The National Security Agency is on guard for foreign threats to the November elections and told The Washington Times it is banding together with private companies to thwart digital disruptions before they occur.
Details of the agency’s work to fend off foreign adversaries are shrouded in secrecy as security professionals increasingly warn about attempted Iranian and Russian hacking.
America’s top cyberintelligence agency gave The Times a rare glimpse into its work with the private sector to stop those targeting elections.
The NSA and U.S. Cyber Command mobilized their Election Security Group last year to identify attackers and their aims and then fight back. The NSA relies on a separate team at its Cybersecurity Collaboration Center to make sure its private-sector partners are kept informed of foreign threats that apply to the partner companies’ work, NSA’s Kristina Walter said.
Ms. Walter, who took over the Collaboration Center in June, told The Times that her team works “very closely” with the Election Security Group.
“If there’s an attempt for a malicious actor to abuse a U.S. platform to target elections, we can share that information through the Collaboration Center from the Election Security Group with that partner so that they can disrupt the activity,” Ms. Walter said in an interview at the Billington CyberSecurity Summit in Washington this month.
Since its launch approximately four years ago, the center has enlisted more than 1,000 cybersecurity companies to help foil hackers’ plans. Ms. Walter would not identify specifically which companies the agency has engaged to support election security.
“It’s generally the big [internet service providers], the cloud providers, the managed service providers, the cybersecurity companies. Those are the portfolios that we partner with to defend the defense industrial base as well, and they are also capable of generally defending our elections as well,” Ms. Walter said. “We will work with them kind of at scale to do that.”
Although the NSA is cautious of revealing too much information about its work with the private sector, cybersecurity professionals are often far less reserved.
Seated on a stage alongside Ms. Walter’s predecessor in charge of the Collaboration Center in March, CrowdStrike Senior Vice President Adam Meyers touted his company’s teamwork with the NSA on matters involving election security and threats to the financial sector.
Mr. Meyers then said at the CrowdStrike Gov Threat Summit in Washington that the NSA had “sent us a lot of stuff” as part of its work with the spy agency.
Microsoft also teamed with the NSA, particularly in defense of Ukraine against Russian cyberattackers.
The Election Security Group, separated from the team collaborating with the private sector, includes information specialists, planners and operations specialists who leave domestic-focused work to the FBI and the Department of Homeland Security.
Cybersecurity officials at the NSA, the FBI and the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency are sharing information on foreign cyberattackers they observe targeting American infrastructure.
In August, the U.S. Intelligence community formally attributed hacking attempts of Donald Trump’s team to Iran.
“We have observed increasingly aggressive Iranian activity during this election cycle, specifically involving influence operations targeting the American public and cyber operations targeting presidential campaigns,” U.S. federal agencies said in a joint statement at the time. “This includes the recently reported activities to compromise former President Trump’s campaign, which the IC attributes to Iran.”
Last week, the NSA, the FBI and the Homeland Security Department partnered with several foreign governments to expose Russian military cyberattackers, referred to as Unit 29155, targeting U.S. infrastructure and other things.
“FBI, NSA, and CISA assess Unit 29155 is responsible for attempted coups, sabotage and influence operations, and assassination attempts throughout Europe,” the agencies said. “Unit 29155 expanded their tradecraft to include offensive cyber operations since at least 2020. Unit 29155 cyber actors’ objectives appear to include the collection of information for espionage purposes, reputational harm caused by the theft and leakage of sensitive information, and systematic sabotage caused by the destruction of data.”
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.