Exposing Russian Interference – The Value of Real-Time Forensics

By Daniel Hoffman

Daniel Hoffman is a former senior officer with the Central Intelligence Agency, where he served as a three-time station chief and a senior executive Clandestine Services officer. Hoffman also led large-scale HUMINT (human intelligence gathering) and technical programs and his assignments included tours of duty in the former Soviet Union, Europe, and war zones in the Middle East and South Asia. Hoffman also served as director of the CIA Middle East and North Africa Division. He is currently a national security analyst with Fox News.

Russian President Vladimir Putin has sought to exploit open and free U.S. cyberspace, which serves as a force multiplier for commerce and freedom of expression, with hacking and discoverable influence operations. Conducting all-source forensics following these Russian attacks on our democratic process, U.S. social media networking sites are in the incident response phase — “to the right of boom.” Google, Facebook and Twitter were subjected to highly aggressive questioning during recent Senate hearings, which focused on the results of their forensics as well as technical countermeasures designed to deny Russia’s nefarious use of their sites.

The hearings were a positive step forward in warning fellow Americans about Russia’s efforts to degrade trust in the modern cyber infrastructure. We are, however, still building an effective strategy for countering Russia’s intrusions into our cyberspace, which so threaten the critical infrastructure of our democratic process.

We should not expect Twitter, Google and Facebook to solve this challenge independently, without outside assistance. Our cyberspace is under siege. Beyond Congress ringing alarm bells about Russian election meddling during open hearings, the U.S. government should join the private sector in assisting our social networking and media sites with improved warning, forensics and countermeasures.

First, social networking and media sites should rely on the intelligence community for indicators and warning of nefarious state and non-state actors’ intentions to target our cyberspace. While intelligence reporting on individual tactical incursions into our cyberspace is not a realistic expectation, the community could steal the secrets that would reveal an adversary’s strategic plans and share the threat intelligence, while protecting source identities along the same model we use for counterterrorism.

Second, we need incident response dashboards to track Russian-backed disinformation and propaganda on our social networking and media sites. Security teams for Google, Facebook and Twitter would benefit from private sector websites that produce accurate and close to real-time reporting on social networking posts, videos and tweets that are assessed to spread Russian propaganda from Russia Today, Sputnik and other users that promote the government of Russia.

Speed is critical.  Our social networking and media sites should assume they will continue to be exploited and hacked. In incident response, forensics should take seconds or minutes, not months. Countermeasures should begin immediately after the threat is detected.

While our social networking and media sites rightly focus on reducing their vulnerability with technical countermeasures, the most elegant response is to use the benefit of free speech to provide education and information — the best defense against false narratives in any case. This critical arrow in our quiver can counter Putin’s efforts to drive a wedge between the U.S. and its allies in the European Union and NATO as well as the Russian regime’s attempts to degrade the democratic process in the U.S. and the West.

Bringing transparency to Russia’s efforts to soil our democratic process would inoculate the American public against Russian influence not by censoring or blocking Kremlin-linked accounts, but rather by disseminating the truth. The Kremlin has been focused on not only sowing divisions within American society, but also acquiring followers on social media and networking sites and, by extension, gaining a position of influence to more effectively spread their views on geopolitical issues such as Ukraine and Syria.

Russia and other cyber-sovereignty advocates like China are seeking to limit the kind of free flow of ideas that sparked the end of totalitarian regimes in the past. We should be prepared for Russian and other hackers to target websites that do this important forensic work and disseminate evidence of Russia’s efforts to influence our society.

The U.S. and its allies seeking to apply the same freedom of speech their citizens enjoy domestically to global cyberspace would do well to consider the value of doubling down on supporting web sites that disseminate the truth about Russia’s nefarious activities. Such an approach could strengthen our social media and network sites in the process.


Related Articles

Search

Close