As the G-7 gathered last weekend in Biarritz, President Trump has expressed hope for the return of Russia, the missing guest at the table. But any consideration of this issue requires dealing with Trump’s least favorite subject - Russian cybermeddling in U.S. elections.
The stark reality is that the United States is now fighting a low-level cyberwar to combat Kremlin political interference and other malign actions. U.S. Cyber Command launched this “hunt forward” campaign last summer to deter Russian meddling in the 2018 midterm elections. It’s part of a broader strategy of “persistent engagement” with adversaries.
If Trump truly wants to invite President Vladimir Putin to the 2020 version of a rechristened G-8, there’s an obvious price he should demand from Putin: a verifiable commitment to stop Russia’s egregious cyberinterference in the elections of the U.S. and other members of the current G-7.
Trump this week floated the idea of readmitting Russia, which had been expelled from the then-G-8 in 2014 following its invasion of Crimea. “I could certainly see it being the G-8 again,” he told reporters before a meeting with President Klaus Iohannis of Romania, “because a lot of the things we talk about have to do with Russia.”
That’s not a crazy idea. Gen. Joseph Dunford, the chairman of the Joint Chiefs of Staff, maintains a regular dialogue with his Russian counterpart. After the latest meeting this week, a Pentagon statement cited “the inherent value of regular communication in order to avoid miscalculation and promote transparency.”
Meanwhile, the invisible cyberwar continues, with Cyber Command dispatching teams to work with key allies to identify and expose Russian malware.
A senior defense official provided new details of this operation in an interview this week.
The timeline of 2018 election-security effort is intriguing, because it unfolded while Trump was publicly discounting Russian election meddling in 2016. The push began in May 2018, when then-Defense Secretary James Mattis tasked Gen. Paul Nakasone, the newly appointed head of Cyber Command, to work with the FBI and the Department of Homeland Security to defend the midterm elections.
The “Russia Small Group” was the anodyne name given to the joint task force create by Cyber Command and the National Security Agency, both under Nakasone’s command. By government standards, it moved quickly: It was formed in July, got legal operational authority in August, and began deploying forward teams abroad in September and October. Each of the teams was small, and fewer than 50 people were sent abroad in total.
The Pentagon has disclosed three countries where Cyber Command teams were deployed: Ukraine, Montenegro and Macedonia. With permission from these host governments, the teams operated inside their networks to collect malware the Russians had planted on supposedly secure systems. It was a treasure trove, according to the senior defense official.
“What surprised us was how blatant they were,” the senior defense official said. “The activity was so pervasive.” The forward-deployed teams discovered new pieces of Russian malware, including “rootkits,” which can allow an adversary to control a target’s computer system without being detected, “tunneling” software that hides communications in public networks, and other dangerous tools.
The Russians were sloppy in attacking networks of countries close to their borders, the defense official said.
“If you think nobody is watching you, you don’t try to cover your tracks.”
Then came public exposure: After the malware had been analyzed at Fort Meade, some of it was sent to an internet clearinghouse called VirusTotal, where computer-security professionals could analyze it and adopt countermeasures. In October and November, 10 of these malware tools were posted online, and a half-dozen more have been added since, the defense official said.
The campaign objective was to impose costs on the Russians. “When you lose a tool, somebody has to recreate it,” which takes time and money, the official said. Cyber Command also dropped calling cards, so to speak, personally messaging some of the hackers at the Internet Research Agency in St. Petersburg.
The Washington Post has reported, without rebuttal, that Cyber Command operatives also briefly shut down the Internet Research Agency’s computer systems.
Cyber Command’s forward-deployed campaign will continue to protect the 2020 election, the defense official said. The message to Moscow is three-fold, he said: “We know what you’re doing. We are united against you. Your behavior has consequences.”
Even with this new U.S.-led campaign, Putin isn’t likely to disarm what has been such an effective cybercampaign. But the G-7 leaders, Trump most especially, should make clear that’s the first requirement for getting back in the club.
David Ignatius is published twice weekly by THE DAILY STAR.