全球智库信息集成服务系统

Summary

Russia’s aggressive campaign targeting the 2016 U.S. election revealed not only the extent to which information and communications technologies are being used to undermine democratic processes but also the weaknesses of protection measures. The U.S. government was effectively caught off guard, once again highlighting that such interference presents a rising global threat. Comprehensive strategies and tools are clearly needed as part of a long-term, holistic approach to building resilience, but to be effective, they should be informed by the regular sharing of best practices and lessons learned between countries.

In reaction to Russia’s disruptive campaigns in Europe and the United States, European governments took steps before and during their 2017 elections to better protect against disinformation campaigns and cyber attacks. Unsurprisingly, an examination of their efforts shows the importance of identifying risks at the local, regional, and national levels and actively engaging political parties and traditional and social media outlets. These lessons and others could provide the basis for a common, analytical framework to assess the different dimensions of risk and guide countries’ preparatory actions.

Lessons From European Efforts

• Consider electoral systems as part of critical infrastructure, institutionalize preparations to protect election processes, and broaden activities to the subnational levels.
• Focus on resilience measures, for example, by conducting regular vulnerability analyses and developing contingency plans. Legal measures should be explored through an inclusive process.
• Issue public statements to deter threat actors and educate voters about disinformation campaigns.
• Train and educate political parties and campaigns to better protect against potential interference.
• Conduct government-media dialogue, encourage media to take voluntary protective measures, and engage social media companies in mitigating potential threats.
• Support international cooperation, particularly the sharing of lessons learned and best practices.

Preparing for the 2018 U.S. Midterm Elections

• Issue a clear warning that interference in the 2018 elections by Russia or any other actor will result in severe consequences.
• Coordinate government efforts to protect against cyber attacks and disinformation.
• Provide more training and support to state and local election officials.
• Regularly assess election infrastructure.
• Encourage states to reevaluate the use of electronic voting machines.
• Encourage political parties and their candidates, staff, and volunteers to follow basic cybersecurity practices.
• Encourage donors to require that political parties and campaigns implement basic cyber hygiene for their candidates, staff, and volunteers.
• Urge political parties and campaigns to explicitly state that they will not use or support social media bots.
• Increase society’s resilience by clearly communicating the risks of foreign interference in U.S. democracy.
• Promote independent citizen fact-checking and investigative journalistic initiatives.
• Improve media literacy among the public.

Introduction

In 2016, Moscow brought a threat that has long plagued many Central and Eastern European capitals to the heart of Washington, DC. Russia hacked the U.S. Democratic National Committee’s system and subsequently released the confidential material to the public in a clear attempt to influence the outcome of the 2016 U.S. presidential election.¹ The cyber attack was paired with a disinformation campaign whose scope and reach is still being assessed more than a year later. The administration of then president Barack Obama was certainly concerned about potential hacking—especially given the malware attack during Ukraine’s 2014 presidential election—but all evidence to date suggests that the Russian government achieved significant success without actually hacking election infrastructure. The U.S. government was essentially caught off guard.

After witnessing the events in the United States, a number of European leaders scrambled to protect their countries against similar interference in their 2017 elections. Some of their actions appear to have been successful, but given the urgency, they were likely hindered by ad hoc coordination and knowledge sharing. Systematically studying these efforts and others could proactively help to inform the development of long-term strategies and tools to improve countries’ resilience to future attacks. More importantly, such analysis could pave the way for sharing lessons learned and best practices across countries—an urgent effort considering that, in 2018 alone, elections will take place in Georgia, Latvia, Sweden, Brazil, and Mexico, among others. And in 2019, elections to the European Parliament will occur. Looking ahead to the November 2018 U.S. midterm elections and the next presidential election in 2020, U.S. officials are particularly worried about further meddling. According to U.S. Director for National Intelligence Daniel Coats, “there should be no doubt that Russia perceives its past efforts as successful and views the 2018 U.S. midterm elections as a potential target.”² So as the United States and other countries ponder how to better prepare for interference,³ what can be drawn from Europe’s recent experiences?

Systematically studying these [Europe’s] efforts and others could proactively help to inform the development of longterm strategies and tools to improve countries’ resilience to future attacks.

