2020 Thematic Brief: US Cybersecurity Efforts

Cybersecurity shutterstock 251313145

Takeaways

Cybercrime is exploding. Malicious cyber actions by America’s adversaries are becoming more sophisticated. And cybersecurity remains a top national security issue for the United States. But while we are spending huge amounts of effort to secure our systems, our ability to go after attackers is woefully outdated.

As COVID-19 continues to ravage the globe, malicious actors are exploiting the pandemic and committing cyberattacks for a variety of motives. Nation-states, terrorists, criminal groups, and lone actors have launched cyberattacks and committed cybercrime against large businesses and private citizens, causing devastating impacts to US national and economic security.

While federal, state, and local agencies have taken steps to reduce cyber threats, the Trump Administration has not provided nearly enough resources, does not coordinate efforts, and denies risks posed to election infrastructure.

Here’s what Congress must do:

  1. Go after the bad actors. We must improve the US government’s capabilities to identify, stop, and punish human cyber attackers in order to close the yawning cyber enforcement gap: the number of cyberattacks launched per year in the United States versus the number of arrests of malicious cyber actors;
  2. Secure America’s election infrastructure and combat foreign interference and disinformation efforts; and
  3. Re-establish the United States as a global leader in setting policy around how different actors should behave in cyberspace and boost international cooperation and capacity around these issues.

Cybersecurity remains a top national security issue for the United States, with a wide range of actors posing cyber threats that have economic and national security consequences.

Malicious cyber activity, including cybercrime, has caused devastating impacts to US economic and national security. As Americans increasingly perform more of their daily lives online due to COVID-19, these attacks have only worsened.  

A single cyber incident can disrupt thousands of systems worldwide and cost billions of dollars. For example, the NotPetya cyberattack, the most damaging cyberattack in history, caused over $10 billion in damage.1The White House Council of Economic Advisors estimated in 2016 that malicious cyber activity costs the US economy between $57 billion and $109 billion per year.2Other estimates put the number as high as $3 trillion for the global economy annually.3Criminals often perpetrate these attacks for financial gain and target computer networks to conduct data theft, fraud, ransomware, and other illicit activities.4They have also taken advantage of the pandemic, with one estimate showing a 238% rise in cybercrimes against the global financial sector between February and April compared to previous months.5These attacks tend to be perpetrated through “business email compromise” techniques where a criminal sends malware-laced emails to victims; the Federal Bureau of Investigation (FBI) found that these attacks have increased throughout the United States since the pandemic began.6These criminals have also stolen COVID-19 stimulus and unemployment checks from individuals and families, with the US Secret Service noting that $30 billion could be stolen.7Unfortunately, the perpetrators behind these attacks often reside in different countries than the victims, making it very difficult to catch them. Based on Third Way’s analysis, there are only three arrests for every 1,000 malicious incidents.

Beyond financial harm, cyberattacks constitute a serious threat to US national security and public health, which has become amplified during the COVID-19 pandemic. The FBI’s Internet Crime Complaint Center (IC3) received a 400% increase in daily complaints, totaling nearly 4,000, since the pandemic began.8And of particular concern, malicious cyber actors have targeted hospitals treating COVID-19 patients and research institutions working on the developing of COVID-19 vaccines and treatments. In May 2020, US government agencies issued a joint statement with the United Kingdom to warn health care bodies, pharmaceutical companies, universities, and others that nation-state actors could launch cyberattacks against them to steal intellectual property.9Similarly, the FBI and Department of Homeland Security (DHS) issued a warning that the Chinese government is targeting COVID-19 researchers, which could “jeopardize the delivery of secure, effective, and efficient treatment options.”10Indeed, the University of California San Francisco, which was researching for a COVID-19 cure, was hit with a ransomware attack and paid over a million dollars to unlock its data, though the US government has not attributed the attack to China.11The health care industry, though, is just one of several critical infrastructure sectors—such as telecommunications, electrical grids, and dams—that malicious actors target through cyber activity to threaten US national security.12

