‘Maintain public confidence’: Obama’s plan to defend from election cyberattacks
The Obama administration quietly set up an interagency task force to deal with possible physical and cyber disruptions of the 2016 US presidential election, but believed most cyber incidents would be “unsubstantiated or inconsequential.”
Time magazine, which obtained and published the 15-page Concept of Operations document on Thursday, wrote that the plan was put in place to counter “Russian hacking.” The actual word “Russia” appears nowhere in the document, however.
The planning document, which Time dated to October 2016, shows that the Obama administration set up the Cyber Unified Coordination Group (UCG) to coordinate the response of various federal agencies to “reports of cyber incidents impacting election infrastructure.”
Exclusive: Read the Previously Undisclosed Plan to Counter Russian Hacking on Election Day https://t.co/W3mvcRKBnX
— Ryan Teague Beckwith (@ryanbeckwith) July 20, 2017
In addition to a lot of training, advice and interagency communication, the first specific action the agencies were instructed to take was to “develop integrated public relations guidance that seeks to maintain public confidence in the electoral system” ‒ a task that fell on the Department of Homeland Security’s (DHS) Office of Public Affairs. The Department of Justice, Director of National Intelligence, and the FBI were supposed to assist with that task.
Any public statements “should be developed to avoid inadvertently calling into doubt the integrity of the voting process and to avoid negative impacts to voter turnout,” the document said.
The FBI was to set up a national command post at its headquarters in Washington, DC, from which it would monitor reports from the entire country from 6am to midnight on Election Day. The FBI would also establish Cyber Incident Command Center (CICC), starting on November 7.
A cyber threat intelligence center was to work with the intelligence community to “aggregate relevant intelligence and information to build and maintain a common threat and incident picture” that would then “set cyber incidents in the context of adversary activity across all domains to draw connections and implications," the document says.
Cyber Action Teams (CAT) were set up at 26 FBI field offices and one overseas location, ready to deploy in case of a serious incident. Six interagency coordination calls were scheduled for Election Day, once every three hours between 6am and midnight.
The coordination mechanism was supposed to stay in effect until November 11, to “address any post-election cyber incidents (e.g. planted stories calling into question the results).”
For all the concern about potential cyberattacks on the US election systems, however, the document noted that “the vast majority of cyber incidents will be assessed as ‘baseline’ or ‘low’ on the schema,” based on DHS intelligence assessments.
“These are unsubstantiated or inconsequential events, or events that are unlikely to impact health or safety, national security, economic security, foreign relations, civil liberties, or public confidence,” the document explained.