As part of its work to protect the 2018 U.S. midterm elections from foreign hackers and trolls, Cyber Command personnel visited Montenegro, North Macedonia, and Ukraine to collaborate on network defense with those allies and study cyberthreats, U.S. officials confirmed to CyberScoop.
The trip to Europe demonstrates how the command, which has grown in stature and capability since its 2009 inception, supports and learns from allies facing threats from persistent hackers.
“We sent defensive teams… to three different European countries,” Gen. Paul Nakasone, head of Cyber Command, told a House Armed Services subcommittee on Wednesday.
Nakasone did not name the countries. But a Cyber Command spokesperson said two of those countries were the Balkan nations of Montenegro and North Macedonia, which until February was known as Macedonia. And a U.S. government official with knowledge of the matter said the third country was Ukraine – something corroborated by a public statement from a top Defense Department official.
“We’ve been conducting some defensive cyber operations with some of our partners in Europe,” Burke “Ed” Wilson, the deputy assistant secretary of defense for cyber policy, told Signal Magazine in January. “It’s the first time we’ve actually had teams on networks in Macedonia, Montenegro and Ukraine, for starters.”
Part of the Cyber Command’s election preparations was working on defensive cyberspace operations directly with Montenegro, Macedonia, and Ukraine, a U.S. official told CyberScoop.
In the case of Montenegro and North Macedonia, Cyber Command personnel worked alongside officials from those countries to “increase interoperability…and deter malign influence on the democratic processes of our allies, partners and the U.S.,” the American military command in Europe said in statement in October.
Spokespeople for the governments of Montenegro, North Macedonia, and Ukraine did not respond to requests for comment on the election-security cooperation.
Montenegro is a member of NATO, while North Macedonia is in the process of joining the alliance. Russian President Vladimir Putin views NATO as an encroachment on Russia’s sphere of influence in Eastern Europe.
For its part, Ukraine has long faced threats to its electrical sector from hackers reportedly linked with the Russian government. And last month, the Ukrainian president accused Moscow of conducting distributed denial-of-service attacks on Ukraine’s election commission. Ukrainians go to the polls on March 31 to elect a president.
A Russian government spokesperson could not be reached for comment. Moscow has previously denied conducting cyberattacks against other countries’ critical infrastructure.
Allies help with attribution
After Russian intelligence operatives intervened in the 2016 U.S. presidential campaign through a comprehensive hack-and-leak campaign, Cyber Command, the National Security Agency, and other federal agencies were keen to prevent a repeat in 2018. Days before the Nov. 6 midterm vote, national security adviser John Bolton confirmed that the U.S. was conducting offensive cyber operations to thwart foreign adversaries from interfering in the election. Those measures included cutting off internet access for a notorious Russian troll farm, The Washington Post reported.
U.S. officials and lawmakers have hailed the command’s protection of the midterm elections as a success.
Sen. Mike Rounds, R-South Dakota, said visits to European allies can help U.S. officials get better at attributing cyberattacks to adversaries.
“If you can go to those other countries and find [hacking tools on networks], you start to lay out how to make those attributions more quickly, and you also can lay out the defenses for the types of tools that they use,” Rounds, a member of the Armed Services Committee, said in an interview.
When the U.S. develops close relationships with European countries that face threats from Russia, Rounds said, those allies “appreciate…our technical support, but we also learn from them what they discovered and how they made patches to their own systems.”
“This is a case of where you have a significant part of Europe trying to do a better job of defending itself against the onslaught of cyberattacks coming from Russia and its affiliated agents,” Rounds told CyberScoop.