An examination of the protection measures that Germany, France, the Netherlands, and the United Kingdom enacted in 2017 and prior offers a good starting point for assessing the dimensions of risk and the effectiveness of preparations for, and responses to, election interference. These countries are geopolitically important within Europe as well as with regard to Russia. Their specific experiences are also useful to compare. The hacking of French President Emmanuel Macron’s campaign during the presidential election arguably stands out as the Kremlin’s most brazen action. The elections in Germany, on the other hand, are remarkable because no significant attempts at interference were reported. The events of the past year and a half merit a closer look to determine what actually happened and why. Sweden, which will hold elections in September 2018, is also worth including, as it offers potential insights into how a country can prepare well ahead of time to protect its elections.

When studying Russian interference and country preparations and responses, it is important to differentiate between “fake news” and hacking operations. This ensures that the full range of vulnerable targets are accounted for—including the databases of political parties and campaigns, social media platforms and conventional news organizations, the personal accounts of candidates and their families, voter registration systems, voting machines and software, and transmission channels for voting results. Thus far, based on open-source information, government tools to protect such targets have largely included operational and policy changes, such as the banning of electronic vote counting; technical changes to election infrastructure; legal measures, such as new laws; and awareness-raising campaigns.

However, eliciting best practices—and, more importantly, a long-term, holistic approach to interference—cannot come from merely studying these targets and tools in isolation. And doing so would not be conducive to ongoing, systematic knowledge sharing. Thus, it could be helpful to combine their general dimensions within an analytical framework—to inform both future strategies and more in-depth research. Drawing on the experiences of Central and Eastern European countries in recent years and the United States during the 2016 election, a framework begins to take shape. It conceptualizes the different risk dimensions of disinformation campaigns and hacking operations, places them in the context of an election cycle, and lists the types of preparatory actions governments can take at all levels. Stakeholders in the United States and other countries could further develop this framework, perhaps as part of an internationally coordinated effort. Meanwhile, lessons learned and best practices garnered from case studies could inform stronger legal, technical, operational, policy, civil society, and educational measures against likely interference perpetrated by Russia and other actors.   

Five European Experiences With Russian Election Interference

Netherlands: General Elections, March 2017

Following warnings from Dutch intelligence, officials in the Netherlands took the issue of potential Russian interference in its elections seriously. But because of either their active preparations or an apparent lack of Russian effort at interference, the elections were carried out successfully and without any noteworthy interference.  

Preparatory Actions

Reports of Russian activities during the U.S. election placed The Hague on high alert. It was already concerned about potential interference due to two major incidents: the alleged hacking of the Dutch Safety Board’s computers in October 2015 by a group of Russian hackers known as Pawn Storm (also known as APT28 and Fancy Bear) and the alleged meddling leading up to the April 2016 Dutch referendum on a European Union (EU)–Ukraine trade deal by either Netherlands-based, pro-Russian sympathizers or activists.⁴ The timing of the former incident made the objective clear: it occurred both before and after the board published its report investigating the downing of flight MH17 in eastern Ukraine. Despite the apparent failure, Moscow’s activities had a significant impact. Local pro-Russian voices in the Netherlands actively tried to counter the hacking accusations.⁵

Interference leading up to the referendum was perhaps more blatant. The Kremlin was vehemently against the EU-Ukraine trade deal. A consortium of local pro-Russian, anti-Ukraine expats—led by a left-wing Dutch parliamentarian, Harry van Bommel—vocally opposed the deal and referred to Ukraine’s pro-Western government as a “bloodthirsty kleptocracy.”⁶ The opposition used in-person meetings, television, and social media to echo their views. In addition, pro-Russian agents passed themselves off as Ukrainians to infiltrate town hall meetings and Dutch groups akin to U.S. political action committees, such as the conservative Forum for Democracy, which became a major political party in 2016.⁷ During the referendum, the party repeated the Kremlin’s talking points and shared Moscow’s propaganda videos.⁸

Of course, Russian interference was not the only factor that influenced the referendum; the referendum also reflected the Dutch population’s growing antipathy toward the EU.⁹ The Hague has been particularly concerned about the more amorphous threat of local populists who, knowingly or unknowingly, champion Russia’s agenda in their attempts to disrupt the political status quo.

The fact that the General Intelligence and Security Service (AIVD) began surveilling the Russian hacking group Cozy Bear in mid-2014 and alerted U.S. officials to its activities in 2016 reveals just how seriously the Netherlands was taking the threat of interference.¹⁰ Notably, the agency was able to corroborate the U.S. Democratic National Committee hack because it was monitoring Russian activities in the aftermath of the Dutch Safety Board hack and interference in the EU-Ukraine referendum.

