WASHINGTON – The United States sent activists to Estonia in the weeks leading up to the November election to learn more about defending against Russian hackers as part of a broader effort to hunt down foreign cyberattacks, US and Estonian officials said.
Estonian officials believe that increasing cooperation with the United States will provide an important deterrent against attacks from neighboring Russia, while American officials have used the cooperation to strengthen their electoral defense.
Estonia has one of the most sophisticated network defenses in Europe and offers American military personnel the opportunity to work with experts who have experience in detecting and defending against Russian attacks. American officials also used such teams during the 2018 midterm elections, but previous missions were in countries with relatively undeveloped digital defense.
The operation in Estonia enabled the US Cyber Command, which conducts the military’s offensive and defensive operations online, to extensively observe Russian techniques in Estonia and compare them with Moscow tactics used in the US, Brig said. General William J. Hartman, the Commander of the Cyber National Mission Force.
“The ability to share this information with all government partners is a key component in defending the election,” said General Hartman. Estonian officials said Russia did not attack its military networks while the American team was stationed there from September 23 to November 6.
American officials previously noted that they had increased the number of Cyber Command’s expert teams they sent overseas, but they only identified broad regions, not specific countries. The teams usually consist of more than a dozen employees.
During several of these missions, American activists identified new types of malware used by Russia that the US government then publicly released, which, according to defense officials, compromised its effectiveness.
No foreign power has been able to disrupt the American vote, either by hacking into electoral systems or by spreading large amounts of disinformation. This was due, on the one hand, to increased federal support in protecting state and local government networks and, on the other, to more aggressive Cyber Command operations.
Military officials now view electoral defense as a core task that requires constant efforts to find out what foreign powers might be trying. Officials said the overseas operations in places like Estonia were vital in monitoring Russian hackers.
Estonian officials believe their aggressive actions helped repel Russian attacks, and the growing partnership with the United States also strengthens that deterrent.
Estonian officials said the Russians had used their land to test new and varied attacks, both hacking operations and attempts to spread disinformation.
That has changed in the last few years. As Estonia has become more aggressive in sharing information on Russian tactics, Moscow has shifted its focus to other countries to preserve the effectiveness of its arsenal of exploits and malware, Estonian officials said.
“If we discover the malicious activity and share it with the world, our partners, an attack is more expensive,” said Mihkel Tikk, deputy head of the Estonian Defense Forces. Cyber Command. “So the opponent has to start making decisions and making decisions about who to attack.”
Estonian officials are keen to deploy more American activists or even to deploy a permanent replacement from the US Cyber Command in the country. Russia has long directed cyber attacks on Estonia and other neighboring countries.
American officials said they plan to continue short-term deployment of teams around the world.
The operations are important in controlling escalation with adversaries, said Thomas C. Wingfield, deputy assistant secretary of defense for cyber policy. If the United States can find ways to make cyber attacks and cyber operations by adversaries like Russia and China less effective and more expensive, it will prevent these countries from escalating their attacks, he said.
“Inaction in cyberspace contributes to escalation, more than sensible action in cyberspace,” said Wingfield. “Countries like Russia and China are making significant strategic gains from what we believe to be aggressive, irresponsible and destabilizing cyber activity that is relatively cheap and easy for them to perform.”