WASHINGTON — As alarms began to go off globally about a novel coronavirus spreading in China, officials in Washington turned to the intelligence agencies for insights about the threat the virus posed to America.
But the most useful early warnings came not from spies or intercepts, according to a recent congressional review of classified reports from December 2019 and January 2020. Officials were instead relying on public reporting, diplomatic cables and analysis from medical experts — some examples of so-called open-source intelligence, or OSINT.
Predicting the next pandemic or the next government to fall will require better use of open-source material, the review found.
Alex Brandon, Associated Press
Kateryna Stepanenko, a Russia Analyst, works at the Institute for the Study of War on Wednesday in Washington.
“There is little indication that the Intelligence Community’s exquisite collection capabilities were generating information that was valuable to policymakers,” wrote the authors of the review, conducted by Democrats on the House Intelligence Committee.
That echoes what many current and former intelligence officials are increasingly warning: The $90 billion U.S. spy apparatus is falling behind because it has not embraced collecting open-source intelligence as adversaries including China ramp up their efforts.
This doesn’t diminish the importance of traditional intelligence. Spy agencies have unique powers to penetrate global communications and cultivate agents. They scored a high-profile success when the Biden administration publicized ultimately correct intelligence findings that Russian President Vladimir Putin intended to invade Ukraine.
But officials and experts worry that the U.S. hasn’t invested enough people or money in analyzing publicly available data or taking advantage of advanced technologies that can yield critical insights. Commercial satellite imagery, social media and other online data have given private companies and independent analysts new powers to reveal official secrets. And China is known to have stolen or acquired control over huge amounts of data on Americans, with growing concerns in Washington about Beijing’s influence over widely used apps like TikTok.
“Open source is really a bellwether for whether the intelligence community can protect the country,” said Kristin Wood, a former senior official at the CIA who is now chief executive at the Grist Mill Exchange, a commercial data platform. “We collectively as a nation aren’t preparing a defense for the ammunition that our adversaries are stockpiling.”
Intelligence agencies face several obstacles to using open source intelligence. Some are technological. Officers working on classified networks are often not able to easily access the unclassified internet or open data sources, for example. There are also concerns about civil liberties and protecting First Amendment rights.
But some experts also question whether agencies are held back by a reflexive belief that top-secret information is more valuable.
Alex Brandon, Associated Press
George Barros, a Geospatial Analyst on the Russia Team, works at the Institute for the Study of War on Wednesday in Washington.
Rep. Jim Himes, a Connecticut Democrat and longtime Intelligence Committee member, said he believed there needed to be “some cultural change inside places like the CIA where people are doing what they’re doing for the excitement of stealing critical secrets as opposed to reviewing social media pages.”
In one 2017 test held by the National Geospatial-Intelligence Agency, a human team competed against a computer programmed with algorithms to identify Chinese surface-to-air missile sites using commercial imagery.
Both the humans and the computer identified 90% of the sites, Stanford University professor Amy Zegart wrote in the book “Spies, Lies, and Algorithms,” but the computer needed just 42 minutes — and it took the human team 80 times longer.
Reports created using commercial satellites, online posts and other open sources — like the daily analyses on Russian and Ukrainian military tactics published by the Institute for the Study of War — are widely read by lawmakers and intelligence officials.
Alex Brandon, Associated Press
Karolina Hird, a Russia Analyst, works at her desk at the Institute for the Study of War on Wednesday in Washington.
“There is a lot of open-source capability that the U.S. intelligence community can pretty much rely on to be there,” said Frederick Kagan, a senior fellow at the American Enterprise Institute who oversees the creation of those reports. “What it needs to do is figure out how to leverage that ecosystem instead of trying to buy it.”
Most of the 18 U.S. spy agencies have open-source programs, from the CIA’s Open Source Enterprise to a 10-person program in the Department of Homeland Security’s intelligence arm. But top officials acknowledge there isn’t consistency across those programs in how they analyze open-source information or how they use and share it.