Even the most essential critical infrastructure to our government, our election system, is not immune from these threats—as Russia’s interference in the 2016 presidential election demonstrates.13Attempts to manipulate our political system through social media have been pervasive and effective. These tactics can be highly effective, and are exacerbated by the fact that over 50% of Americans receive their news from social media14and many have said they have a difficult time discerning the difference between fake and true news.15In fact, misinformation moves six times faster than the truth on Twitter.16

The US intelligence community and the investigation led by Special Counsel Robert Mueller concluded that Russia launched malicious cyber operations to influence the outcome of the 2016 presidential election and help Donald Trump get elected.17The US government indicted at least 26 Russian nationals and three Russian companies for illegally using social media or hacking into computer networks to interfere in the 2016 US election.18Their tactics included stealing data, using fraudulent accounts, staging political rallies, and promoting pro-Trump or anti-Clinton messages through political advertisements.19

Despite these indictments, the Russians were not deterred from trying to interfere in the 2018 midterm elections. Fearing that the Russians would promote damaging fake news on Election Day in 2018, the US military reportedly actively blocked internet access by the Internet Research Agency, the primary Russian entity responsible for creating and disseminating misinformation.20FBI Director Chris Wray would go on to say that Russian interference in the 2018 elections “was at full speed” and a “dress rehearsal for 2020.”21Since then, DHS and the FBI have warned states that the Russians will try to interfere in America’s upcoming elections.22Chinese and Iranian actors have also begun emulating these actions, including reportedly sending virus-laced emails to the Biden and Trump campaigns.23

The Trump Administration’s cybersecurity efforts are underfunded, unmeasurable, and uncoordinated.

While the Trump Administration has taken some steps to expand the US government’s cybersecurity efforts, the agencies responsible for implementing these actions are uncoordinated, have seen their budgets slashed, and lack adequate metrics to determine their effectiveness in reducing the threat.

In the fall of 2018, the White House released the “National Cyber Strategy of the United States,” which detailed how the Administration would create or update policies to combat cyber threats, including cybercrime. This includes participating in global forums to establish international norms and standards, conducting international capacity building efforts to boost the ability of other governments to investigate cybercrime, and hosting gatherings to improve relationships with various law enforcement partners, among other activities.24And in light of the COVID-19 pandemic, federal law enforcement agencies have collaborated with companies to remove  hundreds of malicious websites related to COVID-19 scams.25Similarly, federal agencies have created taskforces with Connecticut, Delaware, Virginia, and West Virginia to investigate and prosecute cybercrime related to the pandemic.26

Unfortunately, President Trump eliminated the White House Cyber Coordinator position within the National Security Council (NSC), leaving coordination to two senior director-level NSC officials,27and downgraded the State Department’s Coordinator for Cyber Issues.28The recent US Cyberspace Solarium Commission’s report highlighted this challenge and noted the need for a national cyber director in the White House to coordinate cybersecurity strategy throughout the executive branch—though questions remain about the viability of the proposed structure of this office.29

Further, budgets for federal agencies with cyber enforcement missions have not reflected the increased threat. For example, the White House proposed to reduce the State Department’s International Narcotics and Law Enforcement Bureau’s global capacity building programming for cybercrime and international property rights from $10 million to $5 million the past three years.30Congress rejected these cuts and has thus far appropriated the full $10 million. The National Computer Funding Institute (NCFI), which offers training courses to state and local law enforcement, prosecutors, and judges, also saw a proposed budget cut from $30 million to $4 million for FY2021, significantly below the $35 million needed to operate at full capacity.3132Likewise, the FBI’s National Domestic Communications Assistance Center (NDCAC)—which offers various technical and training assistance to state and locals on digital evidence—had seen their budget decrease 25% over the past eight years while the FBI’s total budget has increased roughly 16% in that same time.33On election security, the Trump Administration and congressional Republicans have stymied efforts to support further funding. While Congress has appropriated over $800 million for election security since 2016,34including an additional $400 million for making them safe as the COVID-19 pandemic continues to spread, this is still well short of the estimated $2 billion needed to adequately secure election infrastructure.35These shortfalls are primarily due to congressional Republicans blocking efforts to provide additional election security funds to state and local governments.36

