WASHINGTON (Sinclair Broadcast Group) — Democratic societies have long been seen as the champions of free speech and the open exchange of information, but those very qualities have increasingly become a vulnerabilities in the digital age, where cyberspace is being used to undermine confidence in governments and political institutions.
Over the past year a string of actual and attempted cyberattacks have been carried out in an attempt to sway critical elections in the United States, France and are feared to be coming in the upcoming federal elections in Germany, the United Kingdom and Italy. In each of these countries, international intelligence professionals have pointed to Russia as the perpetrator of cyberattacks, data theft and cyber-enabled influence campaigns to impact the democratic process.
Last week, the Director of National Intelligence Dan Coats spoke before a Senate panel to address the major threats facing the United States, putting challenges in cyberspace at the top of the list. Cyber threats, Coats said, "are already challenging public trust and confidence in global institutions [and] governance."
The threats coming from Russia in particular are expected to increase not decrease in the coming years, he said. "The Russians have upped their game using social media and other opportunities in ways that we haven't seen before," Coats warned. "So it's a great threat to our democratic process."
The former DNI, James Clapper, was more dire in issuing a warning over the weekend that American institutions "are under assault" both externally, from the Russian election interference and "internally" through the erosion of constitutional norms.
Clapper originally presented the findings of the intelligence community in January, concluding that Russian President Vladimir Putin had directed the influence campaign to give an advantage to President Trump, whose policies were seen as preferable to Moscow. In this unprecedented attack, the Russians used a host of cyber-enabled means, including data theft, intelligence cut-outs like Wikileaks and social media to spread damaging information about the Democratic candidate Hillary Clinton.
U.S. officials are now working with allies and carefully watching this threat unfold around the globe, all according to a very similar playbook as the one used in the U.S. in 2016.
Only 36 hours before the May 7 presidential election in France, a significant amount of information was stolen and leaked from front-runner Emmanuel Macron. The French government described the event as a "very serious" data breach that they attributed to Russian sources.
Much of the damage from the leaked information was mitigated, though. Unlike the widely publicized Wikileaks on Hillary Clinton and the DNC, French media generally did not publish the contents of the leaked information, which was mostly ignored by the French electorate.
The director of the U.S. National Security Agency (NSA) gave French election authorities a "heads up" to the threat the agency saw unfolding around the elections. Adm. Mike Rogers told a Senate committee shortly after the election that the NSA spoke to their French counterparts telling them, "Look, we're watching the Russians. We're seeing them penetrate some of your infrastructure." Rogers has given similar warnings to officials in Germany and the UK, who also have upcoming elections.
In France, the data theft and information leak was technically successful, with a number of social media sites carrying the material on Macron, but it was not enough to change the candidate's double-digit lead over far right rival Marine Le Pen, whose candidacy was promoted on Russian news and information channels for months and partially bankrolled by the Kremlin.
In Germany, where they are preparing for federal elections in September, security officials are encouraging all political parties to shore up their cybersecurity ahead of the vote.
Only a few months ago, a number of German think tanks tied to the Christian Democratic Union party of Chancelor Angela Merkel came under attack from a group cybersecurity experts have named Pawn Storm. The group was also implicated in targeting the Macron campaign in France and has been tied to Russian military intelligence.
Russia has repeatedly denied any involvement in election interference, both in Europe and the United States.
In Great Britain, Prime Minister Theresa May called for snap elections for June 8, to shore up popular support for the Conservative government's plans to leave the European Union under Brexit. Russian interference in these elections is a "realistic possibility," according to British Foreign Secretary Boris Johnson.
This weekend, as Britain's National Health System was under siege from a worldwide ransomware attack, Johnson told the Daily Telegraph that the Russian president is intent to "discredit the whole democratic process" by undermining public faith in the elections.
"Putin would certainly rejoice to see British defenses weakened, Britain’s foreign policy become less active, to see us detached from the United States, that would be absolute grist to Putin’s mill, that would be just what he wants," Johnson said.
In recent years, Russia has been credited with installing compromising computers at Ukraine's Central Election Commission to undermine public confidence in the 2014 election results.
Estonia has also been a target of Russian cyberattacks, including a damaging 2007 denial of service (DDOS) attack that temporarily crippled dozens of government and corporate networks, an experience former president Toomas Hendrik Ilves recently discussed with members of the House Foreign Affairs Committee, describing Russia's recent cyber-enabled election interference targeting western democratic elections tantamount to war.
"What we are seeing in the United States and among the European allies is that influencing a country’s election outcome is warfare," Ilves said. "There is no need to wage a kinetic war or even use debilitating cyber attacks on critical infrastructure if you can sway an election to elect a candidate or a party friendly to your interests or to defeat a candidate you don’t like."
While it's almost impossible to look at Russian election interference outside the scope of foreign hostilities, according to Herbert Lin, senior cyber policy researcher at Stanford University, describing the recent attacks as warfare may be a step too far.
"A foreign nation interfering in our election is clearly a hostile act, whether it rises to the level of warfare is a different question," he said.
From spreading "fake news" on social media, to stealing and releasing data on political adversaries, much of what Russia has done in the field of cyber-enabled information warfare only underscores the challenges nations are currently running into in trying to combat such interference in the future.
"You can conduct a cyber-enabled information war campaign against a nation simply by putting up a bunch of websites, and sending emails, and posting Youtube video and having Twitter send out fake news and links to provocative and false news stories," Lin explained.
The fact that those actions are legal and protected in western democracies, particularly the United States, is part of the reason why these systems are hugely vulnerable to such attacks and why democratic elections are such a prime target.
"What we do know is that the effects of cyber enabled operations, like [the 2016 election interference], will have small effects. But there are times when small effects matter," Lin said, noting that "an election is the ideal ground for deploying weapons that have a small effect."
In a closely contested election, where the margin of victory is one or two percentage points or a fraction of a percent, "a little bit of influence can make a big shift in the policy outcome."
That is exactly the concern going forward as democratic societies become increasingly polarized politically. Whether it's the 80,000 vote margin that secured Donald Trump's electoral college victory or the 3.8 percent margin of victory for the Leave campaign in last year's Brexit vote, small margins can mean huge policy differences.
At present, the U.S. intelligence community has its hands tied. The attacks exploit the very institutions they seek to undermine, which means changes in policy and free communication could be at stake.
When asked before the Senate Intelligence Committee last week what steps were being taken to secure America's democratic institutions, DNI Coats could not provide a clear response. "Relative to a grand strategy," he said, "I am not aware right now of any."