US Cyber Forces Go Hunting for Election Trouble
August 26, 2020
U.S. forces are taking an aggressive approach in cyberspace ahead of
November’s presidential election, aiming to wipe out threats from
foreign countries and other actors before they have a chance to disrupt
voting or other critical, election-related systems.
“Cyber Command needs to do more than prepare for a crisis in the future;
it must compete with adversaries today,” Gen. Paul Nakasone, head of
U.S. Central Command, and senior adviser Michael Sulmeyer said in a
piece published Tuesday in Foreign Affairs magazine.
The strategy, described by top officials at U.S. Cyber Command as “hunt
forward,” reflects the military’s increased desire to move away from
what they describe as a “reactive and defensive posture,” and confront
evolving threats head-on.
“U.S. forces must compete with adversaries on a recurring basis, making
it far more difficult for them to advance their goals over time,” the
officials wrote, outlining the strategy for the public with the
presidential election now less than three months away. “Additionally,
cyber effects operations allow Cyber Command to disrupt and degrade the
capabilities our adversaries use to conduct attacks.”
Nakasone and Sulmeyer say the more proactive approach to protecting the
upcoming U.S. election began, in part, in October 2019, after a team
from Cyber Command traveled to Podgorica, Montenegro, to investigate
attempts, possibly by Russia, to infiltrate that country’s networks.
In the process, the Cyber Command team “saw an opportunity to improve
American cyber defenses ahead of the 2020 election,” they said in the
Nakasone and Sulmeyer also say they are building on efforts from 2018,
when Cyber Command joined with the National Security Agency to form the
Russia Small Group (RSG) to help protect the congressional mid-term
elections, shoring up vulnerabilities within the U.S. election
infrastructure, sounding alarms about Russian disinformation campaigns,
and hunting for malware.
“Thanks to these and other efforts, the United States disrupted a
concerted effort to undermine the midterm elections,” they wrote.
“Together with its partners, Cyber Command is doing all of this and more
for the 2020 elections.”
Critics point out that the more aggressive approach to cyber defense
carries risks. Namely, they worry that whether due to a miscalculation
or an accident, a confrontation in cyberspace could escalate and lead to
But U.S. Cyber Command officials argue the risk is manageable and that
the “hunt forward” strategy allows them to impose necessary costs on
adversaries like Russia, China, Iran and North Korea.
“Inaction poses its own risks: that Chinese espionage, Russian
intimidation, Iranian coercion, North Korean burglary, and terrorist
propaganda will continue unabated,” Nakasone and Sulmeyer wrote in the
magazine. “So, the question is how, not whether, to act.”
Determining whether Cyber Command’s “hunt forward” approach is paying
off may be difficult.
U.S. officials charged with protecting key voting-related systems said
at least so far, there are no signs of any country-directed attacks on
the United States.
“We are not and have not seen specific targeting of those election
systems that has been attributable to nation-state actors at this time,”
Matthew Masterson, senior cybersecurity adviser for the Cybersecurity
and Infrastructure Security Agency (CISA), told the Atlantic Council on
“(We) aren’t seeing a broad campaign in that way,” he said, adding,
“We’re cognizant that’s in the playbook.”
Evidence of meddling
Earlier this month, U.S. counterintelligence officials warned they have
evidence that Russia, China and Iran are trying to meddle with the
“We assess that Russia is using a range of measures to primarily
denigrate former Vice President (Joe) Biden and what it sees as an
anti-Russia ‘establishment,’” National Counterintelligence and Security
Center Director William Evanina said in a statement.
“Some Kremlin-linked actors are also seeking to boost President (Donald)
Trump’s candidacy on social media and Russian television,” he added.
China and Iran, according to Evanina, appear to prefer a Biden
But for now, descriptions by counterintelligence officials portray such
efforts by Russia, as well as by China and Iran, more as disinformation
campaigns as opposed to attacks on computer systems and networks that
could play a key role in collecting and tabulating votes.
of the activity on that front, for the time being, appears to be coming
from criminal actors with no definitive ties to Russia, China or other
“We do see regular scanning, regular probing of election infrastructure
as a whole, what you’d expect to see as you run IT systems,” said CISA’s
Masterson, citing the use of ransomware as a top concern.
“What we see is an ability to shut down county (local government)
networks as a whole, which obviously has an impact on the election
office to operate,” he said.
Still, U.S. election security officials are optimistic that measures put
in place since 2016 will be enough to ward off any attacks.
"I've said it before, and I'll say it again: The 2020 election will be
the most secure election in modern history," CISA Director Chris Krebs
told reporters last month.