It is a privilege to join you this afternoon at
one of the world’s premier security conferences.
We meet at a fraught moment. For too long, along with other nations, we enjoyed
the extraordinary benefits of modern technology without adequately preparing for
its considerable risks. Director of National Intelligence Dan Coats elevated the
alarm last week, when he stated that “the digital infrastructure that serves
this country is literally under attack.” That is one of the rare instances when
the word literally is used literally.
Our adversaries are developing cyber tools not only to steal our secrets and
mislead our citizens, but also to disable our infrastructure by gaining control
of computer networks.
Every day, malicious cyber actors infiltrate computers and accounts of
individual citizens, businesses, the military, and all levels of government.
Director Coats revealed that our adversaries “target government and businesses
in the energy, nuclear, water, aviation and critical manufacturing sectors.”
They cause billions of dollars in losses, preposition cyber tools they could use
for future attacks, and try to degrade our political system. So combating
cybercrime and cyber-enabled threats to national security is a top priority of
the Department of Justice.
Attorney General Jeff Sessions established a Cyber-Digital Task Force in
February to consider two questions: What are we doing now to address cyber
threats? And how can we do better?
Today, the Department of Justice is releasing a
report
that responds to the first question, providing a detailed assessment of the
cyber threats confronting America and the Department’s efforts to combat them.
The Task Force report addresses a wide range of issues, including how to define
the multi-faceted challenges of cyber-enabled crime; develop strategies to
detect, deter and disrupt threats; inform victims and the public about dangers;
and maintain a skilled workforce.
The report describes six categories of cyber threats, and explains how the
Department of Justice is working to combat them.
One serious type of threat involves direct damage to computer systems, such as
Distributed Denial of Service attacks and ransomware schemes.
Another category is data theft, which includes stealing personally identifiable
information and intellectual property.
The third category encompasses cyber-enabled fraud schemes.
A fourth category includes threats to personal privacy, such as sextortion and
other forms of blackmail and harassment.
Attacks on critical infrastructure constitute the fifth category. They include
infiltrating energy systems, transportation systems, and telecommunications
networks.
Each of those complex and evolving threats is serious, and the report details
the important work that the Department of Justice is doing to protect America
from them.
I plan to focus today on a sixth category of cyber-enabled threats: malign
foreign influence operations, described in chapter one of the task force report.
The term “malign foreign influence operations” refers to actions undertaken by a
foreign government, often covertly, to influence people’s opinions and advance
the foreign nation’s strategic objectives. The goals frequently include creating
and exacerbating social divisions and undermining confidence in democratic
institutions.
Influence operations are a form of information warfare. Covert propaganda and
disinformation are among the primary weapons.
The Russian effort to influence the 2016 presidential election is just one tree
in a growing forest. Focusing merely on a single election misses the point. As
Director Coats made clear, “these actions are persistent, they are pervasive,
and they are meant to undermine America’s democracy on a daily basis, regardless
of whether it is election time or not.”
Russian intelligence officers did not stumble onto the ideas of hacking American
computers and posting misleading messages because they had a free afternoon. It
is what they do every day.
This is not a new phenomenon. Throughout the twentieth century, the Soviet Union
used malign influence operations against the United States and many other
countries. In 1963, for example, the KGB paid an American to distribute a book
claiming that the FBI and the CIA assassinated President Kennedy.
In 1980, the KGB fabricated and distributed a fake document claiming that there
was a National Security Council strategy to prevent black political activists
from working with African leaders.
During the Reagan Administration, the KGB spread fake stories that the Pentagon
developed the AIDS virus as part of a biological weapons research program.
As Jonathan Swift wrote in 1710, “Falsehood flies, and the Truth comes limping
after it.”
The Reagan Administration confronted the problem head on. It established an
interagency committee called “the Active Measures Working Group” to counter
Soviet disinformation. The group exposed Soviet forgeries and other
propaganda.
