How to defeat Iranian and Russian cyber operations against the US election

Director of National Intelligence John Ratcliffe’s confirmation of the October 21 revelation of an Iranian covert cyber operation against the 2020 presidential election was criticized by a number of commentators as partisan. The more important criticism, however, is it failed to tell Americans that there is a simple way to defeat what Russia and Iran are doing: vote early.

The October 21 briefing was driven by the report of a Department of Homeland Security (DHS) call to state and local election officials that a foreign power, later revealed as Iran, carried out a covert cyber operation in Florida and elsewhere. Registered Democrats received threatening emails that the Proud Boys militia group, which President Donald Trump said at the September 29 debate should “stand back and stand by,” had voters’ addresses and ordered them to switch parties and vote for Trump.

Two of Ratcliffe’s comments at the press briefing struck many commentators as confusing or unexpected. First, Ratcliffe said the Iranian operation targeted President Donald Trump, even though—on its face—the operation threatened Democratic voters unless they voted for Trump instead of Vice President Joe Biden.

A better sense came from Senate Majority Leader Charles Schumer (D-NY), after a classified briefing, that Iran’s action was intended “to undermine confidence in elections and not aimed at any particular figure.”

Second, Ratcliffe’s briefing also noted that Iran released “a video that implies that individuals could cast fraudulent ballots, even from overseas.” Ratcliffe did not mention that the Iranian video shows Trump making the disparaging comments about mail-in voting. It is good, if unexpected, that Ratcliffe went on the record to clarify that such claims are false.

Ratcliffe’s and FBI director Christopher Wray’s assurances were worthwhile, but very general. John Demers, the Assistant Attorney General in charge of the Department of Justice’s National Security Division, who had announced the indictment of Russian government hackers two days earlier, said nothing. Chris Krebs, the director of the DHS cybersecurity agency, whose briefing to state and local officials first alerted state and local officials to the threat, also said nothing.

The briefing lacked two important pieces of strategic context.

First, Russia is the greater foreign threat to the integrity of the 2020 election. This is the conclusion of most outside experts as well as the first DHS Homeland Threat Assessment.

Second, Iran has for years conducted extensive, increasingly sophisticated covert influence operations in the United States, but until now had not tried to interfere in a US election. Iran’s recent operation marks a shift. But in the broader context of US-Iran relations, it’s not a shift at all.

When it comes to the United States, Iran follows a peculiar sense of symmetry. When the United States does something to Iran, Iran tends to respond—not exactly the same way, but the symmetry is almost always there.

It was striking that on October 12 and 13, a week before Iranian emails started arriving in Florida Democrats’ email inboxes on October 19, Iran was hit by two large cyberattacks. One struck Iran’s ports, according to the Iranian Ports and Maritime Organization. The Iranians did not specify the other target, which implies a military or security agency such as the Islamic Revolutionary Guards Corps or the Ministry of Intelligence and Security. Several Iranian government bodies shut down their internet services for a time. A spokesperson for the Iranian Information Technology Organization told Iranian television on October 15 that the attack was “important and on a large scale.”

It does not matter who carried out the operation last week—Iran regards the United States, Israel, and Saudi Arabia as united in hostility against the Islamic Republic. Iran assumes US complicity in any cyberattack against it.

Iran’s operation to email Democratic voters must have taken several days or weeks to prepare. US officials said the Iranian operation was not very sophisticated. I can easily imagine some Iranian official after the October 12-13 attack on Iran calling up one of his contractors and saying “We’ve been hacked. What do you have on the shelf that we can use to hit the Americans back?” As Ratcliffe said, the voter information used by Iran is publicly available over the internet. Finding it takes a Google search, a credit card, and a way around US sanctions, which Iranian security services know how to find. Stealing logos and video clips is free.

This Iranian operation probably does not signal a major shift in Iran’s policy. It more likely signals that if the United States or its allies continue to try to sow chaos through cyber operations in Iran, Iran can sow chaos in the United States.

The missing strategic context is that the United States is currently in a non-kinetic war with both Russia and Iran in which US voters are the target. We don’t know what Russia is going to do with its copies of US voter lists. Iran’s latest cyber operation is not all that Iran is capable of doing. Iran has the potential to surprise us in cyberspace. And Russia can certainly do worse.

Together, this makes a compelling strategic argument that the way to defeat both Russian and Iranian ambitions is for Americans to vote early. Someone who has already voted cannot be intimidated, and early voting is even more effective than calling the local FBI field office, which is still a good response for anyone who receives an email or phone call with an election-related threat. Early voting also reduces the effect of any Russian or Iranian election day surprise.

Instead of offering general reassurances, the directors of national intelligence, the FBI, and cybersecurity should tell all Americans they have it in their power to hand Russia and Iran a strategic defeat. Vote early.

Thomas S. Warrick is a nonresident senior fellow in Middle Eastern Programs and director of the Future of DHS Project at the Atlantic Council. Follow him on Twitter: @TomWarrickAC.

Further reading:

How to defeat Iranian and Russian cyber operations against the US election

Elections 2020 Sep 29, 2020

Making sense of foreign interference claims on the eve of the 2020 US election

By Digital Forensic Research Lab

The DFRLab launches an interactive, open-source database that captures allegations of foreign interference relevant to the 2020 election. It assesses the credibility, objectivity, evidence, transparency, and impact of each claim.
Disinformation Elections
How to defeat Iranian and Russian cyber operations against the US election

Elections 2020 Sep 24, 2020

Five big questions as America votes: Cybersecurity

By Cyber Statecraft Initiative

With the next US presidential election looming, the next administration will face no shortage of substantive cyber policy issues. US adversaries such as China and Russia continue to undermine and fracture the free and open internet, while the technology ecosystem has been altered by the rapid adoption of cloud computing, placing immense power and responsibility in the hands of few technology giants, such as Amazon and Microsoft.

Cybersecurity Elections
How to defeat Iranian and Russian cyber operations against the US election

Elections 2020 Sep 22, 2020

Five big questions as America votes: Disinformation

By DFRLab

Whether the mis- or disinformation is foreign or domestic in origin, an information environment rife with confusing, polarizing, and often false narratives can only serve to further divide an already tense nation.
China Disinformation
Cybersecurity Disinformation Elections Iran Russia United States and Canada

Image: An election worker places mail-in ballots into a voting box at a drive-through drop off location at the Registrar of Voters for San Diego County in San Diego, California, U.S., October 19, 2020. REUTERS/Mike Blake/File Photo