Cyber Command chief says dozens of cyber operations carried out to defend 2020 elections

The nation’s top military cybersecurity leader said Thursday that U.S. Cyber Command conducted dozens of operations ahead of the 2020 elections aimed at securing voting against foreign interference.

“USCYBERCOM conducted more than two dozen operations to get ahead of foreign threats before they interfered with or influenced our elections in 2020,” Gen. Paul Nakasone, the commander of U.S. Cyber Command and the director of the National Security Agency (NSA), testified to the Senate Armed Services Committee. 

Nakasone testified later in the hearing that U.S. Cyber Command did “11 hunt forward operations in nine different countries for the security of the 2020 election,” adding that, “we know a lot of what our adversaries are doing when it comes to interference and influence of elections.”

Nakasone’s comments came after a contentious election that saw multiple efforts by foreign nations to influence the process. 

The Office of the Director of National Intelligence concluded in a report released last week that both Russia and Iran attempted to influence the 2020 U.S. elections, but found no evidence that either nation attempted to alter votes through technological means. 

U.S. Cyber Command was one of the key agencies involved in securing the 2020 elections against foreign interference, working alongside the NSA, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) in the weeks before and after Election Day. 

Nakasone last year detailed the “defend forward” strategy of U.S. Cyber Command in an op-ed for Foreign Affairs, writing that “we realized that Cyber Command needs to do more than prepare for a crisis in the future; it must compete with adversaries today.”

Beyond elections, Nakasone on Thursday also highlighted the need for both Congress and the military to learn lessons from recent massive cyber espionage incidents carried out by Russia and China over the past year against the United States. 

Nakasone specifically cited both the so-called SolarWinds hack — which involved sophisticated Russian hackers compromising at least nine federal agencies and 100 private sector groups — and the vulnerabilities on Microsoft’s Exchange Server program, which were used by Chinese hackers to compromise thousands of companies. 

He reported that there was no evidence that any Defense Department networks had been compromised as part of the SolarWinds incident, but described both major cyber espionage attacks as a “clarion call” to examine a wider range of cyber vulnerabilities. 

“The SolarWinds incident occurred because highly skilled, sophisticated actors inserted a malicious cyber capability into a commercial product that was then downloaded and installed world-wide,” Nakasone testified. “The nature of the tradecraft employed by this actor reinforces the imperative for government and industry to collaborate in detecting and responding to malicious cyber activity.”

Nakasone urged members of Congress to work on increasing U.S. Cyber Command ability to track foreign hackers working within the United States to target critical infrastructure, noting that “it’s not the fact that we can’t connect the dots, it’s that we can’t see all the dots.”

He also underscored better information sharing between the private sector and government on cybersecurity threats.

Members of Congress on both sides of the aisle are increasingly pushing for breach notification legislation that would make it easier for private sector companies to report cyber incidents without fear of consequences. 

“There are two gaps that have to be addressed, and one of them is this idea of information sharing,” Nakasone said. “These attacks took place within the United States, these intrusions, and there are right now legal barriers and disincentives for the private sector to share information with the government. We have a difficulty as a government understanding the totality of the intrusion.”