Modern technology vastly expands the speed and effectiveness of disinformation
campaigns. The Internet and social media platforms allow foreign agents to
spread misleading political messages while masquerading as Americans.
Homeland Security Secretary Kirstjen Nielsen explained last weekend that our
adversaries “us[e] social media, sympathetic spokespeople and other fronts to
sow discord and divisiveness amongst the American people.”
Elections provide an attractive opportunity for foreign influence campaigns to
undermine our political processes. According to the intelligence community
assessment, foreign interference in the 2016 election “demonstrated a
significant escalation in directness, level of activity, and scope of effort
compared to previous operations.”
The Department’s Cyber-Digital Task Force report contributes to our
understanding by identifying five different types of malign foreign influence
operations that target our political processes.
First, malicious cyber actors can target election infrastructure by trying to
hack voter registration databases and vote-tallying systems. In 2016, foreign
cyber intruders targeted election-related networks in as many as 21 states.
There is no evidence that any foreign government ever succeeded in changing
votes, but the risk is real. Moreover, even the possibility that manipulation
may occur can cause citizens to question the integrity of elections.
Second, cyber operations can target political organizations, campaigns, and
public officials. Foreign actors can steal private information through hacking,
then publish it online to damage a candidate, campaign, or political party.
They can even alter that stolen information to promote their desired narrative.
Russia’s intelligence services conducted cyber operations against both major
U.S. political parties in 2016, and the recent indictment of Russian
intelligence officers alleges a systematic effort to leak stolen campaign
information.
The third category of malign influence operations affecting elections involves
offers to assist political campaigns or public officials by agents who conceal
their connection to a foreign government. Such operations may entail financial
and logistical support to unwitting Americans.
Fourth, adversaries covertly use disinformation and other propaganda to
influence American public opinion. Foreign trolls spread false stories online
about candidates and issues, amplify divisive political messages to make them
appear more pervasive and credible, and try to pit groups against each other.
They may also try to affect voter behavior by triggering protests or depressing
voter turnout.
Finally, foreign governments use overt influence efforts, such as
government-controlled media outlets and paid lobbyists. Those tactics may be
employed lawfully if the foreign agents comply with registration requirements.
But people should be aware when lobbyists or media outlets are working for a
foreign government so they can evaluate the source’s credibility. Particularly
when respected figures argue in favor of foreign interests, it may matter to
know that they are taking guidance from a foreign nation.
The election-interference charges filed in February demonstrate how easily human
“trolls” distribute propaganda and disinformation. A Russian man recently
admitted to a reporter that he worked with the trolls, in a separate department
creating fake news for his own country. He “felt like a character in the book
‘1984’ by George Orwell – a place where you have to write that white is black
and black is white.… [Y]ou were in some kind of factory that turned lying ...
into an industrial assembly line. The volumes were colossal – there were huge
numbers of people, 300 to 400, and they were all writing absolute untruths.”
When the man took a test for a promotion to the department working to fool
Americans, he explained, “The main thing was showing that you are able to …
represent yourself as an American.”
The former troll believes that Russian audiences pay no attention to fake
internet comments. But he has a different opinion about Americans. He thinks
that we can be deceived, because Americans “aren’t used to this kind of
trickery.”
That remark is sort of a compliment. In repressive regimes, people always assume
that the government controls media outlets. We live in a country that allows
free speech, so people are accustomed to taking it seriously when other citizens
express their opinions. But not everyone realizes that information posted on
the Internet may not even come from citizens.
Moreover, Internet comments may not even come from human beings. Automated bots
magnify the impact of propaganda. Using software to mimic actions by human
users, bots can circulate messages automatically, creating the appearance that
thousands of people are reading and forwarding information. Together, bots and
networks of paid trolls operating multiple accounts allow foreign agents to
quickly spread disinformation and create the false impression that it is widely
accepted.
The United States is not alone in confronting malign foreign influence. Russia
reportedly conducted a hack-and-release campaign against President Macron during
last year’s French elections, and instituted similar operations against
political candidates in other European democracies. Other foreign nations also
engage in malign influence activities.
