American Elections Remain Unprotected

Popkov Aleksandr/Shutterstock.com

Ahead of the 2018 midterms, the threat of Russia-linked cyber and disinformation campaigns still looms large.

Two weeks before the inauguration of President Donald Trump, the U.S. intelligence community released a declassified version of its report on Russia’s interference in the 2016 election. It detailed the activities of a network of hackers who infiltrated voting systems and stole documents from the Democratic National Committee and Hillary Clinton’s presidential campaign. It also issued a stark warning: “Moscow will apply lessons learned from its Putin-ordered campaign aimed at the U.S. presidential election to future influence efforts worldwide, including against U.S. allies and their election processes.” Since then, current and former officials, including former Pentagon official Michael Vickers and former CIA deputy director Michael Morell have said that the Russians will interfere in U.S. elections again, in potentially new and sophisticated ways.

How disinformation will be deployed in 2018 and beyond is unclear. What is clear, however, is that the Kremlin believes its efforts to sow chaos in the American political process, which it has continued to hone in Europe, have worked and are poised for a return.

So far, Washington’s response to all this has been muted. Facing a criminal probe into possible ties between his campaign and the Kremlin, Trump has tried to discredit the case that Russian election interference poses an ongoing national-security risk. Earlier this month, The Washington Post reported that the president has held no cabinet-level meetings on Russian interference. And while other parts of the U.S. government have taken a strong line against Moscow, continuing to support Kiev and codifying sanctions against Moscow for its intervention in Ukraine, the White House has explored ways to undo those sanctions. There is little to deter the Kremlin from deploying its arsenal of cyber and psychological warfare to wage another campaign in the United States, setting the stage for a protracted, ever-evolving conflict just as another election approaches.

Russian and American officials have discussed how to stabilize the situation. According to BuzzFeed News, Moscow has floated proposals to normalize relations and impose a mutual ban on foreign political interference. But the deals were shot down by U.S. officials, reportedly over Washington’s long-growing mistrust of Moscow. Following decades of failed rapprochement between the United States and Russia, relations between them hit a new low after Russia’s annexation of Crimea and outbreak of war in Ukraine in 2014. Things deteriorated further with Russia’s intervention in Syria and 2016 election meddling. “It’s highly unlikely that you’ll get a breakthrough in relations and even if you did, I wouldn’t assume that interference would stop,” Angela Stent, a former U.S. national intelligence officer on Russia and a professor at Georgetown University, told me. “Right now, the only real answer is better defenses.”

Devising those defenses is no simple task. Fact-checking measures adopted by major tech and social-media companies are unlikely to stop Russia from seeking out new vulnerabilities in Western democracies. Despite the fact that the United States possesses what experts call the most advanced cyber capabilities in the world, former senior officials have said that the country was ill-prepared for Russia’s election meddling. Political hesitancy from the White House, they say, will prevent the implementation of necessary measures. Michael Hayden, the former director of the CIA and the NSA, said in December that preparation for another attack would be impossible without “a coordinated response” across all levels of government, especially the White House.

Michael Sulmeyer, a former senior cyber policy official in the U.S. Defense Department, told me that the 2018 midterm election will present the Kremlin with an opportunity to assess how or whether the United States has stiffened its defenses. Russia “may not need to become more sophisticated” in order to intervene again, given the relatively simple techniques (like a phishing email) it has already used. Aggressive ad hoc attacks, from targeted hacks to diverse disinformation campaigns, formed the core of Russian intervention efforts. “They were able to push on so many different unlocked doors at the same time in order to achieve their goal,” Sulmeyer said.

Andrei Soldatov, a Russian journalist and expert on the Kremlin’s cybertools, told me that Russia’s emboldened leaders could expand their ambitions. “My biggest concern is that in the near future we’re going to get a combination of attacks,” Soldatov said, “say, an attack on critical infrastructure combined with a massive disinformation campaign, aimed to define the public's perception of the attack.”

While such an attack would mark a major escalation for Russia, it would not be unprecedented. Attacks on at least a dozen electric facilities in America—including one nuclear plant—have been traced back to a Russian-linked group. Russia is also thought to be behind an increasing number of cyberattacks against private corporations and government agencies in Ukraine. Similarly, Moscow waged a massive disinformation and propaganda campaign alongside its annexation of Crimea in 2014.

