WASHINGTON — U.S. Cyber Command is using unclassified networks and publicly available communication platforms as it works to prevent foreign interference in the next presidential election, a CYBERCOM official has revealed.
“From a CYBERCOM standpoint, one of the big changes for us is we historically had been focused working inside [sensitive compartmented information facilities] SCIFs. One of the things we’ve done in support of 2020 is we have organizations now that live outside SCIFs,” Brig. Gen. William Hartman, the head of of U.S. Cyber Command’s Cyber National Mission Force, said during an Aug. 7 virtual panel hosted by DEFCON.
Hartman said forces are now working on unclassified networks, Slack channels and other platforms to communicate with the FBI, the Department of Homeland Security and private industry.
“We have really tried to adapt some of our behavior so we’re able to, in real time, collaborate with our partners across government on a little different timescale than a traditional military one because I know most of you are probably not up at 5:30 in the morning,” he said.
Election security has not always been en enduring mission at the Department of Defense. But following foreign interference in the 2016 election — which saw social media influence operations with limited probing of election systems, but no evidence of actual vote or voter registration manipulation — the department has adopted election security as a focus.
However, the DoD initially noted that it does not get involved in domestic issues unless specifically requested through legal mechanisms, which drew ire from some members of Congress.
“You said that it’s not Department of Defense responsibility,” the late Sen. John McCain said to DoD officials during a 2017 hearing. “Suppose if the Russians had been able to affect the outcome of the last election. Would that fall under the [responsibility] and authority to some degree of the Department of Defense if they’re able to destroy the fundamental of democracy by changing the outcomes of elections?”
“I am in fundamental disagreement with you about requirements of the Department of Defense to defend the fundamental of this nation, which is a free and fair election, which we all know the Russians tried to affect the outcome,” McCain added. “It’s the Department of Defense’s job to defend this nation; that’s why it’s called the Department of Defense.”
Since those events, the department determined that election security is an enduring mission, with Cyber Command’s chief, Gen. Paul Nakasone, saying in July that a safe 2020 election is his top priority.
Given the potential legal difficulties involved in operating domestically, the DoD was forced to think about how it can better serve the nation to defend it from pervasive cyberthreats emanating from abroad. As part of a new directive referred to as “defend forward,” the DoD directed Cyber Command to use its unique authorities of operating against adversaries outside U.S. networks to help thwart potential attacks before they reach U.S. networks.
Cyber Command achieves “defend forward” through an approach it calls “persistent engagement.” As part of this persistence, officials have said that success might not necessarily be solely acting, but rather enabling critical partners. In context of the election, this could include tipping off the FBI or DHS about a threat observed on networks outside the United States.
One way this is done is through so-called hunt-forward missions, which involves teams deploying to other nations to counter malign cyber activity inside foreign networks. DoD officials believe these missions are critical to defending the U.S. homeland, as they provide unique insights into the activities of adversaries, who may be planning similar operations against U.S. networks.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.