U.S. military cyber operators scoping out cyber threat actors on overseas networks have proven helpful in protecting U.S. election systems ahead of the 2020 presidential election this week, a senior cyber security official with the Department of Homeland Security said on Tuesday.
U.S. Cyber Command has been “very helpful” to the Cybersecurity and Infrastructure Security Agency (CISA) and state and local partners leading up to the Nov. 3 elections, the senior CISA official told media during one of a number of background calls to help maintain transparency into any election security issues that might have arisen throughout the day.
Cyber Command’s “hunt forward” teams operating on networks in Europe have come across Russian advanced persistent threat (APT) actors, observing them in “the wild,” what they’re targeting and the tools they are using, the official said. These teams obtain malware samples being used by the APT actors that can then be shared with state and local elections officials and their vendors so that they can better protect their systems, the official said.
Army Gen. Paul Nakasone, commander of U.S. Cyber Command, reinforced that notion in a tweet on Tuesday.
“We know our adversaries better than they know themselves,” Nakasone posted on Twitter. “We stand ready with our partners to generate insights, enable defenses, and when authorized, impose costs on foreign adversaries.”
On Tuesday morning, Acting DHS Secretary Chad Wolf and CISA Director Chris Krebs hosted a virtual press conference from the agency’s election operations center to discuss election day operations.
DHS, CISA, Cyber Command, the FBI, other federal agencies, and state and local election authorities have been working since the 2016 election to ensure the integrity and confidence in the latest presidential election. In 2016, the U.S. intelligence community found that Russia attempted to influence the outcome of the presidential race in favor of now President Trump at the expense of his Democratic opponent, Hilary Clinton.
The intelligence community concluded that Russia did not alter any vote outcomes using cyber means. As of Tuesday, a similar assessment was holding.
“We believe it is absolutely critical that our democratic process is free of foreign undue influence here at home or from abroad,” Wolf said on Tuesday during the press conference. “That said, we recognize we face a multitude of foreign interference threats against our election infrastructure. For example, we know that our foreign adversaries, including China, Iran and Russia, would like nothing more than to manipulate our democratic process for their own benefit. But let me be clear, our election infrastructure is resilient and we have no indications that a foreign actor has succeeded in compromising or affecting the actual votes cast in this election.”
Later in the day, senior CISA officials briefing the media said essentially the same thing.
Krebs, who typically wears colorful and unusual socks to many of his public speaking engagements, late Tuesday morning tweeted a photo of one stocking shin featuring #PROTECT2020, which has been CISA’s “call to action” this year to protect to enhance the integrity and resiliency of the nation’s election infrastructure. Krebs’ tweet, and his retweet early in the afternoon of a photo put out by U.S. Election Assistance Commissioner Ben Hovland showing off a sock stamped with “I Voted” logos, appeared to be an expression of confidence in how the election was unfolding so far in terms being secure and resilient.
CISA is the lead federal agency responsible for election security, working with other federal partners, and state and local officials who ultimately are responsible for their respective election systems.
Krebs, at the event with Wolf earlier in the morning, said, “I do have confidence that the vote is secure, the count is secure and the results will be secure.”
At a mid-afternoon media backgrounder, senior CISA officials maintained their assessment that so far there had been only minor technical glitches across the country and those had been rectified quickly, demonstrating the resiliency of election systems. The officials also said that there has been less observed activity by foreign adversaries targeting the elections than in the congressional mid-terms in 2018.
One official said this could be due to enhanced resilience and the activities of U.S. government and state and local partners that may be deterring these adversaries. The official also credited actions by social media companies and the conversation carried by the traditional media to make it harder for foreign adversaries to successfully carry out disinformation campaigns.
The official warned that the most likely attempts at post-election disinformation will be to undermine confidence in the process, such as messaging that a system has been hacked when it actually wasn’t.
However, the official pointed out that “we’re not out of the woods yet,” noting that votes still need to be cast and that after the polls close, votes still need to be counted, certified, and audited, leaving time for various forms of disruption and disinformation campaigns. Disruptions could occur by defacing websites or distributed denial of service attacks, but, the official said, these won’t impact actual results and that Americans should remain calm.
CISA continues to “aggressively” look for any activities that might interfere with the election, the official said.