So what can we do to defend our values in the face of foreign efforts to
influence elections, weaken the social fabric, and turn Americans against each
other? Like terrorism and other national security threats, the malign foreign
influence threat requires a unified, strategic approach across all government
agencies. The Departments of Justice, Homeland Security, State, Defense,
Treasury, Intelligence agencies, and others play important roles.
Other sectors of society also need to do their part. State and local governments
must secure their election infrastructure. Technology companies need to prevent
misuse of their platforms. Public officials, campaigns, and other potential
victims need to study the threats and protect themselves and their networks.
And citizens need to understand the playing field.
The Department of Justice investigates and prosecutes malign foreign influence
activity that violates federal criminal law. Some critics argue against
prosecuting people who live in foreign nations that are unlikely to extradite
their citizens. That is a shortsighted view.
For one thing, the defendants may someday face trial, if there is a change in
their government or if they visit any nation that cooperates with America in
enforcing the rule of law. Modern forms of travel and communication readily
allow criminals to cross national boundaries. Do not underestimate the long arm
of American law – or the persistence of American law enforcement. People who
thought they were safely under the protection of foreign governments when they
committed crimes against America sometimes later find themselves in federal
prisons.
Second, public indictments achieve specific deterrence by impeding the
defendants from traveling to rule-of-law nations and raising the risk they will
be held accountable for future cybercrime. Wanted criminals are less attractive
co-conspirators.
Third, demonstrating our ability to detect and publicly charge hackers will
deter some others from engaging in similar conduct.
Fourth, federal indictments are taken seriously by the public and the
international community, where respect for our criminal justice system –
including an understanding of the presumption of innocence and the standard of
proof beyond a reasonable doubt – means that our willingness to present evidence
to a grand jury and ultimately at trial elicits a high degree of confidence in
our allegations.
Fifth, victims deserve vindication, particularly when they are harmed by
criminal acts that would be prosecuted if the perpetrator were located in the
United States.
Sixth, federal criminal investigations support other penalties for malign
foreign influence operations. For example, the Department of the Treasury can
impose financial sanctions on defendants based on evidence exposed in
indictments. Voters in foreign democracies, and influential citizens in
autocratic regimes, can consider the allegations in making their own decisions
about national leadership and foreign alliances.
The Department of the Treasury imposed sanctions on the individuals and entities
identified in the February election-interference indictment, along with others
engaged in malign activities. Nineteen individuals and five entities are subject
to sanctions that freeze assets under American jurisdiction. Even if they are
never brought to court, they will face consequences.
The sanctions forbid those individuals and entities from engaging in
transactions with Americans and using the American financial system. The
Administration followed up with similar financial sanctions for a broader range
of malign activities against seven oligarchs, 12 companies, 17 Russian
government officials, and two other entities.
Prosecutions are one useful tool to help deter modern criminals who remain
beyond our shores. The same approach applies outside the context of crimes
committed to influence elections. That is why our government regularly files
charges against criminals who hide overseas, such as Iranian government hackers
who broke into computer networks of a dam; Iranian hackers who infiltrated
American universities, businesses and government agencies for the Islamic
Revolutionary Guard Corps; an Iranian hacker who infiltrated and extorted a
television network; Chinese government hackers who committed economic espionage;
and Russian intelligence officers who stole data from an email service provider.
Intelligence assessments and criminal indictments are based on evidence. They
do not reflect mere guesses. Intelligence assessments include analytical
judgments based on classified information that cannot be disclosed because the
evidence is from sources — people who will be unable to help in the future if
they are identified and might be harmed in retaliation for helping America —
and methods — techniques that would be worthless if our adversaries knew how we
obtained the evidence. Indictments are based on credible evidence that the
government must be prepared to introduce in court if necessary.
Some people may believe they can operate anonymously on the Internet, but
cybercrime generally creates electronic trails that lead to the perpetrators.
