US Cyber Command expanded its operations aimed at identifying malicious foreign cyber actors before Tuesday’s presidential election, conducting missions to not only seek out Russian hackers, but those from all major adversaries, including Iran and China, a US official confirmed to CNN.
The same US official also told CNN on Monday that cyber operations against foreign actors, across the whole spectrum of offensive and defensive measures, began ahead of the election and will continue after the final ballot is cast.
News that Cyber Command expanded its “hunt forward” operations ahead of Election Day, building on an effort that began in 2018 to identify foreign hackers and tactics, was first reported by The New York Times and comes as US officials across the national security community are on high alert against potential foreign interference.
In the hours before Election Day, officials warned Americans to remain calm and vigilant as the period before the final votes are cast and the days that follow present a ripe opportunity for adversaries looking to undermine the American democratic process.
But while election security officials had expected an uptick in foreign activity ahead of Tuesday, the Department of Homeland Security’s top cyber official, Chris Krebs, told CNN that things have remained relatively calm with the exception of some ransomware attacks.
Russia has recently engaged in some broad cyber activities that resulted in incidental contact with election infrastructure and Iran “decided to get into the game” by conducting targeted disinformation efforts, but officials are confident that vote counting and certification systems remain secure, according to Krebs and other US officials.
‘Uniquely volatile’ period
Still, it’s a “uniquely volatile” period, the top Democrat on the Senate Intelligence Committee, Sen. Mark Warner of Virginia, said in a tweet Monday. “Our adversaries will seek to take advantage of that. Don’t make their jobs any easier,” Warner said.
Other agencies, including the FBI and the cyber arm of the Department of Homeland Security, have issued a flurry of advisories in the final weeks of the campaign and on Monday, it was all-hands-on-deck for election security officials across various federal agencies as they prepared to respond to a range of potential foreign threats, ranging from cyber attacks to targeted disinformation efforts.
Among those agencies were US Cyber Command and the National Security Agency, which are tasked with defending voting systems against foreign cyber actors and conducting offensive cyber operations against foreign adversaries who may seek to interfere in the voting process before, on or after Election Day.
Another official, this one with US Cyber Command, also made clear that the Pentagon and its interagency partners have been taking additional steps to prepare for the possibility of Election Day chaos.
“USCYBERCOM has a 24/7 ops center, and we are specifically postured for the elections—however, we’ve integrated election defense into our everyday operations. There are two parts to this: We are enabling our partners, and we are ready to act,” the US Cyber Command official told CNN. “We also have liaison officers embedded with our interagency partners, for better flow of information and coordination.”
Other federal agencies will also remain on high alert through Election Day and in the days that follow, according to Krebs.
“Our federal partners will remain up and running in an enhanced posture, because we understand that it’s a ripe opportunity for foreign adversaries to inject mis- or dis- or mal-information into the news cycles and try to undermine confidence,” he said Friday.
Concern about ‘Black Swan’ incidents
A US official told CNN that the lingering concern remains so-called “Black Swan” incidents – unforeseen or unpredictable events that were not considered during the months of coordinated preparation among federal, state and local officials.
The official added that this could consist of cyber incidents involving entities that are not directly linked to election infrastructure, like large-scale ransomware attacks against hospitals, which are perfect for undermining the system writ large. Even though these sorts of attacks do not impact whether votes are counted, they create the perception of doing so, the official added.
Election security officials will be on standby to respond should any foreign adversary decide to carry out an attack of any kind on Election Day.
“Like on Super Tuesday, we have active chatrooms with our interagency partners. Our partners will have unclassified chatrooms with state and local entities, and if they receive information that might be valuable for the whole-of-government defense, we will be able to pivot on those tips, so we can provide information back,” the US CyberCommand official said. “Also, USCYBERCOM and NSA have the ability to alert interagency and private industry partners to act on information; for example, we may detect a cyber-event from an adversary and can tip a partner to this anomaly – then within hours those partners can alert victims of cyber activity and engage mitigation response. It is the ability for us to act and respond as a whole of government at speed that is significant.”
This posture will continue in the days after the election, the official said: “We’re still going to be laser-focused on our adversaries post the elections.”
CNN’s Alex Marquardt contributed to this report.