“We’re not paying enough attention to each other and so we’re not learning the lessons that different parts of the (intelligence community) are learning, and we’re not scaling solutions,” said Avril Haines, the U.S. director of national intelligence, at an industry event last year sponsored by the Potomac Officers Club. “And we’re not taking advantage of some of the outside expertise and information and work that could be taken advantage of.”
-
Lynne Sladky
BOSTON (AP) — Top U.S. election security officials say protecting the nation’s voting systems has become increasingly challenging.
That’s due mostly to the embrace by millions of Americans of unfounded conspiracy theories and false claims about widespread fraud in the 2020 presidential race.
With the midterm elections just days away , the director of the U.S. Cybersecurity and Infrastructure Security Agency, Jen Easterly, and other officials say they have no evidence that election infrastructure has been altered by hostile actors to prevent voting or vote counting, compromise ballots or affect voter registration accuracy.
But they're not lowering their guard. Disinformation is rampant. Foreign rivals are capable of potent cyber mischief. And the insider threat is considered greater than ever. On top of the physical threats and intimidation of elections officials — which is authorities’ overriding concern — security experts are particularly worried about tampering by those who work in local election offices or at polling stations.
“The current election threat environment is more complex than it has ever been,” Easterly told reporters in mid-October.
Global rivals also are expected to deepen longstanding disinformation efforts. The tense geopolitical moment means Russia, Iran and China may have fewer qualms about trying to disrupt the conduct of elections in key battlegrounds with cyber operations.
The spectrum of potential threats is wide: foreign ransomware gangs friendly with the Kremlin, conspiracy-obsessed local election officials, hostile voters bent on sabotage or political provocateurs trying to suppress the vote with dirty tricks or misinformation.
Here are some of the potential threats agencies are assessing through Election Day:
Lynne Sladky
BOSTON (AP) — Top U.S. election security officials say protecting the nation’s voting systems has become increasingly challenging.
That’s due mostly to the embrace by millions of Americans of unfounded conspiracy theories and false claims about widespread fraud in the 2020 presidential race.
With the midterm elections just days away , the director of the U.S. Cybersecurity and Infrastructure Security Agency, Jen Easterly, and other officials say they have no evidence that election infrastructure has been altered by hostile actors to prevent voting or vote counting, compromise ballots or affect voter registration accuracy.
But they're not lowering their guard. Disinformation is rampant. Foreign rivals are capable of potent cyber mischief. And the insider threat is considered greater than ever. On top of the physical threats and intimidation of elections officials — which is authorities’ overriding concern — security experts are particularly worried about tampering by those who work in local election offices or at polling stations.
“The current election threat environment is more complex than it has ever been,” Easterly told reporters in mid-October.
Global rivals also are expected to deepen longstanding disinformation efforts. The tense geopolitical moment means Russia, Iran and China may have fewer qualms about trying to disrupt the conduct of elections in key battlegrounds with cyber operations.
The spectrum of potential threats is wide: foreign ransomware gangs friendly with the Kremlin, conspiracy-obsessed local election officials, hostile voters bent on sabotage or political provocateurs trying to suppress the vote with dirty tricks or misinformation.
Here are some of the potential threats agencies are assessing through Election Day:
-
Lynne Sladky
Insider threats are a growing concern and could undermine serious strides made to secure voting systems — including migrating to hand-marked paper ballots and introducing reliable audits — since they were declared critical national infrastructure in January 2017.
Rogue election officials could provide access to voting systems to unauthorized individuals, as happened in Colorado and Georgia. Poll workers or even voters could try to access voter registration databases or equipment, or plant malware to taint election management systems.
Eddie Perez, a voting technology expert with the nonprofit OSET Institute, calls the repeated efforts to cast doubt on the integrity of voting equipment an element of a more broad “manufactured chaos” — intentional subversion of the nation's elections to sow doubt.
Perez is among specialists who think attempts to discredit voting technology are one manifestation of efforts by former President Donald Trump and his allies to undermine trust in election results so Republican-controlled state legislatures — rather than voters — can decide the outcome of future races.
