Securing Democracy Dispatch

White House unveils national cyber strategy to deter foreign adversaries: On September 20, the Trump administration announced a new cyber strategy, which outlines how the administration will approach cybersecurity and deter and defend against cyber threats from foreign adversaries. It also delineates the responsibilities of various U.S. government agencies in implementing the strategy. The strategy focuses on four pillars, including: securing government networks and critical infrastructure, developing a cyber workforce, deterring malicious cyber activity by foreign adversaries, and promoting “an Open, Interoperable, Reliable, and Secure Internet.” National Security Advisor John Bolton warned that the U.S. government “will respond offensively as well as defensively” to foreign nations undertaking cyber activity against the United States. Republicans welcomed the new strategy, while Democrats were divided in their response. Chairman of the Armed Services Committee’s Subcommittee on Cybersecurity Senator Mike Rounds (R-SD) said that “taking a more offensive approach to cyber-attacks will allow us to swiftly and preemptively address an imminent attack,” whereas Senator Mark Warner (D-VA) pointed out that the new strategy “outlines a number of important and well-established cyber priorities” but “must now move beyond vague policy proposals and into concrete action towards achieving those goals.” Representative Jim Langevin (D-RI) cautioned against more offensive operations: “As the country with the most innovative economy in the world, we must also acknowledge the abiding interest of the United States in encouraging stability in this domain.” The new strategy was unveiled days after the Department of Defense released its own cyber strategy, which grants the U.S. military “more authority to launch preventative cyberstrikes.” (The White House, C-SPAN, Politico, CNN)

Foreign hackers target the Senate: Senator Ron Wyden (D-OR) wrote a letter to Senate leaders revealing “at least one major technology company” had warned a number of Senators and aides that their personal email accounts were “targeted by foreign government hackers,” and that the U.S. Senate Sergeant at Arms (SAA) lacked the authority to protect Senators and their staffs from cyber-attacks directed at their personal devices and accounts. Google later confirmed that it was the tech company that Sen. Wyden referred to that alerted senators and staffers that their personal accounts had been targeted by foreign hackers. (Senator Ron Wyden, Associated Press, NPR)

New poll reveals that Americans are aware of foreign interference threats to elections: A new MPR-Marist poll revealed that 63 percent of Americans believe keeping U.S. elections safe and secure is a “top priority,” and 53 percent believe the country is either “prepared” or “very prepared” to keep the midterms secure. However, 67 percent of respondents said it was “very likely/likely” that Russia would use social media to spread false information about candidates running for office; and that Facebook and Twitter had done “not very much/nothing at all” to prevent election interference this year. And while more than 50 percent of respondents said the Department of Homeland Security (DHS), FBI, and state election officials had done “a great deal/good amount” to combat interference, the majority of respondents also said that President Trump, Republicans, and Democrats in Congress have done “not very much/nothing at all.” Additionally, voters overwhelmingly supported paper ballot systems over touchscreen electronic voting machines to make elections more secure from interference. (MPR-Marist)

States scramble to safeguard elections ahead of midterms: U.S. District Judge Amy Totenberg denied a motion to force the state of Georgia to switch from electronic touch screen machines to paper ballots for the upcoming midterm elections on the grounds that “an instant grant of the paper ballot relief requested could just as readily jeopardize the upcoming elections, voter turnout, and the orderly administration of the election.” Georgia is one of 14 states using machines that lack a paper trail that voters can use to verify their vote. In California, election officials are launching a new effort to fight disinformation campaigns. According to Secretary of State Alex Padilla, the state’s new Office of Election Cybersecurity “allows us to be able to identify campaigns along those lines more quickly, correct information, and — as appropriate — work with social media platforms and others to bring some of that information down.” However, ASD’s Bret Schafer advised limiting the scope of the office: “You don’t want a secretary of state or any, really, government official being in a position for them to say, this specific narrative about a candidate is disinformation and it should be taken down … That very quickly is going to be a slippery slope and it’s going to become political and problematic on many levels.” (The Washington Post, Capital Public Radio)

New Executive Order authorizes sanctions on individuals and entities in Russia and China, as the White House considers further action against China: On September 20, President Trump issued an Executive Order authorizing the implementation of additional sanctions under the Countering America’s Adversaries Through Sanctions Act (CAATSA). The Secretary of State accordingly extended sanctions to 33 individuals or entities “for being a part of, or operating for or on behalf of, the defense or intelligence sectors of the Government of the Russian Federation.” Among those listed were the 25 Russians and organizations named by Special Counsel Robert Mueller in his February and July indictments. Also added to the sanctions list by Treasury were China’s Equipment Development Department and its Director, Li Shangfu, for their business dealings with Russia’s main exporter, Rosoborenexport, including the purchase of Su-35 combat aircraft and equipment related to the S-400 missile system. Separately, Axios reported that the Trump administration is planning to launch an “administration-wide broadside” against China in the coming weeks, due to China’s “malign activity” in cyber-attacks, election interference, and industrial warfare. Commenting on the plan, a White House official explained: “We’re not just going to let Russia be the bogeyman … It’s Russia and China.” (WhiteHouse.gov, Treasury.gov, State.gov, Justice.gov, Bloomberg, BuzzFeed News, Axios)

