Col. Roman Vitkovitsky is the Director of Cyberspace Operations for the United States Marine Corps. He was previously the DARPA Service Chief Fellow and the Chief Strategist for DISA. The views presented here are those of the writer and do not necessarily represent the Department of Defense and its components.
On December 31, 2019, health officials from the People’s Republic of China informed the World Health Organization (WHO) about a cluster of 41 patients who had fallen ill with a mysterious pneumonia around the area of the city of Wuhan. Attributed to a novel coronavirus, infections spread and information was sparse. Within a month, the World Health Organization (WHO) declared a health emergency of worldwide proportions surrounding the newly named COVID-19.
Websites touting coronavirus- or COVID-related pages were set up in cyberspace and information distribution networks kicked into gear. By the time WHO declared a global pandemic on 11 March, more than 7,000 internet domains were registered on the internet of which the vast majority appeared to be inauthentic or malevolent. Conditions went from stark to grim.
By March 31, circumstances had altered significantly. Almost 3 billion people were under “lockdown” and more than 12,000 coronavirus-related domains were discoverable online. In less than five months, instances of the new disease had manifested itself over 185 countries and appeared to still be spreading.
As scientists urgently researched, global leaders struggled to inform their people and guide their nations into response actions. Diverse courses of actions were pursued, reflective of the great diversity in circumstances and conditions spanning the globe. An ugly trend was clearly identifiable. For every valid website, there seemed to be a dozen or more with questionable roots or making spurious claims. The pandemic continues to be embroiled in a full-blown “infodemic” of false and misleading information, hampering coordination, stymying response efforts and confounding understanding.
On April 8, a joint advisory from the United Kingdom’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) was released. Their missive provided alarming information on heightened exploitation by malicious cyber actors cyber criminals and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic.
As anxiety climbed, fraud alerts were issued to raise awareness of the myriad scam methods rippling across social media and the internet. The twin specters of economic and national catastrophes were being sped along by a plethora of criminal enterprises and distinctly identifiable nation-state actors. Attack campaigns were being executed by well-choreographed and sophisticated threat agents in cyberspace.
In Britain, the NCSC had detected more UK government branded scams relating to COVID-19 than any other subject. The US and many other countries were in a similar position. However it was clear conditions on the internet were not being shaped by cyber criminals alone. Hostile cyber groups backed by national infrastructures were holding Western targets at risk. Rapidly evolving tactics were deployed by a savvy adversary to take advantage of the huge demand for COVID-19 related information.
Information interchange, the strength of research networks and rapid developers, was being turned against liberal societies and forged into an opportunity to deliver malware. Credentials were stolen from private corporations, non-profit foundations, civic organizations and public utilities to create expansive lists of critical targets. Ransoms were demanded from hospitals, transportation networks, and various tiers of governments, to be paid in untraceable digital currencies. Critical resources were being removed from strained systems just when they were needed most. Havoc and confusion hampered the efficient delivery of materials up and down the supply chain, confidence was undermined in political systems, and ground-breaking scientific discoveries were waylaid or met with inordinate skepticism.
Gallup polls from June 2019 recorded 73 percent of respondents expressed the highest ratings of confidence in the U.S. military. Americans’ confidence in their Armed Services is part and parcel of healthy civil-military relations. We have yet to see what impact recent events will have on public perceptions of the military in 2020. But chances are that there will be an impact. And that is itself dramatic. After nearly two decades, Americans have given their military the highest confidence ratings of any social institution. Yet questions are raised over the prioritization of resources and the appropriateness of response actions.
Max Boot posited [in the Washington Post Opinion Section, 31 Mar 2020, “Covid-19 is killing off our traditional notions of national defense”] that our military is outdated and ill-suited to deal with many of today’s crises. But he pointed to security forces, medical assistance, engineering and logistics support. Those capabilities only scratch the surface of what is available.
There is a large reservoir of knowledge, experience and skill represented by active and reserve military forces at the federal level, and at the state level through their respective national guard bodies. These forces are synchronized. We generally use the same tools, tactics and procedures. And we can be used in similar ways. A considered application of military capabilities to the current situation should go beyond traditional applications of military hard power. It is time to leverage cyberspace operations for information statecraft and apply the tools of artificial intelligence and other advanced technologies to protect free discourse, promote intellectual interchange and assure social stability through respect for our fundamental institutions.
A curious phenomenon was noticed in the Spring of 2020. YouTube regulars entering the phrase “Wu Mao” in YouTube comment sections would lead to the automated removal of that comment within about 30 seconds. The “50 Cent Army” is a group of state-backed internet commenters posing as civilians. The root of the nickname – the idea that the government pays 50 renminbi cents per pro-China post – has long been debunked. However, they are very much aware and on their toes, constantly scanning, seeking any narrative counter to their purpose.
Confusion surrounding the origins of the Wu Mao crowd is apropos. Redirecting public opinion has been state policy in China since 2008 according to David Bandurski of the Hong Kong Media Project. Acknowledged by official state media as government agents presenting themselves as patriotic citizens, Wu Mao numbers have been reported ranging from 500,000 to two million. The purpose of this formidable assemblage of harmonized voices is to manipulate public opinion for the benefit of the Communist Party of China.
