As the new Congress begins, it will soon discuss the comprehensive reports to the U.S. Senate on the disinformation campaign of half-truths, outright fabrications and misleading posts made by agents of the Russian government on social media in the run-up to the 2016 presidential election.
After years of anemic responses to Russian influence efforts, official U.S. government policy now includes taking action to combat disinformation campaigns sponsored by Russia or other countries. In May 2018, the Senate Intelligence Committee endorsed the concept of treating attacks on the nation’s election infrastructure as hostile acts to which the U.S. “will respond accordingly.” In June, the Pentagon unleashed U.S. Cyber Command to respond to cyberattacks more aggressively, and the National Cyber Strategy published in September 2018 clarified that “all instruments of national power are available to prevent, respond to, and deter malicious cyber activity against the United States.”
There are already indications that Cyber Command conducted operations against Russian disinformation on social media, including warning specific Russians not to interfere with the 2018 elections. However, low-level cyberwarfare is not necessarily the best way. European countries, especially the Baltic states of Estonia, Latvia and Lithuania, have confronted Russian disinformation campaigns for decades. Their experience may offer useful lessons as the U.S. joins the battle.
The Baltic experience
Beginning in 1940 and continuing until they declared independence in the early 1990s, the Baltic countries were subjected to systematic Russian gaslighting designed to make people doubt their national history, culture and economic development.
The Soviets rewrote history books to falsely emphasize Russian protection of the Baltic people from invading hordes in the Middle Ages, and to convey the impression that the cultural evolution of the three countries was enabled by their allegiance and close ties to Russia. Even their national anthems were rewritten to pay homage to Soviet influence.
Soviet leaders devalued Baltic currencies and manipulated economic data to falsely suggest that Soviet occupation was boosting the Baltic economies. Further, Soviet authorities settled ethnic Russians in the Baltic countries, and made Russian the primary language used in schools.
Since the fall of the Soviet Union and the independence of the Baltic countries, the Russian Federation has continued to deliver disinformation to the region, making extensive use of Russian-language social media. Some themes characterize the Baltic people as ungrateful for Soviet investment and aid after World War II. Another common message criticizes Baltic historians for “falsification of history” when really they are describing the real nature of the Soviet occupation.
A massive Russian attack
After independence, and as the internet grew, Estonia led the way in applying technology to accelerate economic development. The country created systems for a wide range of government and commercial services, including voting, banking and filing tax returns electronically. Today, Estonia’s innovative e-residency system is being adopted in many other countries.
These advances made the Baltics a prime target for cyberattacks. In the spring of 2007, the Russians struck. When Estonia moved a monument memorializing Soviet soldiers from downtown Tallinn, the country’s capital, to a military cemetery a couple of miles away, it provoked the ire of ethnic Russians living in Estonia as well as the Russian government.
For three weeks, Estonian government, financial and media computer systems were bombarded with enormous amounts of internet traffic in a “distributed denial of service” attack. In these situations, an attacker sends overwhelming amounts of data to the targeted internet servers, clogging them up with traffic and either slowing them down or knocking them offline entirely. Despite concerns about the first “cyber war,” however, these attacks resulted in little damage. Although Estonia was cut off from the global internet temporarily, the country’s economy suffered no lasting harm.
These attacks could have severely damaged the country’s financial system or power grid. But Estonia was prepared. The country’s history with Russian disinformation had led Estonia to expect Russian attacks on computer and information systems. In anticipation, the government spearheaded partnerships with banks, internet service providers and other organizations to coordinate responses to cyberattacks. In 2006, Estonia was one of the first countries to create a Computer Emergency Response Team to manage security incidents.
The Baltic response
After the 2007 attack, the Baltic countries upped their game even more. For example, Estonia created the Cyber Defense League, an army of volunteer specialists in information technology. These experts focus on sharing threat information, preparing society for responding to cyber incidents and participating in international cyber defense activities.
Internationally, Estonia gained approval in 2008 to establish NATO’s Cooperative Cyber Defense Center of Excellence in Tallinn. Its comprehensive research into global cyber activities helps identify best practices in cyber defense and training for NATO members.
In 2014, Riga, the capital of neighboring Latvia, became home to another NATO organization combating Russian influence, the Strategic Communications Center of Excellence. It publishes reports on Russian disinformation activities, such as the May 2018 study of the “Virtual Russian World in the Baltics.” That report analyzes Russian social media activities targeting Baltic nations with a “toxic mix of disinformation and propaganda.” It also provides insight into identifying and detecting Russian disinformation campaigns.
“Baltic elves” – volunteers who monitor the internet for Russian disinformation – became active in 2015 after the Maidan Square events in the Ukraine. And the Baltic nations have fined or suspended media channels that display bias.
The Baltic countries also rely on a European Union agency formed in 2015 to combat Russian disinformation campaigns directed against the EU. The agency identifies disinformation efforts and publicizes accurate information that the Russians are seeking to undermine. A new effort will issue rapid alerts to the public when potential disinformation is directed against the 2019 European Parliament elections.
Will the ‘Baltic model’ work in the US?
Because of their political acknowledgment of threats and actions taken by their governments to fight disinformation, a 2018 study rated Estonia, Latvia and Lithuania the three European Union members best at responding to Russian disinformation.
Some former U.S. officials have suggested adopting similar practices, including publicizing disinformation efforts and evidence tying them to Russia. The Senate Intelligence Committee has called for that too, as has the Atlantic Council, an independent think tank that focuses on international affairs.
The U.S. could also mobilize volunteers to boost citizens’ and businesses’ cyberdefenses and teach people to identify and combat disinformation.
Disinformation is a key part of Russia’s overall effort to undermine Western governments. As a result, the battle is ever-changing, with Russians constantly trying new angles of attack and target countries like the Baltic nations identifying and thwarting those efforts. The most effective responses will involve coordination between governments, commercial technology companies and the news industry and social media platforms to identify and address disinformation.
A similar approach may work in the U.S., though it would require far more collaboration than has existed so far. But backed by the new government motivation to strike back when provoked, the methods used in the Baltic states and across Europe could provide a powerful new deterrent against Russian influence in the West.