To counter the threats from insiders, federal authorities have conducted trainings and encouraged election officials to focus on limiting access to critical equipment, adding video surveillance and key cards on doors. They also encourage strict chain-of-custody rules for everything from ballots to voting scanners and tabulators.
Threats to public officials and election disruption attempts haver occurred with increasing frequency and intensity, federal and local law enforcement officials say. They are especially concerned about physical violence by protesters in highly contested districts during the post-election vote-counting process.
Lynne Sladky
Insider threats are a growing concern and could undermine serious strides made to secure voting systems — including migrating to hand-marked paper ballots and introducing reliable audits — since they were declared critical national infrastructure in January 2017.
Rogue election officials could provide access to voting systems to unauthorized individuals, as happened in Colorado and Georgia. Poll workers or even voters could try to access voter registration databases or equipment, or plant malware to taint election management systems.
Eddie Perez, a voting technology expert with the nonprofit OSET Institute, calls the repeated efforts to cast doubt on the integrity of voting equipment an element of a more broad “manufactured chaos” — intentional subversion of the nation's elections to sow doubt.
Perez is among specialists who think attempts to discredit voting technology are one manifestation of efforts by former President Donald Trump and his allies to undermine trust in election results so Republican-controlled state legislatures — rather than voters — can decide the outcome of future races.
To counter the threats from insiders, federal authorities have conducted trainings and encouraged election officials to focus on limiting access to critical equipment, adding video surveillance and key cards on doors. They also encourage strict chain-of-custody rules for everything from ballots to voting scanners and tabulators.
Threats to public officials and election disruption attempts haver occurred with increasing frequency and intensity, federal and local law enforcement officials say. They are especially concerned about physical violence by protesters in highly contested districts during the post-election vote-counting process.
-
HOGP
U.S. officials have issued two main election-security advisories in the run-up to the Nov . 8 elections. They say malicious cyberactivity is unlikely to seriously disrupt or prevent voting and that hostile foreign states are apt to try to influence outcomes with “information operations.”
Foreign meddlers could launch cyberattacks or exaggerate the effects of relatively ineffectual attacks. They could spread misinformation about voting or voter fraud, try to incite violence or, if violence is already happening, fan the flames.
Hostile foreign bids to undermine U.S. democracy have risen since the Russian operation that hacked and then leaked Democratic emails to aid Trump in the 2016 presidential race. None have had anywhere near the impact, though.
Rivals constantly probe U.S. networks for vulnerabilities. Moscow may seek payback for Washington’s arming of Ukraine against its invasion. Iran resents U.S. support for anti-regime demonstrations triggered by the death in police custody of a young woman who defied head-scarf orthodoxy. As for China, relations are tense as Washington tries to throttle high-tech supplies to Beijing over its perceived hostility and growing authoritarianism.
There's also the possibility that foreign actors might have breached election systems long ago and are waiting to pounce.
HOGP
U.S. officials have issued two main election-security advisories in the run-up to the Nov . 8 elections. They say malicious cyberactivity is unlikely to seriously disrupt or prevent voting and that hostile foreign states are apt to try to influence outcomes with “information operations.”
Foreign meddlers could launch cyberattacks or exaggerate the effects of relatively ineffectual attacks. They could spread misinformation about voting or voter fraud, try to incite violence or, if violence is already happening, fan the flames.
Hostile foreign bids to undermine U.S. democracy have risen since the Russian operation that hacked and then leaked Democratic emails to aid Trump in the 2016 presidential race. None have had anywhere near the impact, though.
Rivals constantly probe U.S. networks for vulnerabilities. Moscow may seek payback for Washington’s arming of Ukraine against its invasion. Iran resents U.S. support for anti-regime demonstrations triggered by the death in police custody of a young woman who defied head-scarf orthodoxy. As for China, relations are tense as Washington tries to throttle high-tech supplies to Beijing over its perceived hostility and growing authoritarianism.