In its 2016 annual report, the AIVD highlighted an increase in Russian influence operations targeting the country’s economic, political, scientific, and defense sectors.¹¹ The report specifically cites cyber attacks, attempted recruitments of human intelligence, espionage, false flag operations, and the manipulation of public opinion.¹² It states that “the dissemination of disinformation and propaganda plays an important role in clandestine political influence.” It also attributes an attack against 100 government email accounts to Russian activity. Dutch intelligence officers openly assert that Russians have persistently tried to “penetrate the computers of government agencies and businesses.”¹³

The Dutch government took several measures to protect against potential Russian interference ahead of its March 2017 elections. Electronic voting was banned in the Netherlands in 2007 to ensure the public’s trust in the democratic process, but the government felt that additional steps were necessary after receiving reports of software-related vulnerabilities. Fearing that Russia would attempt to hack into vote counting technology, it decided to ban the electronic counting of ballots and election officials’ use of USB flash drives and email.¹⁴ The Dutch interior minister was particularly concerned about the technology’s outdated software but also wanted to enhance public confidence so that “not a shadow of doubt should hang over the results.”¹⁵ Further contributing to the government’s decision were rumors that Russia was looking to hack other elections after the 2016 U.S. election.¹⁶ During a visit in Washington, DC, in January 2017, then Dutch foreign affairs minister Bert Koenders met with U.S. officials to discuss any specific information pertaining to potential Russian cyber attacks against the Netherlands. While it is unclear whether any such information was exchanged, the trip is evidence of the seriousness the Dutch government ascribed to the issue of Russian meddling.  

Fearing that Russia would attempt to hack into vote counting technology, it [the Netherlands] decided to ban the electronic counting of ballots and election officials’ use of USB flash drives and email.

In addition to the bans, the government made efforts to raise public awareness of Moscow’s persistent efforts to infiltrate domestic and international governments, disrupt the political process, and influence policymaking by acquiring clandestine information through cyber espionage and human-acquired intelligence. These efforts also aimed to sensitize the Dutch public to disinformation and alternative facts by highlighting and discrediting troll-manufactured videos and by sharing forensic evidence that linked social media feeds by activists to Russian media outlets.¹⁷

Social media companies also took action ahead of the March 2017 elections. Facebook announced that it would introduce a fact-checking function to newspaper articles in the Netherlands.¹⁸ However, in the Netherlands, mainstream media outlets continue to have a much stronger foothold than tabloids, overtly partisan news outlets, and social media companies. Consequently, there was already a significant baseline against which disinformation and alternative facts could be benchmarked.

Still, the Netherlands’ preparations had some shortcomings. Efforts to train politicians and government officials—carried out by The Hague Security Delta and other groups—generated little interest. In addition, according to information technology (IT) experts, Dutch political parties did not take sufficient steps to protect their websites prior to the elections.¹⁹

Notable Interference

According to the AIVD, Russia was not able to “substantially influence” the 2017 election process; its interference was mostly contained to spreading false information in the public debate.²⁰ The Netherlands was therefore spared another high-profile incident.

One reason for the limited interference might be the increased attention given to the issue by Dutch officials in recent years and the commensurate efforts to enhance preparedness—such as removing electronic counting of ballots—which denied Russia any opportunity to meddle. Moscow may also have been wary of further inflaming public opinion in a country where nearly 200 Dutch nationals were killed by Russian-backed rebels in the MH17 incident in Ukraine. Another reason could be that Russia values its relationship with the Netherlands, which is a major trading partner, and did not want to sow tension with Dutch leaders, especially after the MH17 incident.

Post-Election Responses

To further ensure the availability of reliable information during elections and referenda, Kajsa Ollongren, minister of the interior and kingdom relations, launched a dialogue with representatives of social media and technology companies to discuss the dissemination of fake news. As a result, Facebook partnered with Leiden University and a Dutch news website called Nieuwscheckers to fact-check news shared on social media. The website employs Google’s fact-checking feature,²¹ Google Project Shield, which, incidentally, helped protect a popular Dutch voting-information website, Kieskompas, from a distributed denial of service (DDoS) attack during the days leading up to the March 2017 election.²²

The government has also taken steps to strengthen Europe’s collective efforts. It is considering more Dutch support for the East StratCom Task Force, part of the European External Action Service, and is advocating more dialogue between the EU and North Atlantic Treaty Organization (NATO) on countering disinformation.

Dutch officials need to expand their efforts to include training politicians and protecting political parties.