The Wu Mao may be among the earliest tools to ply statecraft in the information environment. But they are not alone. The Communist Youth League (CYL) is a more recent group, with some 89 million members aged 14 to 28. More aggressive and savvy than the Wu Mao, they have been described as energetic pro-Party voices who have been implicated in maligning a panoply of targets, from human rights activists like Hu Shigen, to Olympic athletes lik Mack Horton, and foreign leaders like Tsai Ing-Wen.
China has exercised itself across land, sea, air space – and cyberspace, seeking more and better ways to control perceptions of itself online. Documented efforts by the People’s Republic of China appear to be directed at sowing confusion, purporting a non-Chinese origin for COVID-19 or, the US military and 5G networks as vectors for spread of the disease.
This nuanced and savvy technological approach is not unique to China. Russia’s “web brigades” and Internet Research Agency have come to be known as masters of information manipulation. The tide of illiberalism on the Internet in Russia has been marked since 2000. Totalitarian values were espoused in 60-80 of all contributions. Swamping what had been in the late 90s a strong tendency (70%) of web posts to express more liberal and democratic views.
The Web Brigades have been alleged to exist since at least 2003. As state involvement continued to grow in online influence operations in Russia, the Internet Research Agency was founded in 2013 to spread propaganda and amplify the official line. And in 2017, the Russian Information Army was acknowledged by the Russian Defense Minister Sergei Shoigu. The concerted efforts of intelligence operatives, civilian internet professionals and uniformed members of the Russian military have yielded results.
By 2019, Facebook took down more than 50 networks worldwide for seeking to manipulate public debate. Inauthentic behavior, encompassing fake engagement, spam and artificial amplification, are reported by Facebook as Coordinated Inauthentic Behavior (CIB) and Foreign or Government Interference (FGI). CIB and FGI were propagated from Russian sources and posted in English, Farsi (Iranian), French, German, Georgian, Indonesian, Hungarian, Russian, Serbian, and, Spanish.
Mass manipulation through the coordination of official state activities is not restricted to China and Russia. The latest Freedom House “Freedom on the Net” report reviewed 65 countries accounting for 88% of the global internet population. On a scale of 0-100 with 100 being Most Free, China scored an (imperfect) 10; the lowest score produced. Russia came in at 30, a score designating it as Not Free. The United States, the United Kingdom and Australia came in at 77, with four other countries scoring higher, Iceland (95), Estonia (94), Canada (87) and Germany (84).
There is a correlation between political freedom and official inauthentic activity on the internet. And populations unused to manipulation appear to be susceptible to inauthentic activity. Testimony presented by Rand Waltzman to the Senate Armed Services Committee, [Subcommittee on Cybersecurity in April 2017] laid out very clearly the weaponization of information and the need for cognitive security. We must expect adversaries to collect tactical information and disseminate propaganda in pursuit of competitive advantage.
Disinformation and state propaganda are a continual campaign that must be met by a whole-of-nation campaign in America and a whole-of-society approach from like-minded nations that brings together military cyber capability with other government, civic and commercial organizations. In the United States, that can start with the expansion of the Defense Support of Civilian Authorities (DSCA) to include cyber assistance.
A change in the level of military cooperation and assistance might be warmly welcomed. Americans routinely give the military the highest confidence rating of any social institution. They cite the perceived professionalism and competence by which the military executes its responsibilities and the importance of military activities on behalf of our nation.
Perpetrators of fraud at any level will take advantage of opportunities to steal money, personal information, or both. Right now, criminal and state actors are using the uncertainty surrounding the COVID-19 pandemic to further their efforts. There is an “infodemic” — a tsunami of information, misinformation, and rumor that has seen the rise of digital literacy initiatives to help people cope with the true crisis and combat manipulation by bad actors.
The surge of telework among public and private sector following the coronavirus outbreak created a wide attack surface for malicious third-parties including Advanced Persistent Threats (APTs) to exploit in numerous ways. The military has a unique capacity to assist under the provision of DSCA codified in Department of Defense Directive 3025.18. APTs are known threats to the military and an argument can be made for the logical extension of a national shield over intellectual property, private networks, voting systems and other cyber-enabled infrastructure.
The authorities outlined here are time-tested. Military Support to Civil Authorities is not new. The policies and responses of the military departments providing civil support has evolved from the early 1950s to today. The current DOD Directive was initiated in 2010 and amended in recent years.
Forewarned is forearmed, and nowhere is this sentiment more true than in cyber where a continuous campaign of influence and propaganda are waged against progressive societies in the United States and beyond. Throughout the pandemic, we have been under an onslaught of fake news and malign messages intended to thwart our national purpose.
This is warfighting. And warfighting has evolved to include Cyber as the fifth domain of warfare. As global power politics plays out over types of media that did not even exist when most military support legislation was conceived and written, there is a need to reassess the interaction of the DoD in the broader framework.
Read more expert-driven national security insights, perspective and insights in The Cipher Brief