WASHINGTON - Military cyber officials are developing information warfare tactics that could be deployed against senior Russian officials and oligarchs if Moscow tries to interfere in the 2020 U.S. elections through hacking election systems or sowing widespread discord, according to current and former U.S. officials.
One option being explored by U.S. Cyber Command would target senior leadership and Russian elites, though likely not President Vladimir Putin, which would be considered too provocative, said the current and former officials who spoke on the condition of anonymity because of the issue's sensitivity. The idea would be to show that the target's sensitive, personal data could be hit if the interference did not stop, though officials declined to be more specific.
"When the Russians put implants into an electric grid, it means they're making a credible showing that they have the ability to hurt you if things escalate," said Bobby Chesney, a law professor at the University of Texas at Austin. "What may be contemplated here is an individualized version of that, not unlike individually targeted economic sanctions. It's sending credible signals to key decision-makers that they are vulnerable if they take certain adversarial actions."
Cyber Command and officials at the Pentagon declined to comment.
The military has long used psychological operations - dropping hundreds of thousands of leaflets in Iraq, for instance, to persuade Iraqi soldiers to surrender to the U.S.-led coalition during the Gulf War. But the Internet, social media and smartphones have vastly extended the reach and precision of such tactics.
The development comes as numerous agencies within the Trump administration seek to ensure the United States is shielded against foreign efforts to disrupt the 2020 elections, even as President Donald Trump himself has cast doubt on or belittled his own intelligence community's finding of Russian interference in 2016.
The intelligence community last month issued a classified update - a "national intelligence estimate" - assessing that Russia's main goal in the 2020 campaign continues to be to sow discord. "It's always been about exacerbating fault lines in our society," said one senior U.S. official.
In the past year, Congress and the Trump administration have eased restraints on the military's use of cyber-operations to thwart foreign adversaries. The push is part of a move by military officials such as Gen. Paul Nakasone, who heads both CyberCom and the National Security Agency, the government's powerful electronic surveillance arm, to weave cyber-offensive capabilities into military operations.
The 10-year-old command's foray into influence operations reflects an evolution in thinking. "It's a really big deal because we have not done a good job in the past of integrating traditional information warfare with cyber-operations," Chesney said. "But as Russia has demonstrated, these two are increasingly inseparable in practice."
While other military organizations, such as Joint Special Operations Command, also have cyber and information warfare capabilities, CyberCom is the first to turn such powers toward combating election interference.
"In 332 days, our nation is going to elect a president," Nakasone told a defense forum earlier this month. "We can't let up. This is something we cannot be episodic about. The defense of our nation, the defense of our elections, is something that will be every single day for as long as I can see into the future."
The options being considered build on an operation CyberCom undertook last fall in the run-up to the midterm elections. Beginning in October 2018, CyberCom used emails, pop-ups and texts to target Russian Internet "trolls" who were seeding disinformation on U.S. social media platforms. The trolls worked for the Internet Research Agency, a private entity controlled by a Russian oligarch close to Putin. CyberCom also messaged hackers working for Russian military intelligence, indicating their identities were known and could be publicized. Although the command did not sign its messages, the Americans knew there would be no mistaking who had sent them, officials said at the time.
When the trolls persisted, CyberCom, beginning on Election Day and for at least two days afterward, knocked their servers offline, The Washington Post previously reported. The Americans also sent messages aimed at spreading confusion and discord among IRA operatives, including computer system administrators. Some personnel were so perturbed that they launched an internal investigation to root out what they thought were insiders leaking personnel information, according to U.S. officials.
The new options contemplate targeting key leaders in the security services and the military and potentially some oligarchs. The messaging would be accompanied by a limited cyber-operation that demonstrates the Americans' access to a particular system or account and the capability to inflict a cost, said individuals familiar with the matter. The message would implicitly warn the target that if the election interference did not cease, there would be consequences.
The options do not envision any attempt to influence Russian society at large, which officials saw as having limited success given Putin's control of the country, including much of the media.
Some see the new options as potentially effective at altering a key official's decision-making calculus without being hugely escalatory because they do not seek to foment a popular uprising, which is Putin's big fear, analysts note.
Another possibility involves disinformation aimed at exploiting rivalries within the Russian government and power elites. In 2016, National Security Council aides in the Obama administration developed cyber options against Russia similar to those being contemplated by CyberCom now, but "no one had an appetite for it," a former senior official said.
"There is a night-and-day difference between 2016 and this," said a second former U.S. official, who said that CyberCom's thinking several years ago was much more limited and conventional.
Any operation would be reviewed by other agencies, including the State Department and CIA, and require the defense secretary's approval. It would be aligned with other potential U.S. efforts, such as sanctions or indictments, officials said.
Cyber-operations alone are usually not sufficient to transform an adversary's behavior. "It can serve a useful message of 'We're watching and be careful not to go further,' " said Michael Carpenter, a former senior defense policy official in the Obama administration. But generally, he said, it is likely to be more effective when used with other tools such as sanctions - especially those also backed by allies.
Cyber Command got a boost in August 2018 when Congress clarified that cyber actions that fall below the use of force - what practitioners call "the gray zone" - can be conducted as "traditional military activities" as distinct from covert action. That was a key change that meant that clandestine operations such as the IRA takedown last fall, for instance, would not get delayed by disputes about whether they were covert operations.
Also enhancing CyberCom's flexibility was Trump's signing the following month of a national security presidential memorandum that revised the process by which cyber-operations are vetted and approved, leaving the final decision with the defense secretary even if other agencies object.
No single office within the Defense Department oversees cyber, electronic warfare and psychological operations. So this month, Congress created a Senate-confirmed position of principal information operations adviser to coordinate strategy and policy in this area across the Pentagon and with other agencies.
Other former U.S. officials are wary of CyberCom's move into information operations. "I'm not a big fan of the Department of Defense doing messaging operations," said Richard Stengel, a former undersecretary of state for public diplomacy in the Obama administration. "I'm even skeptical of the State Department doing messaging operations. . . . I just don't think that's something we're good at."
Meanwhile the Marine Corps has created a position of deputy commandant for information to build information warfare capability. Army Cyber Command has integrated cyber, electronic warfare and information operations into its mission. The 16th Air Force cyber unit is doing the same.
Among the things that cyber officials are discussing are operations that expose adversaries' malign behavior.
The United States already has experimented with such disclosures, in 2014 releasing satellite images and other sensitive intelligence that showed Moscow had trained and equipped pro-Russian rebels in Ukraine responsible for shooting down a Malaysian airliner, killing 298 civilians. Such efforts could be expanded, officials say, to educate a broader audience about the actions of adversaries.
"Basically, it's a war of strategic narrative," said Sean McFate, a foreign policy expert and author of "The New Rules of War." "We need to get into that domain."
- - -
The Washington Post's Shane Harris and Paul Sonne contributed to this report.
This article was written by Ellen Nakashima, a reporter for The Washington Post.