Conclusions

Russian interference surrounding the Dutch EU-Ukraine trade referendum, combined with the reports of Russian interference in the 2016 U.S. elections, led Dutch officials to boost their efforts to safeguard the March 2017 elections. They took significant steps to strengthen the resilience of their electoral processes and systems. That being said, Russian influence is still at work in the Netherlands, and Dutch officials need to expand their efforts to include training politicians and protecting political parties. The Forum for Democracy party now wants a referendum on remaining in the EU and is polling in second place in the Netherlands.²³ Moreover, Geert Wilders’ Freedom Party, an anti-immigration and euroskeptic party, has historically been closely aligned with Russian interests in the European Parliament and is advocating the lifting of the EU’s “anti-Russian sanctions.”²⁴

France: Presidential Election, May–June 2017

Russia’s attempts at election interference in 2017 were perhaps the most brazen in France. While French security officials made admirable efforts to protect against interference, what is more remarkable are the significant preparations made at the party level, in particular by En Marche, the prime target for suspected Russian interference during the campaign.

Preparatory Actions

First, it is worth nothing that France has a highly centralized political system and thus has less built-in resilience to interference than other more decentralized systems. The French president is elected directly by voters, but the election occurs in two rounds. In the first round, every candidate who manages to obtain the signature of 500 elected officials is allowed to run. Unless one single candidate receives a majority of votes, the two candidates who obtain the most votes at the end of the first round then face off in the second round.

In October 2016, after learning about Russia’s hacking of the U.S. Democratic National Committee and the subsequent information leaks, the head of the French Prime Minister’s General Secretariat for Defense and National Security, Louis Gautier, wrote a letter to the leaders of the main political parties warning them against the risk of “sophisticated and repeated attacks, obviously carried out by organized groups.”²⁵ To learn about recent cyber attacks and garner some security advice, he also invited all major parties to attend a closed briefing with the National Cybersecurity Agency of France (ANSSI). The agency provided them with a thirty-six-page cyber security handbook, a fifty-two-page primer on DDoS attacks, and a USB flash drive with additional information. Tellingly, Marine Le Pen’s right-wing National Front party was the only one absent from the briefing.

In addition, other high-level government officials publically and emphatically stated that they would not tolerate Moscow’s attempts to disrupt the country’s democratic process. In February 2017, then French foreign minister Jean-Marc Ayrault strongly implied that Russia was behind the cyber attacks plaguing Emmanuel Macron’s presidential campaign and warned that Paris would not accept “any interference in its electoral process.”²⁶

ANSSI’s preparatory activities focused mainly on protecting election infrastructure. Following a systems vulnerability assessment, and contrary to initial plans, the agency announced that electronic voting—banned in France since 2012, with an exception for French overseas voters—would not be permitted at all in the June 2017 legislative elections. In addition, the agency gave parties a list of approved independent experts who could inspect and test their cyber infrastructure on-site. Individual parties have their own structures in place, and both conservative Republicans and center-left Socialists have their own dedicated IT teams.²⁷ The IT team for Macron’s En Marche party developed unorthodox methods to confuse detected attackers: the policy was to “flood [phishing email] with multiple passwords and log-ins, true ones, false ones, so the people behind them [the attacks] use up a lot of time trying to figure them out.”²⁸

Macron’s IT team developed a system to feed attackers with bogus information to preemptively degrade the value that might be derived from leaked campaign documents.

Preparations against disinformation campaigns were more ad hoc; government agencies did not appear to make a centralized effort to guard against them. Macron’s IT team developed a system to feed attackers with bogus information to preemptively degrade the value that might be derived from leaked campaign documents. Macron also enlisted an “anti-fake news commando” team of three lawyers to actively stem the barrage of disinformation aimed against him.²⁹

Media outlets also took proactive measures to counter disinformation campaigns. In February 2017, Le Monde, a prominent French newspaper, published an index that referenced hundreds of websites and their level of reliability.³⁰ Google partnered with more than thirty media outlets, including main newspapers and television stations, to build the CrossCheck fact-checking platform.³¹

Notable Interference

Malicious cyber activity during the 2017 presidential election was concentrated almost exclusively on Macron’s campaign. His team first reported that it had been hacked in October 2016 but declined to give details about the nature of the attacker.³² Facebook confirms that Russian agents set up twelve fake accounts and posed as acquaintances of people close to Macron in attempt to glean intelligence.³³ In addition, spear-phishing emails under the guise of a fake Microsoft storage website attempted to glean passwords and login data from staff members. One and a half days before the runoff vote between Macron and Le Pen on May 7, 2017, 9 gigabytes of stolen files and 21,000 emails were uploaded to the platform Pastebin under the username EMLEAKS. In late July, WikiLeaks republished the emails in a searchable cache.³⁴ Using the hashtag “#MacronLeaks,” the leaks then spread rapidly on social media, becoming a worldwide trending topic.

