After three years in the trenches of Facebook’s war against disinformation, Alex Stamos brings bad news from the front: US elections are at risk of becoming the “World Cup of information warfare.” “That campaign to drive wedges into American society has not stopped. If anything, it has intensified,” Stamos told CNN recently.
One problem is that campaign security isn’t anyone’s job, notes Maciej Ceglowski, the founder of Tech Solidarity. The Department of Homeland Security offers training through its National Cybersecurity and Communications Information Center (NCCIC) in theory, but it has shown little appetite for the topic in practice, he writes for The Washington Post:
The NCCIC’s audit and assessment services are targeted at large federal agencies, not small groups of people driving around Iowa. Campaigns that reach out to NCCIC get an email outlining options like a “six-week phishing vulnerability assessment” or an “audit of internal network security,” neither of which is much help to a campaign working off personal devices, seven weeks before an election.
“A State Department unit created two years ago to lead the U.S. fight against anti-democratic propaganda abroad, including Russian disinformation campaigns, still has not received millions of dollars in funding allocated to it by Congress,” HuffPost’s Lauren Weber reports. “And even if some money comes through for the Global Engagement Center before the end of the fiscal year, it will now be just one-sixth of the amount originally directed to the center to counteract terrorist messaging and foreign efforts to influence elections.”
Weber reported that Sens. Chris Murphy (D-Conn.) and Rob Portman (R-Ohio) last month introduced an amendment to direct $40 million to the State Department’s unit, but their measure was not included in the Defense Department appropriations bill for fiscal 2019 that passed the Senate, the Post adds.
“The fact that Russia continues to advance their disinformation efforts makes clear the need to ramp up these programs. Now is not the time for us to shortchange them through lack of funding,” Portman said in an Aug. 22 statement.
The United States is changing the policy framework governing the execution of offensive and defensive cyber operations, the majority of which are best classified as 21st century political warfare, according to analysts J.D. Work and Benjamin Jensen, co-author of the recent book, Cyber Strategy: the Evolving Character of Power and Coercion.
Rival states used disruption, espionage, and degradation to undermine their adversaries and signal the risk of escalation. In this digital gray zone, cyber operations provided a low-cost, low-threat means of engaging in competition short of violent conflict. These operations were often related to larger influence campaigns, such as Russian efforts to target the 2016 U.S. presidential election and undermine democratic institutions in Western Europe, they write for Cipher Brief:
Civilian leaders are responsible for creating a policy framework in which multiple interagency stakeholders craft cyber strategy and establish how a country can legally use the digital domain to achieve a position of relative advantage. Such a framework must enable interagency contingency planning that combines cyber operations with other instruments of power such as economic sanctions, diplomatic demarches, and military threats. No one agency in government, be it the military or intelligence community, can balance these equities alone. Therefore, cyber strategy requires an interagency process, consistent with an agency approach to civil-military relations that efficiently coordinates cyber operations while ensuring civilian control.