“I think we’re concerned about the same usual suspects in terms of nation states—Russia, Iran, China, each in their own way,” Wray said.
He recalled something another FBI official recently said: “The Russians are trying to get us to tear ourselves apart, the Chinese are trying to manage our decline, and the Iranians are trying to get us to get out of their way.”
“And we’re not going to do any of the above,” Wray said.
The pair described their agencies’ work to address these challenges at a fireside chat at the ninth International Conference on Cyber Security, held at Fordham on July 19.
Nakasone called 2020 “the pivotal year for the nation in cyberspace,” and said it taught him and his agency lessons that they’re applying today.
“We ended 2020 with SolarWinds [a cyberattack], and then we begin 2021 with a number of different instances,” he said, citing the Colonial Pipeline ransomware attack and others. “I know that informed me to think differently about what I should be expecting in the fall of 2022 … I’m thinking about traditional adversaries, I’m thinking about additional tradecraft, I’m thinking about new and unique ways that an adversary might try to disrupt or try to influence our elections.”
Even with Russia’s invasion into Ukraine and efforts there, Wray said they’re still expecting Russia to try and interfere in U.S. elections, and they’re working to prepare for it.
“I’m quite confident the Russians can walk and chew gum,” he said. “We are prepared and postured to counter both.”
He also noted that while some countries, like North Korea, have similar methods to the Russians, they are “differently situated.”
“North Korea, in many ways, is a cyber criminal syndicate posing as a nation state,” he said.
New and Evolving Threats
Wray said the agencies need to be prepared for “hybrid threats,” or those that start online and move into the physical world. He gave the example of how in the lead-up to the U.S. 2020 presidential election, two Iranian nationals led a campaign that aimed to “intimidate and influence American voters.”
The two individuals started by obtaining U.S. voter information from a state election website, before they sent emails where they pretended to be part of “a group of Proud Boys volunteers,” and created a video filled with disinformation, according to an FBI release.
“There was a little bit of hacking, but the disinformation layer that they built on top of that magnified potentially the risk of what would be relatively modest hacking,” he said.
Wray also cited Chinese multi-pronged attempts to interfere with a New York congressional candidate, Yan Xiong, who had previously participated in the Tiananmen Square protests before he became a naturalized U.S. citizen.
“We recently announced charges here in New York involving the [People’s Republic of China]’s efforts to detail a congressional candidate that started with, first, [them trying to]see if they could dig up dirt to prevent the candidate from being elected, and then if that didn’t work maybe manufacture dirt about the candidate, and when that didn’t work, [thinking]maybe we can have this candidate suffer ‘an accident,’” Wray said.
Wray said stopping these types of operations requires a mix of public exposure and law enforcement efforts.
“Most of these operations—if you think of them as influence operations—exposing them is a significant antidote to them,” Wray said. “But we also need some other kinds of disruption operations—arrests….sanctions.”
Dealing with Challenges at Home and Abroad
Wray said that the FBI focused on three main things related to election security: dealing with “foreign, malicious actors” pushing out fake information; investigating malicious cyber actors, both foreign and domestic, who target election infrastructure; and prosecuting federal election crimes ranging from campaign finance violations to voter fraud to violence.
“I think the first thing people need to be clear is we’re not the truth police,” he said. Their role is “targeting foreign and domestic malicious actors,” he said, and investigating federal election crimes and threats of violence.
He noted that violence, in any form, would be something the FBI would take action against, particularly the “alarming rise” of threats of violence against election workers.
“The idea that they would become targets of threats of violence is totally unacceptable,” he said.
Wray said that the attacks on the Capitol on January 6, 2021, were “a manifestation of another phenomenon, which is deeply troubling.”
“There are way too many people, in this country and to some extent, other countries, who are choosing to manifest their ideological, political, or social views through violence … in the case of January 6, [it was]that plus an effort to interfere with one of our most sacred constitutional processes,” he said. “There is a right way and a wrong way to express your views under our First Amendment, and violence and destruction of property, violence against law enforcement, that’s not okay. That is not First Amendment activity.”
Partnering with Each Other and the Public
He encouraged members of the public to play their role in helping protect the sacredness of elections.
“The best defense against malicious, foreign interference, all the way to something like a January 6th, is an enlightened, thoughtful public,” he said.
Working with the private sector, academic institutions, and members of the general public, in addition to collaborating with each other, are essential for both agencies, the directors said.
“What I learned in 2020 was the power of being able to engage with academic institutions and the private sector, with people that actually have this expertise that are looking at either ransomware or influence operations,” Nakasone said. “We bring the foreign insights of what the adversary is doing, the tradecraft, the techniques that they’re utilizing outside the United States.”
Wray said that today, all of the FBI field offices have “private sector coordinators” who lead their partnerships with local organizations and institutions.
Nakasone said that these kinds of relationships are not just beneficial for agencies like the FBI and NSA, they’re beneficial to members of those organizations too.
“It’s our insights on foreign intelligence—that’s something that the private sector just relishes,” he said. “The second thing is talent. When you’re on the other end of the line, you’re talking to an analyst from the U.S. Cyber Command and the National Security Agency. You’re talking to someone that is incredibly talented in terms of what they’re seeing, what they understand, the perspective of what they bring.”