The latest Senate report on Russian interference in the 2016 election, released Feb. 6, contained several broad recommendations for how the government can improve effectiveness in securing American elections.
While the Senate Select Committee on Intelligence’s third volume lists seven recommendations for correcting shortfalls made by the Obama administration in responding to Russian election interference, the federal government has already made progress in several of the recommended areas since the committee started its report.
The committee recommends that the executive branch “bolster” partnerships with countries considered “near abroad” to Russia. The bipartisan report states that Russia has been using these countries as a “laboratory” for perfecting information and cyber warfare. For example, in the military conflict between Ukraine and Russian, Russian-backed hackers have targeted the government and shut down the country’s power grid.
Expanding partnerships with such countries will “help to prepare defenses for the eventual expansion of interference techniques targeting the West," the report read.
U.S. Cyber Command has taken similar measures in recent years, partnering with the Montenegrin government for the last two years to search for malicious actors in networks in the lead up to both nations elections in 2020. The U.S. Secret Service also engages with foreign states on cybersecurity issues, like in 2017 when it trained local officials in Estonia.
Having U.S. cyber personnel near the Russian cyber hot spots will help the United States learn more about Russian behavior. Tom Kellermann, a former commissioner on the Commission on Cyber Security for the 44th President of the United States, said that partnerships will help the United States determine the “root cause” of Russian intrusions.
“How did they get in in the first place and how did they stay in? How did they maintain persistence?" said Kellermann, now head of cybersecurity strategy at VMware. “These are the critical lessons we should learn from assisting our allies in order to protect our democracy."
The committee also recommended that the United States “lead the way” on establishing international cyber norms, writing that “U.S. leadership is needed to balance any formalized international agreement on acceptable uses of cyber capabilities.”
This is another area where the U.S. government has already made progress. At the United Nations, the United States has worked to establish international cyber norms and proposed creating a group to study how to enforce cyber norms, all while butting heads with the Russian and Chinese representatives.
According to Chris Painter, a former top cyber official at the Department of State, while the United States has led on establishing some norms, like critical infrastructure shouldn’t be targeted outside of wartime, there is still outstanding work to be done on enforcing those norms.
“We have to make sure that those norms are just not paper tigers,” Painter said. “They have to be accepted by countries around the world and there has to be accountability when people break them."
Another recommendation from the committee suggests that credible information about foreign information or cyber operations be shared as broadly “as appropriate” within government, Congress and, when appropriate, private-sector partners. The committee also adds that the federal government must have “substantive and timely” outreach with state and local governments when election infrastructure is targeted.
The federal government has made strides in this area, particularly with its outreach to state and local governments, an effort spearheaded by the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security. Top election officials in states have security clearances to gain access to more threat intelligence and CISA frequently holds phone calls with state operators of critical infrastructure, which includes election officials.
As part of the recommendation, the committee also said that feds needed to create a mechanism for notifying the public of operations.
“Delaying the release of information allows inaccurate narratives to spread, which makes the task of informing the public significantly harder,” the committee wrote.
Both the IC and civilian government have partnered together to establish a process for public notification of cyberthreats. Back in November, the Office of the Director of National Intelligence, NSA, DHS, State, CIA, NSA and FBI agreed to a framework in which they would discuss potentially exposing an interference operation after convening leaders from all the agencies.
The committee’s other recommendations were that the executive branch prepare for the next attack, integrate responses to cyber incidents, prioritize collection on information warfare, and clarification of roles and authorities within the IC.