None of these attacks, however, constitute a definitive Russian disinformation playbook. Instead, they suggest an opportunist, ever-changing array of weapons. “This is a new generation of warfare that is continuous and ongoing,” Elina Lange-Ionatamishvili, a senior expert at the NATO Strategic Communications Centre of Excellence in Riga, told me. “The goal is to confuse, distract, and blur the lines between war and peace.”

In recent years, Kremlin-linked cyber and disinformation campaigns of varying ambition have hit several European countries. In Germany, Russian state news spread a fake story about the rape of an underage girl by migrants during the height of Europe’s refugee crisis in 2016 that led to dozens of protests across the country. Similarly, Russian-backed broadcasters targeted Germany’s Russian emigrant community allegedly to bolster support for the country’s right-wing Alternative for Germany party in its bid to enter parliament for the first time. In France, Russian-linked hackers were believed to have stolen and leaked emails from French President Emmanuel Macron’s campaign. Moscow also recently launched a French version of RT, the public broadcaster formerly known as Russia Today. Spanish investigators found that both private and state-led Russian-based groups disseminated information on social media to try to sway public opinion ahead of Catalonia’s independence referendum in October.

Many experts said that such campaigns are attempts to discern what sort of tactics can work in different countries. But they also said that none of the attacks have had the same impact as interference around the U.S. election. “Disinformation only really works if you have other problems,” Harvard’s Jed Willard, who has consulted the Finnish and Swedish governments on how to counter disinformation, told me. Through their Facebook groups, ads, and other targeted social-media posts centered around race relationsimmigration, and income equality, the Russian campaigns reflected an uncanny understanding of America’s deepest political and social fault lines, in an effort to feed the public’s already declining trust in government institutions and the media. Surveys have also shown that false election stories from hyper-partisan blogs and news sites outperformed real stories, and that most Americans tended to believe them. “The battlefield that we’re playing on here is the human mind,” Willard said, “and the human mind is not built to have an instinctive appreciation for truth.”

The Baltic countries were an early frontline in Russia’s new information war against the West. In 2007, Estonia suffered a series of debilitating cyberattacks that took down critical pieces of the government, banking, and media infrastructure in what is regarded as the Kremlin’s first major use of its 21st-century war capabilities. Similarly, neighboring Finland and Sweden have been hit with fake stories about the war in Ukraine, the abuse of ethnic Russians, and threats from the Kremlin over pursuing NATO membership. “We always need to be learning from each other,” Linas Linkevicius, Lithuania’s foreign minister, told me. “The shift comes from experience.”

In response, regional governments are developing defensive countermeasures. That includes temporary solutions like exposing propaganda and disinformation and raising awareness among the public and policymakers about their origins, along with longer-term initiatives, like investing in media-literacy education to help people distinguish fake stories from real ones. In October, Germany passed a law to combat the spread of hate speech and fake news on the internet. The following month, the European Union allocated one million euros toward its special anti-disinformation unit. “It seems that the Kremlin feeds on being demonized,” Maria Belovas, the director of communications for the Estonian foreign ministry, told me. That’s why, she said, investing in “a population that can recognize what a fake story is and [is able] to understand the wider context of why it is taking place” is a smart step.

But such countermeasures are unlikely to change the core geopolitical dynamics shaping the Kremlin’s behavior. “The problem is that in Europe we don’t have enough political will to respond effectively,” Jakub Janda, deputy director of the Prague-based think tank European Values. Janda, who has advised the Czech government on dealing with Russia, argued that without tougher and more targeted sanctions against Russian leadership, the Kremlin has “no reason to stop” interfering in Europe or elsewhere.  

Looking ahead to America’s 2018 midterm elections, state and federal lawmakers face a rapidly closing window to better secure their voting systems. U.S. intelligence officials found that Russian hackers targeted 21 states during the 2016 election, although they did not interfere with the voting machinery itself. While there is no central U.S. electronic database to hack and election systems vary from state to state, the vulnerabilities still exist: At a cybersecurity conference this summer, 30 voting machines of various types were hacked by attendees; those types of machines are in use across the United States.

Still, some progress has been made. Virginia phased out the more vulnerable paperless touchscreen voting machines prior to its gubernatorial race in November. Lawmakers are also scrambling to push a bipartisan bill through Congress that would improve and modernize the nation’s voting machines. But with polls set to open in Texas and Illinois in nearly three months for the country’s first 2018 primaries, time is running out.

“On the security side, there are some improvements that can happen without the [Trump] administration,” Sulmeyer, the former cyber official, said. “But without a greater counterweight or cost for Russia, none of this is going to stop.”

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.