There's also the possibility that foreign actors might have breached election systems long ago and are waiting to pounce.
-
Christina Almeida Cassidy
On Election Day, hostile foreign powers or sympathetic hackers could mount what are known as denial-of-service (DDoS) attacks, which render websites unreachable by flooding them with junk data. Targeting state and local government websites, such attacks could prevent voters from looking up registration information or polling locations, or knock offline sites that report election results after voting ends.
One group on the radar of the U.S. cybersecurity agency is Killnet, pro-Russia hackers who made a ruckus in October by organizing DDoS attacks on U.S. airport and state government websites.
Such attacks are mostly a nuisance and don’t destroy data or even breach sites. But they can frustrate voters and election poll workers, and become powerful grist for disinformation offensives. For example, Russian state media and fake news mills could amplify exaggerated claims of disruption, as occurred with the Killnet effort against the airport and government sites.
Another potential threat are Russian-speaking ransomware gangs that operate with little Kremlin interference. They have largely spared U.S. election infrastructure, which by now tends to be a lot better protected than many of the hospitals, schools and businesses they routinely plague.
Hack-and-leak operations also are possible. Sensitive data could be stolen from election or campaign websites, partially falsified and released online.
Cybersecurity firm Trellix reported a spike in phishing emails targeting county election workers in Pennsylvania and Arizona, both battleground states, over the summer seeking to harvest passwords and potentially interfere with the administration of absentee ballots.
“In many cases, the threat actors attempting to breach our election systems are the same ones who are conducting influence operations that seek to sow discord,” Easterly, the CISA director, said in mid-October.
That could include the Russian troll farm known as the Internet Research Agency, a key player in the 2016 Russia destabilization campaign that favored Trump and sought to widen social divisions in the U.S. The group sought to manipulate public opinion by gaming social media platforms, including by purchasing online ads.
In a pre-election report, the cybersecurity firm Recorded Future said it was “almost certain” that networks associated with the group “are engaging in covert malign influence on a subset of the U.S. population.”
Christina Almeida Cassidy
On Election Day, hostile foreign powers or sympathetic hackers could mount what are known as denial-of-service (DDoS) attacks, which render websites unreachable by flooding them with junk data. Targeting state and local government websites, such attacks could prevent voters from looking up registration information or polling locations, or knock offline sites that report election results after voting ends.
One group on the radar of the U.S. cybersecurity agency is Killnet, pro-Russia hackers who made a ruckus in October by organizing DDoS attacks on U.S. airport and state government websites.
Such attacks are mostly a nuisance and don’t destroy data or even breach sites. But they can frustrate voters and election poll workers, and become powerful grist for disinformation offensives. For example, Russian state media and fake news mills could amplify exaggerated claims of disruption, as occurred with the Killnet effort against the airport and government sites.
Another potential threat are Russian-speaking ransomware gangs that operate with little Kremlin interference. They have largely spared U.S. election infrastructure, which by now tends to be a lot better protected than many of the hospitals, schools and businesses they routinely plague.
Hack-and-leak operations also are possible. Sensitive data could be stolen from election or campaign websites, partially falsified and released online.
Cybersecurity firm Trellix reported a spike in phishing emails targeting county election workers in Pennsylvania and Arizona, both battleground states, over the summer seeking to harvest passwords and potentially interfere with the administration of absentee ballots.
“In many cases, the threat actors attempting to breach our election systems are the same ones who are conducting influence operations that seek to sow discord,” Easterly, the CISA director, said in mid-October.
That could include the Russian troll farm known as the Internet Research Agency, a key player in the 2016 Russia destabilization campaign that favored Trump and sought to widen social divisions in the U.S. The group sought to manipulate public opinion by gaming social media platforms, including by purchasing online ads.
In a pre-election report, the cybersecurity firm Recorded Future said it was “almost certain” that networks associated with the group “are engaging in covert malign influence on a subset of the U.S. population.”
