In anticipation of the 2024 U.S. elections, the U.S. intelligence community and law enforcement agencies are on heightened alert due to emerging foreign influence operations seeking to undermine electoral integrity. Major technology firms, including Microsoft, have proactively engaged with government entities, offering their expertise and insights on disinformation campaigns tied to the electoral process. The rapid identification and attribution of these disruptive efforts to actors from Russia, China, and Iran by authorities represent a significant shift from previous cycles, highlighting a robust response mechanism to combat malign interference.
During a presentation at the Cyberwarcon security conference in Arlington, Virginia, researchers from the Atlantic Council’s Digital Forensic Research Lab shared preliminary findings on the evolving nature of attribution practices in the context of this year’s elections. Their analysis sought to understand the implications of swiftly naming foreign adversaries involved in influence operations, contrasting this approach with previous electoral cycles, where governmental attributions were less frequent and more ambiguous.
Emerson Brooking, Director of Strategy and a Senior Fellow at DFRLab, referenced the foundation laid by a 2020 project centered on concerns around transparency during the Trump administration regarding foreign cyber threats. In stark contrast to the past, the current landscape is characterized by a veritable flood of claims from the U.S. government about various adversaries conducting influence operations, prompting the researchers to investigate the possibility of overcorrection in attribution practices.
Reflecting back on the 2016 presidential election, it is evident that Russia’s extensive digital influence operations took U.S. intelligence by surprise. Although law enforcement was aware of Russia’s probing activities, there was initially no acute urgency to address the issue. It was not until four months after the Russian hack of the Democratic National Committee that the U.S. government publicly attributed the attack to the Kremlin. The delay in formal acknowledgment was indicative of a broader struggle within U.S. institutions to articulate the full extent of foreign cyber threats.
By 2020, an increase in collaboration between federal, state, and local bodies around election security led to a marked improvement in attribution practices. Research indicated that a substantial percentage of influence operation attributions stemmed from U.S. intelligence or federal sources, highlighting a shift toward more transparent communication. DFRLabs Fellow Dina Sadek emphasized the critical role of the quality of information provided in these attributions, as the perceived objectivity and credibility greatly influence public understanding.
The researchers noted that precise details, such as confirmation that Russia produced misleading videos related to voting in Pennsylvania, exemplify high-quality attribution that effectively minimizes public speculation and doubt. In contrast, vague warnings from intelligence agencies can inadvertently energize influence campaigns that would otherwise go unnoticed by the electorate.
Looking ahead, while the researchers acknowledged improvements in the attribution landscape, they expressed concern about potential regressions with the possibility of a new administration. The commitment to transparency and effective communication authority could face challenges in future electoral cycles.
Brooking concluded by underscoring the importance of maintaining public interest in disclosures around foreign influence, remarking that the current state, which reflects greater transparency, may not persist in forthcoming political environments. As businesses and their leaders navigate the complexities of the ongoing cyber threat landscape, understanding these dynamics will be essential for mitigating risks tied to foreign influence and cyber operations during the upcoming elections.
Employing the MITRE ATT&CK framework, one could speculate that techniques such as initial access, execution, persistence, and command and control might have been part of the tactics utilized in these foreign influence operations. Awareness and preparedness in recognizing these possible adversary actions are crucial for businesses as they prepare to defend against emerging cyber threats.