Gathering intelligence about adversaries who threaten our way of life is a noble
task. Outside the Department of Justice headquarters stands a statue of Nathan
Hale. Hale was executed immediately, without a trial, after he was caught
gathering intelligence for America during the Revolutionary War. His final words
are recorded as follows: “I am so satisfied with the cause in which I have
engaged, that my only regret is that I have but one life to offer in its
service.”
The days when foreign criminals could cause harm inside America from remote
locations without fear of consequences are past. If hostile governments choose
to give sanctuary to perpetrators of malicious cybercrimes after we identify
them, those governments will need to take responsibility for the crimes, and
individual perpetrators will need to consider the personal cost.
But criminal prosecutions and financial sanctions are not a complete solution.
We need to take other steps to prevent malicious behavior.
To protect elections, the first priority is to harden our infrastructure. State
governments run American elections and are responsible for maintaining
cybersecurity, but they need federal help. The Department of Homeland Security
takes the lead in helping to protect voting infrastructure, and the FBI leads
federal investigations of intrusions.
The FBI works closely with DHS to inform election administrators about threats.
DHS and the FBI provide briefings to election officials from all fifty states
about our foreign adversaries’ intentions and capabilities.
We also seek to protect political organizations, campaigns, candidates, and
public officials. The FBI alerts potential victims about malicious cyber
activities and helps them respond to intrusions. It shares detailed information
about threats and vulnerabilities.
To combat covert foreign influence on public policy, we enforce federal laws
that require foreign agents to register with the U.S. government. Those laws
prohibit foreign nationals from tricking unwitting Americans while concealing
that they are following orders from foreign government handlers. The Department
of Justice is stepping up enforcement of the Foreign Agents Registration Act and
related laws, and providing defensive counterintelligence briefings to local,
state, and federal leaders and candidates.
Public attribution of foreign influence operations can help to counter and
mitigate the harm caused by foreign government-sponsored disinformation. When
people are aware of the true sponsor, they can make better-informed decisions.
We also help technology companies to counter covert foreign influence efforts.
The FBI works with partners in the Intelligence Community to identify foreign
agents as they establish their digital infrastructure and develop their online
presence. The FBI helps technology companies disrupt foreign influence
operations, by identifying foreign agents’ activities so companies may consider
the voluntary removal of accounts and content that violate terms of service and
deceive customers.
Technology companies bear primary responsibility for securing their products,
platforms, and services from misuse. Many are now taking greater responsibility
for self-policing, including by removing fake accounts. We encourage them to
make it a priority to combat efforts to use their facilities for illegal
schemes.
Even as we enhance our efforts to combat existing forms of malign influence, the
danger continues to grow. Advancing technology may enable adversaries to create
propaganda in new and unforeseen ways. Our government must continue to identify
and counter them.
Exposing schemes to the public is an important way to neutralize them. The
American people have a right to know if foreign governments are targeting them
with propaganda.
In some cases, our ability to expose foreign influence operations may be limited
by our obligation to protect intelligence sources and methods, and defend the
integrity of investigations.
Moreover, we should not publicly attribute activity to a source unless we
possess high confidence that foreign agents are responsible. We also do not want
to unduly amplify an adversary’s messages, or impose additional harm on
victims.
In all cases, partisan political considerations must play no role in our
efforts. We cannot seek to benefit or harm any lawful group, individual or
organization. Our government does not take any official position on what people
should believe or how they should vote, but it can and should protect them from
fraud and deception perpetrated by foreign agents.
Unfettered speech about political issues lies at the heart of our Constitution.
It is not the government’s job to determine whether political opinions are right
or wrong.
But that does not leave the government powerless to address the national
security danger when a foreign government engages in covert information warfare.
The First Amendment does not preclude us from publicly identifying and
countering foreign government-sponsored propaganda.
It is not always easy to balance the many competing concerns in deciding
whether, when, and how the government should disclose information about
deceptive foreign activities relevant to elections. The challenge calls for the
application of neutral principles.
