The NSA prepares to defend 2020 elections, drawing lessons from 2018
The National Security Agency has begun revealing some of its preparations for the 2020 presidential elections, drawing in part from from its previous successes during the 2018 midterm elections. But officials also warned that cyber threats from foreign adversaries were evolving, accelerating and likely to reach a growing number of targets.
NSA officials outlined a three-part approach they said was key to ensuring the security of the 2018 midterms: They first sought to understand adversaries' activities, and then shared, chiefly through the FBI and Department of Homeland Security, information with potential targets. Along with U.S. Cyber Command, the military's cyber defense arm, officials said they also imposed unspecified "costs" on those aiming to disrupt U.S. political processes.
"[W]e said… if there is an adversary or adversaries that are attempting to either influence or interfere in our elections, we're going to take them on," General Paul Nakasone, who leads both the NSA and U.S. Cyber Command, said at the annual Intelligence and National Security Alliance (INSA) Summit last week.
Nakasone announced in late July the establishment of a new Cybersecurity Directorate that is intended to better fuse the NSA's foreign intelligence with cyber defense efforts. He selected Anne Neuberger to lead it. She previously co-led a task force dubbed "Russia Small Group" that countered foreign efforts to interfere in the 2018 elections.
"Russia Small Group" has since been rebranded the "Election Security Group," where it continues to operate under new dual leadership, a senior intelligence official said. The task force monitors cyber threats from actors other than Russia, including Iran, China and North Korea.
In her first public remarks since being tapped for the new role, Neuberger, 43, said at last week's Billington Cybersecurity Summit that the directorate's core mission will be "to prevent and eradicate cyber actors from national security systems and critical infrastructure," including U.S. defense networks.
"The threat demands it and the nation deserves that we achieve it," she said.
Neuberger, who also previously served as the agency's chief risk officer and deputy director of operations, said the impetus for creating the directorate stemmed from Nakasone's own assessment that the cyber threats facing the country had changed, with countries like Russia and China using relatively simple, tactical actions — including influencing conversations on social media and stealing intellectual property.
"NSA really had to up its game," Neuberger explained.
She said a central function of the cybersecurity directorate would be to broaden collaboration among different specialists within the NSA and produce unclassified products meant to inform other government agencies, the military, and, ultimately, private companies at a faster pace. The directorate will begin its work on October 1 and be fully operational by December 31, according to Neuberger.
"We've heard a lot of feedback that some of the information we would share — for example, IP address, domain names — are temporary, and by the time they're shared, they're no longer useful," Neuberger said. "So we want to change from those more tactical elements being shared to 'pictures' that help cyber security."
"The activities in particular of the 2018 election — as well as just the general growth in cyber mischief — have convinced us that it's important for us to have one integrated focal point within the National Security Agency to deal with the cybersecurity threats," NSA general counsel Glenn Gerstell said at the two-day INSA conference.
Gerstell warned of a "global cyber pandemic" that was likely to "get worse before it gets better," citing the billions of potentially vulnerable internet-connected devices expected to come online in the next two years. He, along with several other top intelligence and national security officials who spoke last week, warned of the threat of ransomware in particular being used to disrupt the 2020 voting process.
Lieutenant General Stephen Fogarty, head of U.S. Army Cyber Command, said adversaries were likely to have learned their own lessons from both the 2016 and 2018 elections and would seek to adapt their approaches accordingly.
"They are going to work very hard to evade our defenses," he said. "They're going to try to limit the costs that we're going to attempt to impose on them."
Of the 2020 election, he said, "I think it's going to be pretty sporty, actually."