Lawmakers probe why the U.S. needs a strategy, authorities and systems to deter and defend against cyber-enabled information operations directed as the U.S.
Russia's information warfare during the 2016 election is the new normal, said witnesses at a Senate hearing, and they argued that the U.S. needs to develop the strategy, authorities and systems to combat cyber-enabled information operations.
Members of the Senate Armed Services Committee's recently formed Cybersecurity Subcommittee agreed in its first public, unclassified hearing that the U.S. is effectively fighting information warfare with one cyber arm tied behind its back.
"Disinformation and 'fake news' pose a unique national security challenge for any society that values freedom of speech and a free press," said subcommittee chair Mike Rounds (R-S.D.).
Dr. Rand Waltzman, senior information scientist with the RAND Corporation, framed the problem as "cognitive hacking," where Russia and other actors use cyberspace to rapidly spread disinformation to a population "predisposed to accept because it appeals to existing fears or anxieties."
In response, he proposed a comprehensive "whole-of-government" strategy based on "cognitive security," which he said is a new field based around social influence and the exploitation of biases of large groups.
Waltzman said the U.S. needs a non-governmental "center of excellence in cognitive security" to drive research and development of policies and techniques of information operations.
Michael D. Lumpkin, former acting undersecretary of defense for policy testified that while communications technology has evolved significantly, "much of the U.S. government thinking on shaping and responding in the information environment has remained unchanged, to include how we manage U.S. government information dissemination and how we respond to the information of our adversaries."
Lumpkin argued that the U.S. needs to fully resource and elevate the authority of the State Department's Global Engagement Center to coordinate and synchronize government efforts to combat information operations.
Though, in his testimony he stated the solution also requires the U.S. bureaucracy to loosen the reins on messaging and information operations.
"To be successful we must learn to accept a higher level of risk and accept the fact that sometimes we are just going to get it wrong despite our best efforts," he said. "When we do get it wrong, we must learn, adapt, and iterate our messaging rapidly to be relevant and effective."
"America will only succeed in countering cyber influence by turning its current approaches upside down," said Clint Watts, senior fellow at the George Washington University's Center for Cyber and Homeland Security.
He said policymakers need to focus first on the human aspect rather than technology. That means addressing the fact that human actors assisted Russia's activities in cyberspace.
"We've excessively focused on bureaucracy and digital tech tools," Watts said. "But at the same time these social media monitoring tools have failed to counter al-Qaeda, they did not detect the rise of ISIS, nor did they detect the interference of Russia in our election last year."
The witnesses also stressed that the U.S. needs to better craft and proactively deliver its narrative rather than do damage control in the wake of fake news and disinformation.
"If we get on message," said former NSA deputy director John Ingilis, "and at the same time we educate our people...who live in that swirl of information, about the nature of information war and what their duties are to try to figure out whether they've actually got a grasp on a fact, the sum of those two things I think will make a difference."