Investigation concludes suspects in Skripal poisoning are active Russian intelligence officers: Open source investigative outlet Bellingcat concluded “definitively” that Alexander Petrov and Ruslan Boshirov, the suspects in the poisoning of Sergei and Yulia Skripal, are active intelligence officers in Russia’s military intelligence agency, the GRU. Reporters were able to track the phone number listed next to top secret stamps on the men’s passports to a Ministry of Defense location in Moscow, which serves as GRU Headquarters. Reporters also concluded that Petrov and Boshirov’s passports, which differ by only three numbers, came from the same “special issuing agency” batch as the passport of GRU Colonel Eduard Shishmakov (alias Eduard Shirokov), who allegedly supervised a failed coup in Montenegro. Bellingcat is also investigating reports that Boshirov and Petrov were the same Russian spies arrested in the Netherlands while attempting to smuggle hacking equipment with the goal of infiltrating the Spiez laboratory in Switzerland. The Spiez Lab was responsible for investigating the agent used in the Skripals’ poisoning and the chemical attacks in Syria. Dutch authorities have not released any information on the time or context of the arrests. (Bellingcat)

DOJ orders FARA registration for Chinese state media companies, but FARA reform stumbles in Congress: The Department of Justice (DOJ) ordered Xinhua News Agency and China Global Television Network (CGTN), two Chinese state-run media outlets, to register as foreign agents under the Foreign Agents Registration Act (FARA), which requires individuals or entities “acting as agents of foreign principals in a political or quasi-political capacity” to report their status and activities to DOJ. The move follows the 2017 registration of two Russian state-owned media organizations, Sputnik and RT. According to Newsweek, the move reflects a concern that China may attempt to influence the American public with its “state-sponsored propaganda,” much as RT and Sputnik did during the 2016 U.S. presidential election. Despite renewed concerns of election interference, Politico reports that efforts to reform FARA, in particular to toughen enforcement measures, have slowed down in Congress. (The Wall Street Journal, Justice.gov, Newsweek, Reuters, Politico)

Big tech drives AI into Chinese market amid widespread concern over Chinese Internet regulations: As China continues to forego Western norms of Internet freedom in favor of the Chinese model of “cyber-sovereignty,” tech giants Google, Microsoft, and Amazon are focused on what they believe to be the key to cracking the Chinese tech market – artificial intelligence. The trio’s participation in the Chinese state-backed World Artificial Intelligence Conference (WAIC) in Shanghai featured the roll-out of China-specific AI products from Google and announcements by Microsoft and Amazon regarding plans to build AI-specific research labs in Shanghai. However, efforts to enter the Chinese market have not come without controversy. News that Dragonfly, Google’s search engine prototype in China, could link users’ searches to their phone numbers, has prompted concern over the engine’s use for repressive government censorship. Dragonfly will also reportedly censor searches, such as human rights violations that do not portray the Chinese government positively. According to former Google CEO Eric Schmidt, diverging norms of appropriate Internet regulation could result in “a bifurcation into a Chinese-led Internet and a non-Chinese Internet led by America” in the near future. (Reuters, The Guardian, Buzzfeed, CNBC, New York Times)

CEO of Denmark’s Danske Bank resigns over money laundering scandal: Thomas Borgen, the CEO of Danske Bank, resigned on September 19 after an internal probe into a money laundering scandal centered on Danske’s Estonian branch. Borgen, who was in charge of international banking (including the branch in Estonia) from 2009 to 2012 and was named CEO in 2013, and other Danske senior officials had been slow to take action against thousands of questionable accounts at the Estonian branch – many of them reportedly Russian. The internal probe’s findings estimate $234 billion flowed through the bank from 2007 to 2015, of which approximately 40 percent is thought to be suspicious. Facing objections from several shareholders and declining confidence among the Danish public, Danske officials have stated that the bank will donate the gross income from the Estonian operations to an independent foundation established with the purpose of combating international financial crime. Danish members of parliament are hoping to slap steep fines on Danske Bank in order to demonstrate that they are taking money laundering issues seriously. Additionally, the Danish Financial Supervisory Authority (DFSA) reopened its Danske investigation on September 20, reporting that employees of the Estonian branch failed to run background checks on customers who lived outside of Estonia and who often deposited money in cash. The DFSA is concerned that Danske Bank could be cut off from the dollar-led financial system in a move known as a “death blow” following investigations by the U.S. Treasury into possible breaches of sanctions. So far, Danske Bank has not found any evidence of breaches of U.S. sanctions in its own investigations, but it has yet to examine 8,000 of the 15,000 suspicious accounts. On September 21, the European Commission asked the European Banking Authority to determine if Danske Bank supervisors followed EU rules in their own investigation. (Financial Times, The New York Times, Global Witness, EU Observer, The Wall Street Journal, Bloomberg)

