Taking Down Russian Trolls is My Kind of Cyber Attack

Posted: February 28th, 2019

By Jason Healey

Jason Healey is a Cipher Brief Cyber Advisor and Senior Research Scholar at Columbia University’s School for International and Public Affairs, and Visiting Scholar at the Hoover Institution at Stanford University, specializing in cyber conflict and risk. He started his career as a U.S. Air Force intelligence officer, before moving to cyber response and policy jobs at the White House and Goldman Sachs. Healey was founding director for cyber issues at the Atlantic Council where he remains a Senior Fellow and is the editor of the first history of conflict in cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012. He is on the DEF CON review board and served on the Defense Science Board task force on cyber deterrence.

The debate on cyber conflict has gotten so locked into deterrence, escalation, coercion, and signaling we pundits often forget that conflict is sometimes straightforward and you just have to stop adversaries from punching you.

This ought to be the main lesson from Ellen Nakashima’s article that U.S. Cyber Command disrupted the Internet connection of the Internet Research Agency, the Russian troll factory, to prevent their trying to disrupt the 2018 mid-term U.S. election.

This was not about “deterrence” or “signaling” but a specific counter-offensive op to counter a specific adversary from conducting a specific activity during a specified window of high-vulnerability. It was part of campaign specifically approved by the president. Jim Miller, former Undersecretary of Defense and Cipher Brief expert, calls this “kicking the knife out of the hand” of attackers.

Even those like me who worry about the escalation and intensification of cyber conflict – and the U.S. role in that – can find reasons to like this operation.

From what we know now, this seems to be a restrained, focused, and targeted counter-offensive operation. Did it stop this IRA? According to Nakashima’s sources, yes, as the “blockage was so frustrating to the trolls that they complained to their system administrators about the disruption.”

Will disruption like this work as a regular tactic in the medium term? Who knows? In a complex system like the overlap of warfare, diplomacy, and cyberspace, “we can never merely do one thing.” It is an experiment, so the United States must watch the Russian reaction and measure, as best it can, the cumulative effects of such operations.

Perhaps the final statement to critics concerned about whether Russia will “shoot back” or “escalate” is that the Russians are interfering in U.S. elections, the core of our constitutional government. It is not exceptionalism to cheer on and protect what made the United States unique in all the world.

If that isn’t worth some escalation risk, then what is? Certainly, the integrity of our democratic process is a more reasonable place to draw the line than a North Korean attack on a movie studio or Iranian attack on a casino.

This operation is the clearest illustration of the new direction of the Trump administration and the operating concept of the Department of Defense. John Bolton, the national security advisor, boasts that “our hands are not tied as they were in the Obama administration.”

There is a great deal to be concerned about in this new vision, not least the confidence dripping off USCYBER that they’ve figured this all out. But when it comes to operations to stop Russian trolls from disrupting U.S. elections, those concerns are misplaced.

This is the right kind of cyber operation and one that all democracies should applaud.