“This is bigger than just protecting 2020. This is ultimately about defending democracy,” said Krebs, a keynote speaker on the last day of the 2019 International Conference on Cyber Security, held at Fordham Law School. 

Three years ago, the Russian government interfered with the U.S. presidential election through the creation of thousands of fake social media accounts, which spread fabricated information to all corners of the country. 

Krebs said his agency has been working to avoid similar strife in the upcoming elections. Over the past several months, he said CISA has been helping foreign countries improve their defenses against Russia, thereby gaining a deeper understanding of the techniques and tactics that the Russians use. Krebs anticipated that before the Russians strike the United States, they will most likely use somewhere in eastern Europe as a guinea pig, like Ukraine or Moldova. He also emphasized the importance of raising awareness of what the “threat environment” looks like and driving resources into defense methods, such as phishing campaign assessments. 

There are still problems at home. He said five states—Delaware, Georgia, Louisiana, New Jersey, and South Carolina—use voting machines that provide no paper trail of the votes. No paper ballots means no ability to audit the vote, he said. 

“We’ve got to get to a position where we can audit the vote, where we can understand what happened throughout the process,” Krebs said. “If you can’t audit the process, you can’t audit the network left or right, if you don’t know what happened … you’re not secure.” 

But there’s an easier way to combat Russian hackers—and it starts right at home. 

Last week, Krebs and his team released a website called war-on-pineapple.com: a simple, interactive five-step tutorial that shows Americans how Russian social-media efforts try to divide and troll them. 

“What we’re trying to do is raise critical thinking across the American people about how we’re being manipulated by foreign actors,” Krebs said. “We’re trying to engage the American people, educate on the tools, techniques, and capabilities. Not just Russia, but others that are getting into it.”

In the past and present, Russia has used social media to “undermine the very public conscious[ness]of the American people,” he said. They follow five steps: identify a divisive issue (one divisive issue is whether or not pineapple belongs on pizza, hence war-on-pineapple.com), create a conversation on social media, stir up angst, drive the topic into mainstream news, and then “take it real world.”

“They generate real-world activities. They actually get on social media platforms and schedule events,” Krebs said. “And not just a rally in favor of something—they also organize the counterprotests.”

He emphasized that more must be done to increase the resilience of the American people. The “war on pineapple” is only the beginning. 

“It’s up to every single one of us to engage, to increase awareness because it’s not one person. It’s not the federal government. It’s not a state or local official,” Krebs said. “It’s everyone that’s going to be in the effort to protect [the]2020 [elections]and defend democracy.” 

Speaking at the Lincoln Center campus on July 28 at a conference held by Fordham and the FBI, Mayorkas said cyber threat indicators—information used to identify cyber security threats—need to stop being traded by security firms as if they were common commodities.

“Look, we’re all in this together. Some of us are in it as a calling, some of us are nonprofit, and some are for profit. For those of you who are for profit, you have many streams of revenue. The cyber threat indicator should not be one of them. That needs to be a public good,” he said.

“Hopefully, we’ll get to a point where that become a public good and is no longer a for-profit commodity, and we can raise the bar of the entire cyber ecosystem in terms of our defense mechanisms.”

Mayorkas noted that the “seminal announcement” by the White House on Tuesday at Fordham detailed the government’s new approach to responding to significant cyber incidents. The directive features a framework with two priorities: a threat response, which is an effort to identify perpetrators and hold them accountable, and an asset response, in which the goal is to identify the nature of the attack, identify and help expel the perpetrator, identify the vulnerabilities that permitted the intrusion, and identify if there are other victims who need help.

The challenge, he said, is that a core principle of asset response is the dissemination of information as broadly as is needed. It’s extraordinarily important do this at network speed because attacks can be replicated with the click of a button, but he acknowledged that a trust deficit exists between the cyber community and the government, thanks in part to 2013 revelations by former National Security Agency contractor Edward Snowden.

“The idea of voluntarily providing information to the government still requires a bridge for many to cross, and I hope that we will all work very hard to overcome that trust deficit,” he said.

“Words, of course will not do it, but action, and bringing benefit to different communities will achieve it, and it’s a privilege for me to be a part of that effort.”

The new policy delineates the role that government agencies will play going forward in preventing and responding to potential as well as active cybersecurity incidents, said Lisa Monaco, assistant to the president for homeland security and counterterrorism. She made her remarks at the opening session of the International Conference on Cyber Security (ICCS), cosponsored by Fordham and the FBI.

“[The policy] commits to unifying the government’s response across agencies, and it emphasizes that our response will be focused on helping victims of cyber incidents recover quickly,” Monaco said.

“This directive establishes a clear framework to coordinate the government’s response to such incidents. It spells out which federal agencies are responsible. And it will help answer a question heard too often from corporations and citizens alike—in the wake of an attack, who do I call for help?”

The FBI will lead responses to any immediate threat (just as it does in cases of terrorism, Monaco said) to find out whether those responsible are terrorists, other countries, or criminals.

The Department of Homeland Security will assist the victims of an attack or intrusion, supplying federal resources to aid recovery and providing technical assistance to protect the attacked organization’s assets, bring systems back online, and decrease vulnerabilities.

Finally, the newly formed Cyber Threat Intelligence Integration Center (CTIIC), which operates under the Director of National Intelligence, will serve as the point agency for all cyber-related intelligence. Having a single entity integrating and analyzing this information will allow for more rapid and streamlined efforts to disrupt threats, Monaco said.

“In all these efforts, the framework we apply when considering the use of cyber operations is quite similar to how we approach other operations in the physical world. Any actions we take must be consistent with our values, and after we assess the potential for collateral damage and consider other potential options. We consider the likely reaction of the target, our allies, and other countries who may be affected, and we consider whether the effects of a cyber operation could lead to escalation and greater conflict,” she said.

“I believe we can do this. Humans invented cyberspace and we can manage the challenges it generates. Over the past seven and a half years, we’ve made tremendous progress. The framework and actions we’re putting in place today are another strong step forward.”

Monaco’s announcement followed the keynote address from James Trainor, assistant director of the FBI’s cyber division, who stressed the importance of collaboration in the face of cyber threats.

Trainor cited the U.S. Intelligence Community’s annual Worldwide Threat Assessment, which for the last three years has ranked cyber threats as the No. 1 danger to national and economic security—a “bigger [threat]than standard forms of espionage and bigger even than terrorism,” Trainor said. “From where I stand, the issue is getting worse by the day.”

For this reason, it is critical to form strong partnerships among law enforcement, government agencies, and the private sector. The faster that a cyber threat or attack is reported to the FBI, the faster that those responsible can be caught and evidence preserved.

“We need to use indictments, engagements with foreign partners, diplomatic pressures, sanctions, technical disruption operations, and even actions taken at the World Trade Organization-level with trade operations,” Trainor said.

“In my view, pressure works… Our adversaries know we will come after them in more ways than one. The FBI is doing everything it possibly can at every level to make it harder for cyber criminals to operate. I believe that many of them are starting to think twice before putting their fingers on the keyboard.”

The sixth annual ICCS conference opened July 25 at Fordham’s Lincoln Center campus. Visit our news page for ongoing coverage, and read the full transcript of Monaco’s remarks here.