France, Singapore, Taiwan release reports detailing foreign disinformation campaigns: The French Policy Planning Staff (CAPS, Ministry for Europe and Foreign Affairs) and the Institute for Strategic Research (IRSEM, Ministry for the Armed Forces) published a substantial report on “information manipulation” by both state and non-state actors, focusing on the threat of disinformation to democracy. The report outlined how and why these campaigns take place, and listed 50 recommendations for governments, civil society, and private actors to better combat disinformation, including the need to “strengthen the resilience of our societies,” “not underestimate the threat,” and “not yield to the temptation of counter-propaganda.” In Singapore, a select committee appointed to investigate online disinformation issued a similar report that concluded Singapore has “been the subject of foreign, state-sponsored disinformation operations.” The report included 22 recommendations with the aim to create “a public that is informed and respects the facts, a society that is cohesive and resilient, and a people whose sovereignty and freedom are safeguarded.” In addition, Taiwan’s Ministry of Justice reported that China is behind a swell of disinformation targeting the island nation, warning that these “activities will have an immense impact on Taiwan’s politics and elections.” (diplomatie.gouv.fr, gov.sg, Asia Times)

Facebook’s new defensive tools may not be enough to prevent foreign election interference: On September 19, Facebook announced plans to team up with the International Republican Institute (IRI) and the National Democratic Institute (NDI) to run simulations of potential manipulations on its platform. The simulations are intended to test Facebook’s responses to possible scenarios of election-eve misinformation about ballot procedures and the sudden creation of election-related pages from remote, foreign locations. Facebook is also adding a program for U.S. campaigns and campaign committees to give extra protection against cyber threats at the state and federal level, designed to improve the early identification of patterns of malicious behavior. However, Facebook announced on September 20 that it will drop its on-site support to political campaigns, which means that the company will no longer send employees to the offices of political campaigns to offer support ahead of elections. Support will be available more globally through an online portal to help navigate ad systems and aid in campaign communication. Even as Facebook ramps up its new set of defensive programs, foreign influence campaigns are already searching for ways to work around these new obstacles. For example, in the lead-up to the Brazilian election next month, the Atlantic Council’s Digital Forensics Research Lab found that out of the top four Portuguese-language articles about corruption in Brazil published on Facebook and Twitter recently, three were false. And despite Facebook’s recent effort to adjust its algorithms to display more postings by a user’s family and friends, users are still interacting with clickbait at a similar rate, according to Reuters. (The New York Times, Reuters, NBC News, CNBC)

ASD’s Bradley Hanlon and Alexander Roberds published a new blog post outlining the Kremlin’s efforts to obstruct NATO enlargement using its asymmetric foreign policy toolkit, paying particular attention to ongoing efforts to influence the September 30 name-change referendum in Macedonia: “Russian efforts to undermine the Macedonian referendum — and, correspondingly, the country’s accession to NATO — follow a well-worn playbook. The Kremlin has used asymmetric tools like disinformation, covert support for extremist political groups and organizations sympathetic to Russian policies, and cyber-attacks throughout the Western Balkans and across Europe in attempts to keep countries out of Euroatlantic institutions.” 

Accounts tracked by the Hamilton 68 Dashboard last week focused on both international issues and divisive domestic debates in the United States. Early in the week, chatter on the dashboard focused on denying the Russian military’s role in the 2014 downing of Malaysian Airlines Flight 17 and the Russian military intelligence agency’s recent poisoning of Sergei Skripal. However, following the downing of a Russian military plane by Russian anti-aircraft systems operated by the Syrian government, accounts blaming both Israel and France for the downing were among the Top URLs shared on the dashboard in the middle of the week (see Worst of the Week below). Pro-Kremlin accounts also seized on sexual assault allegations against Supreme Court Nominee Brett Kavanaugh, sharing numerous conspiratorial articles attacking and attempting to discredit Kavanaugh’s accuser, Dr. Christine Blasey Ford.

“[Our competitors and adversaries] benefit from the open Internet, while constricting and controlling their own people’s access to it, and actively undermine the principles of an open Internet in international forums. They hide behind notions of sovereignty while recklessly violating the laws of other states by engaging in pernicious economic espionage and malicious cyber activities, causing significant economic disruption and harm to individuals, commercial and non-commercial interests, and governments across the world. They view cyberspace as an arena where the United States’ overwhelming military, economic, and political power could be neutralized and where the United States and its allies and partners are vulnerable.” 

–National Cyber Strategy of the United States of America, September 2018 

Following the downing of a Russian aircraft in Syria, Kremlin-controlled media outlets immediately attempted to attribute blame to Western powers. The aircraft, an Il-20 surveillance plane (a propeller plane originally brought into service in 1948), was downed by Russian anti-aircraft systems operated by the Syrian government. Kremlin-controlled media quickly tried to blame Israel for the incident, claiming that Israeli F-16 jets had used the Russian prop-plane as a shield. Kremlin media also claimed that a French warship in the Mediterranean had launched missiles around the time of the downing. Both the Israeli and French governments refuted the claims. The Russian Ministry of Defense admitted that the anti-aircraft systems given to the Syrian government were not equipped with systems to identify friend from foe.

The views expressed in GMF publications and commentary are the views of the author alone.