In January 2017, the security firm Trend Micro attributed many initial phishing attacks to Pawn Storm, also known as APT28 or Fancy Bear. U.S. intelligence agencies consider the group an instrument of Russia’s Main Intelligence Directorate (GRU) and believe it is responsible for the Democratic National Committee hack.³⁵ Prior to the leaks, then U.S. National Security Agency director Mike Rogers informed French counterparts that the agency had detected possible Russian hacking of France’s election infrastructure.³⁶ Yet, despite similarities between the Macron campaign attackers and Pawn Storm, ANSSI declined to name Russia directly because the attackers could have intentionally passed themselves off as somebody else.³⁷ Indeed, some analysts have remarked that the Cyrillic metadata and appearances of the name Roshka Georgiy Petrovich, a supposed employee contracted by Russian intelligence, are almost too numerous when contrasted with the sparsity of evidence found in other Russian attacks.³⁸ That being said, Russia’s surprising brazenness was clearly evident in 2016, and some believed the goal was to maintain a climate of uncertainty over the vote.³⁹ Macron’s campaign maintains that “hundreds if not thousands of attacks” against their systems—though presumably not all of them successful—originated from inside Russia or its vicinity.⁴⁰

Researchers from the Oxford Internet Institute estimate that junk news (propaganda and hyperpartisan news and false reporting) accounted for a relatively small percentage of the election-related content shared on Twitter in March 2017, about two months before the first round of votes.⁴¹ Many of the most influential rumors targeted Macron, although some also pertained to early candidates François Fillon, Jean-Luc Mélenchon, and Alain Juppé. Macron was the only one who was unequivocally critical of Vladimir Putin’s Russia.⁴² In contrast, Le Pen’s National Front party received direct financial assistance from a Kremlin-affiliated bank,⁴³ Fillon was spoken of fondly by Putin and advocated for the lifting of sanctions,⁴⁴ and Mélenchon wanted France to exit NATO and voiced support for Russia’s interventions in Syria and Ukraine.⁴⁵ While many of the rumors about Macron were no doubt homegrown among France’s far right, others originated overseas.

Interestingly, some rumors and memes appeared to come from U.S. Twitter users.⁴⁶ Sputnik France and RT France were highly active on Twitter during the lead-up to the election, and an analysis of their coverage by the Atlantic Council’s Digital Forensics Research Lab reveals a strong bias against Macron.⁴⁷ Reputatio Lab, a French social media monitoring firm, estimates that RT’s French election coverage reached roughly 145,000 individuals.⁴⁸ Among the conspiracies and narratives spread by Russian media about Macron were assertions that he is an agent for U.S. financial interests and secretly gay.⁴⁹ A network of hyperactive automated accounts (bots) expressing pro-Russian, anti-EU views helped to promote these stories, although it is not known whether these accounts originated in Russia.

Le Pen benefited from the most overt support out of Moscow. In addition to the loan her party received from a Russian bank, she met with Putin in the Kremlin in a photo op designed to reinforce her presidential allure.⁵⁰ That being said, the Kremlin hedged its bets and other pro-Russian candidates also benefitted from the Russian propaganda apparatus.⁵¹ For instance, a sham study published by a Moscow-based consultancy declared Fillon the leading candidate. The study was loudly touted as being based on a reliable Sputnik poll, leading the French polling commission to swiftly denounce the Russian outlet.⁵²

Post-Election Responses

The fallout of the En Marche documents leak—the most spectacular and overt incident during the election process—was limited by several factors. First, the Macron team launched its own influence campaign to reveal that some of the leaked documents were fakes.⁵³ This immediately discredited organizations such as WikiLeaks, which had prominently advertised the leaked cache. The fact that the candidate’s team highlighted some of the fakes in record time supports the idea that they had planted the fakes themselves.⁵⁴ Second, existing French legislation limited public sharing of the documents considerably. French election rules prevent the media from quoting presidential candidates or their supporters within twenty-four hours of the vote.⁵⁵ The electoral commission also warned the media and the public at large that they could be prosecuted for publishing documents obtained in the attack.⁵⁶ The rule and the warning were largely heeded, and the majority of the French population did not see the documents.⁵⁷

French election rules prevent the media from quoting presidential candidates or their supporters within twen