Exposing Russian Interference – The Value of Real-Time Forensics

| Daniel Hoffman
Daniel Hoffman
Former CIA Chief of Station

Russian President Vladimir Putin has sought to exploit open and free U.S. cyberspace, which serves as a force multiplier for commerce and freedom of expression, with hacking and discoverable influence operations. Conducting all-source forensics following these Russian attacks on our democratic process, U.S. social media networking sites are in the incident response phase — “to the right of boom.” Google, Facebook and Twitter were subjected to highly aggressive questioning during recent Senate hearings, which focused on the results of their forensics as well as technical countermeasures designed to deny Russia’s nefarious use of their sites.

The hearings were a positive step forward in warning fellow Americans about Russia’s efforts to degrade trust in the modern cyber infrastructure. We are, however, still building an effective strategy for countering Russia’s intrusions into our cyberspace, which so threaten the critical infrastructure of our democratic process.

We should not expect Twitter, Google and Facebook to solve this challenge independently, without outside assistance. Our cyberspace is under siege. Beyond Congress ringing alarm bells about Russian election meddling during open hearings, the U.S. government should join the private sector in assisting our social networking and media sites with improved warning, forensics and countermeasures.

First, social networking and media sites should rely on the intelligence community for indicators and warning of nefarious state and non-state actors’ intentions to target our cyberspace. While intelligence reporting on individual tactical incursions into our cyberspace is not a realistic expectation, the community could steal the secrets that would reveal an adversary’s strategic plans and share the threat intelligence, while protecting source identities along the same model we use for counterterrorism.

Second, we need incident response dashboards to track Russian-backed disinformation and propaganda on our social networking and media sites. Security teams for Google, Facebook and Twitter would benefit from private sector websites that produce accurate and close to real-time reporting on social networking posts, videos and tweets that are assessed to spread Russian propaganda from Russia Today, Sputnik and other users that promote the government of Russia.

Speed is critical.  Our social networking and media sites should assume they will continue to be exploited and hacked. In incident response, forensics should take seconds or minutes, not months. Countermeasures should begin immediately after the threat is detected.

While our social networking and media sites rightly focus on reducing their vulnerability with technical countermeasures, the most elegant response is to use the benefit of free speech to provide education and information — the best defense against false narratives in any case. This critical arrow in our quiver can counter Putin’s efforts to drive a wedge between the U.S. and its allies in the European Union and NATO as well as the Russian regime’s attempts to degrade the democratic process in the U.S. and the West.

Bringing transparency to Russia’s efforts to soil our democratic process would inoculate the American public against Russian influence not by censoring or blocking Kremlin-linked accounts, but rather by disseminating the truth. The Kremlin has been focused on not only sowing divisions within American society, but also acquiring followers on social media and networking sites and, by extension, gaining a position of influence to more effectively spread their views on geopolitical issues such as Ukraine and Syria.

Russia and other cyber-sovereignty advocates like China are seeking to limit the kind of free flow of ideas that sparked the end of totalitarian regimes in the past. We should be prepared for Russian and other hackers to target websites that do this important forensic work and disseminate evidence of Russia’s efforts to influence our society.

The U.S. and its allies seeking to apply the same freedom of speech their citizens enjoy domestically to global cyberspace would do well to consider the value of doubling down on supporting web sites that disseminate the truth about Russia’s nefarious activities. Such an approach could strengthen our social media and network sites in the process.

The Author is Daniel Hoffman

Daniel Hoffman is a former Chief of Station with the Central Intelligence Agency. His combined 30 years of distinguished government service included high-level positions not only within the CIA, but also with the U.S. military, U.S. Department of State, and U.S. Department of Commerce. Assignments included tours of duty in the former Soviet Union, Europe, and war zones in both the Middle East and South Asia. During this time, Hoffman developed substantive expertise on geopolitical and... Read More

Learn more about The Cipher Brief's Network here.

CLICK TO ADD YOUR POINT OF VIEW

Share your point of view

Your comment will be posted pending moderator approval. No ad hominem attacks will be posted. Your email address will not be published. Required fields are marked *

One Reply to “Exposing Russian Interference – The Value of Real-Time Forensics”
  1. We know that Trump campaign demanded and got embedded programmers along with other employees knowledgeable of the algorithm used by Google, Facebook and Twitter.
    Questions needing to asked and answered are:
    How did Russia know how to exploit Google, Facebook and Twitter algorithms? How did the Russians get access to those algorithms? Did they discover these corporate secrets on their own? Did Google, Facebook and Twitter supply these algorithms directly to Russians? Did someone in the Trump campaign supply these corporate secrets to Russian operatives? Did Trump campaign supply these secrets to a third party who supplied them to Russian operatives?