In 2003 the United States and other countries created an alliance of nations dubbed the “coalition of the willing” to fight Iraq’s Kuwait invasion.
A former senior CIA official is calling for a digital “coalition of the willing” to fight foreign interference, including cyberattacks and misinformation, in nations around the world.
Sean Roche, a former associate deputy director of the CIA’s digital innovation branch, also told a Canadian and European Union-sponsored online panel discussion last week on battling foreign interference, this coalition would also have to create a digital information-sharing network to attribute and make public those behind cyber attacks.
Asked if a cyber attack on one of the 30 countries in the North Atlantic Treaty Organization (NATO) should allow the invocation of the charter’s Article 5 — an attack on one is an attack on all — Roche was hesitant.
Some incidents don’t require that level of response. “I really believe the basis of the conversation needs to be a ‘coalition of willing, of the like-minded'” to be ready to respond to a cyberattack, he explained.
“I’d be displeased if Article 5 is the centre of discussion instead of a coalition of the willing to start because we’d make progress faster on that,” he added.
He also said countries have to work together on attributing attacks publicly.
UPDATE: At a news conference this morning on election day Acting Homeland Security Secretary Chad Wolf said that while there has been “a multitude of foreign interference threats … our election infrastructure is resilient and we have no indication that a foreign actor has succeeded in compromising or affecting the actual votes cast in this election.”
Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA), which has responsibility for election security, said the agency has seen attempts by Iran and Russia to interfere in the election. “We have addressed those threats quickly, comprehensively and publicly.”
Still, he said, there may be other efforts. He urged Americans “to treat all sensational and unverified claims with skepticism.” He also said that technology sometimes breaks and there are some reports of “system disruptions, but that’s OK because there is resilience in the system. The vote will go on.”
SEE ALSO this report: U.S. Cyber Command expands operations against Russia, China, Iran
While the U.S Justice Department has attributed some attacks (most recently six Russians were charged with being behind huge data breaches and attacks on Ukraine and the 2016 attacks on political parties in the U.S.) Roche said more countries need to join and denounce attacks.
On those rare times when they do, it can have a “stunning result,” he said. But, he added, “it’s got to be a collective effort. It’s a team sport.”
He said nations have to upgrade their infrastructure so intelligence on cyber threats can be shared faster than it is today. “We cannot have everything locked away in a safe” because such intelligence is secret, he added.
For example, he said, there are recent allegations an Iranian-backed group got into U.S. election systems (see below), raising questions of whether Iranians and others. Did it interfere with voting machines? “We’ve got to find out at the speed of mission, not the speed of investigation.”
The panel was sponsored by the Canadian Conference of Defence Associations Institute, which represents 400,000 active and retired members of the Canadian armed forces, and the EU’s delegation to Canada. It was moderated by former Canadian national security advisor Richard Fadden.
“Clearly Russia and China are the main players, and we need to work our way through what they are doing,” he said, “but I think it is critically important as we try to deal with election interference to understand that this is only one tool in their cyber toolkit — and there are a variety of other things they’re doing in the cyber world we can’t ignore.”
Other panelists included Johann Schmidt, director of the European Center of Excellent for Countering Hybrid Threats, and Heli Tiirmaa-Klaar, Estonia’s Ambassador for cyber diplomacy.
The debate took place on the eve of the U.S. elections, which according to The Washington Post has seen Russia, China, Iran and other countries trying to spread fake news on social media sites.
Last month the U.S. Director of Intelligence and the head of the FBI said Iran and Russia had obtained U.S. voter registration information, much of which is public knowledge. But they alleged some of it was used in an email campaign made to look like it came from the far right-wing group Proud Boys.
Meanwhile, last week, the EU council sanctioned two persons and one entity for cyberattacks against the German Bundestag. And in July, it blamed Chinese and Russian individuals and entities for involvement in several attacks, including the attempted cyber-attack against the Organisation for the Prohibition of Chemical Weapons, and for launching the WannaCry and NotPetya malware.
EU ‘determined to take action’
In introducing the panel Eva Palatova, the head of the political section of the EU’s delegation to Canada, said that “with these decisions, we made it clear to everyone that we continue to be determined to take action to deter perpetrators of cyber attacks and hold them accountable.” The EU, she said, is co-operating closely with Canada and the U.S. to prevent and counter cyber attacks and misinformation aimed at undermining democracy.
Roche’s call for partnership found lots of support among the panel. “When it comes to cyber, we already have a coalition of the willing,” said Tiirmaa-Klaar, referring Canada, the U.S and Australia who have with the EU jointly attributed some attacks. “We just need to continue those efforts.”
Several years ago, Estonia and other states put together best practices for improving cybersecurity for elections, she added.
Schmidt pointed to the creation of the European Center of Excellent for Countering Hybrid Threats, which includes NATO. Hybrid threats combine cyber, military, diplomatic and other tactics on nations. Russia’s pressure on Ukraine, including alleged cyber attacks that twice knocked out its power grid as well as the 2014 annexation of Crimea are seen as an example of hybrid warfare.
Panelists also discussed how to respond to foreign interference, particularly if it is cyber-related. While some have argued cyberattacks should be replied with cyberattacks, panellists noted that other tools can be useful.
Tiirmaa-Klaar noted the EU has created a toolbox for responding to cyber actions, including economic sanctions, such as denying people entry to the EU or access to bank accounts. These tools were first used in July and again last month. “There is the collective will and a mechanism to respond to malicious cyber activity,” she said.
But Fadden argued that unless many nations impose sanctions, they won’t be effective.
Roche also noted governments might be able to go after those who willingly support nation-states that engage in cyber interference (other countries or criminal gangs, for example) or unwillingly support (ISPs or organizations whose servers have been unknowingly hacked to spread malware). But he warned against a retaliatory cyber strike. Victim countries can’t violate “accepted norms” of behaviour, he said.
Panelists also agreed political leaders also have to be better educated about foreign interference in domestic affairs to better lead public discussion of the consequences.
Fadden said countries won’t successfully deal with foreign cyber interference if they don’t consider other political and economic challenges they have with players like Russia and China. Criminals and domestic political extremists sometimes also try their hands at interference, he added. And political interference can also happen at the state, provincial, county and municipal levels, he added.
Remember, he concluded, cyber interference is new, and as soon as we come up with some ways to counter these attacks adversaries will come up with net strategies. That means in the short term we will have to accept that election interference will be with us for a while.