianko, chairman of the board at Information Systems Security Partners.
Derevianko joined Laura Galante, senior fellow in the Atlantic Council’s Cyber Statecraft Initiative; Nikolay Koval, chief executive officer at CyS Centrum, LLC; and Oleksandr Potii, deputy chief designer at the JSC Institute of Information Technology. Alina Polyakova, the David M. Rubenstein fellow for foreign policy at the Brookings Institution, moderated the conversation.
In order to deepen cooperation between Ukraine and the United States, Galante called for greater information sharing between the two allies. She emphasized the need for not only technical information regarding how the attack was conducted, but a deeper level of analysis which could reveal motivation and contribute to attribution. For example, analysis of an early attack by Russian actors revealed the language settings of a particular malware were in Russian and timestamps throughout the attack showed periods of activity between 9 a.m. and 5 p.m. in Russia. “This is intelligence analysis,” she said.
“We have to dig under why these influence tools are being used to understand how to counter them,” said Galante.
However, according to Hurd, “it’s very clear: the Russians were trying to manipulate our elections… to erode trust in our democratic institutions.”
An offensive cyber strategy, said Galante, an idea which has been floated in policy circles, would overlook this motivation component.
In Ukraine, “the threat is systematic,” said Potii. He outlined steps the Ukrainian government has taken to bolster its resilience to such attacks, with a significant focus on education. As a result of this renewed focus on cyber defense, two attacks were thwarted in the latter half of 2017. However, said Koval, attackers are a step ahead.”
Derevianko said Ukrainian professionals are not yet equipped to fend off another Russian cyberattack. He emphasized the importance of engagement with the private sector because “there’s no way at the moment to keep the best talent within the government, whatever government you take in whatever country.”
Ultimately, “provided there is enough cooperation, including cooperation with the United States… Ukraine can develop its cyber offensive capabilities very quickly,” said Derevianko.
Rachel Ansley is assistant director of editorial content at the Atlantic Council.