The Cyber-Digital Task Force Report identifies factors the Department of Justice
should consider in determining whether to disclose foreign influence operations.
The policy reflects an effort to articulate neutral principles so that when the
issue the government confronted in 2016 arises again – as it surely will – there
will be a framework to address it.
Meanwhile, the FBI’s operational Foreign Influence Task Force coordinates
investigations of foreign influence campaigns. That task force integrates the
FBI’s cyber, counterintelligence, counterterrorism, and criminal law enforcement
resources to ensure that we understand threats and respond appropriately. The
FBI task force works with other federal agencies, state and local authorities,
international partners, and the private sector.
Before I conclude, I want to emphasize that covert propaganda disseminated by
foreign adversaries is fundamentally different from domestic partisan wrangling.
As Senator Margaret Chase Smith proclaimed in her 1950 declaration of
conscience, we must address foreign national security threats “patriotically as
Americans,” and not “politically as Republicans and Democrats.”
President Reagan’s Under Secretary of State, Lawrence Eagleburger, wrote about
Soviet active measures in 1983. He said that “it is as unwise to ignore the
threat as it is to become obsessed with the myth of a super Soviet conspiracy
manipulating our essential political processes.” He maintained that free
societies must expose disinformation on a “persistent and continuing” basis.
Over the past year, Congress passed three statutes encouraging the Executive
Branch to investigate, expose, and counter malign foreign influence operations.
Publicly exposing such activities has long been a feature of U.S. law. The
Foreign Agents Registration Act, which Congress enacted in 1938 to deter Nazi
propagandists, mandates that the American public know when foreign governments
seek to influence them.
Knowledge is power. In 1910, Theodore Roosevelt delivered a timeless speech
about the duties of citizenship. It is best known for the remark that “it is not
the critic who counts.” But Roosevelt’s most insightful observation is that the
success or failure of a republic depends on the character of the average
citizen. It is up to individual citizens to consider the source and evaluate the
credibility of information when they decide what to believe.
Heated debates and passionate disagreements about public policy and political
leadership are essential to democracy. We resolve those disagreements at the
ballot box, and then we keep moving forward to future elections that reflect the
will of citizens. Foreign governments should not be secret participants,
covertly spreading propaganda and fanning the flames of division.
The government plays a central role in combating malign foreign influence and
other cyber threats. The Attorney General’s Cyber-Digital Task Force report
demonstrates that the Department of Justice is doing its part to faithfully
execute our oath to preserve, protect, and defend America.
I regret that my time today is insufficient to describe the report in greater
detail. It is available on the Department of Justice website. I hope you read it
and find it a useful contribution to public discussion about one of the most
momentous issues of our time.
In brief, the report explains that we must continually adapt criminal justice
and intelligence tools to combat hackers and other cybercriminals. Traditional
criminal justice is most often characterized by police chasing criminals and
eyewitnesses pointing out perpetrators in courtrooms. Cybercrime requires
additional tools and techniques.
We limit cybercrime damage by seizing or disabling servers, domain names, and
other infrastructure that criminals use to facilitate attacks. We shut down the
dark markets where criminals buy and sell stolen information. We restore control
of compromised computers. We share information gathered during our
investigations to help potential victims protect themselves. We seek
restitution for victims. We pursue attribution and accountability for
perpetrators. And we expose governments that defraud and deceive our citizens.
The Task Force report is just one aspect of our efforts. It is a detailed
snapshot of how the Department of Justice assesses and addresses current cyber
threats. The work continues, and not just within our Department.
Our government is doing more now than ever to combat malign foreign influence
and other cyber threats. Trump Administration agency appointees and White House
officials work with career professionals every day to prevent cybercrime and
protect elections.
Our adversaries will never relent in their efforts to undermine America, so we
must remain eternally vigilant in the defense of liberty, and the pursuit of
justice. And we must approach each new threat united in our commitment to the
principle reflected in the motto adopted at the founding of our Republic: e
pluribus unum.