The Administration’s actions also lack metrics for evaluating their effectiveness in reducing the cyber threat. The National Cyber Strategy does not detail, for example, any framework for monitoring and evaluating the impact of its proposed actions or call for any implementing entities to develop such frameworks. These metrics provide essential information for evaluating how many law enforcement personnel require training to improve response efforts, the impact of indictments and apprehensions on deterring cybercriminals, and the percentage increase in international capacity to combat cybercrime as a result of US programming. While these national strategies tend to be broad and non-prescriptive, strategic implementation plans tend to accompany them to detail these types of metrics and how they should be achieved.37No such implementation plan is known to exist for this strategy.

Congress must hold the Trump Administration accountable for its lack of clarity and consistency in its cyber approach and push for an aggressive and comprehensive cybersecurity strategy for the United States that prioritizes cybercrime enforcement. Congress can consider several pieces of legislation that can achieve this by bolstering resources for cybercrime enforcement training, improving the US government’s capacity to engage in international forums, and securing our elections. For instance, the “Technology in Criminal Justice Act of 2019” (H.R.5227) would distribute and expand grants for institutions to train federal, state, and local law enforcement personnel in digital evidence activities, among other things.38And the “Cyber Diplomacy Act of 2019” (H.R. 739) would enable the United States to more fully engage in the international arena related to cybersecurity by creating an Office of International Cyberspace Policy in the State Department.39Lastly, Members of Congress should continue to advocate for increased funding for state and local governments to secure their election infrastructure, such as in future COVID-19 stimulus packages like “The Heroes Act” (H.R. 6800).40

Congress must now take action to strengthen the US government’s efforts to combat malicious cyber activity.

To strengthen the US government’s efforts to combat malicious cyber activity and create coherence and effectiveness in the government’s approach, Congress must act now to:

1. Improve the US government’s capabilities to identify, stop, and punish human cyber attackers to close the cyber enforcement gap.

The United States requires a rebalance in its cybersecurity policies: from a heavy focus on building better cyber defenses against intrusion to waging a more robust effort to prosecute human attackers. Achieving this would require a more balanced approach that places greater emphasis on law enforcement and diplomacy. Congress can stop the cybercrime wave and close the cyber enforcement gap by transforming law enforcement, enabled by diplomacy and international capacity building, to punish and hold accountable human beings perpetrating or ordering attacks.

Third Way established 10 policy areas that require urgent attention from Congress to reduce the cyber enforcement gap:

Image Alt Text

As a first step, Congress must work to establish a baseline to understand the scope of the cyber enforcement problem. This will lay the foundation for a comprehensive strategy aimed at closing the cyber enforcement gap. A comprehensive assessment of current government efforts across all agencies with a role in cyber enforcement is required to determine what works, what might need to be amplified, and what might need to change. Establishing a baseline would include requiring a government-wide assessment of the current levels of US law enforcement actions,41as well as an analysis of the amount and effectiveness of support provided to other countries by the US State Department to build their capacity around cyber investigations.42Without baseline statistics, Congress will face difficulties in measuring government efforts and making an informed case for budget increases necessary to support increased enforcement levels. Congress can address this by mandating these baseline assessments and pushing for cyber enforcement agencies to establish better metrics to measure the extent of the problem.43

Second, despite the lack of metrics, Congress can question the Trump Administration’s proposed budget cuts to cyber initiatives and evaluate whether agencies have sufficient funds to fulfill their roles and responsibilities. In annual appropriations bills, Members of Congress may want to identify areas in the Administration’s National Cyber Strategy where further resources may be needed to implement the actions. And to ensure the Administration spends funds efficiently, Congress can conduct oversight on how cybercrime enforcement policies are coordinated and evaluated across departments and agencies. The answers to these questions are imperative as cybercrime continues to rise during the COVID-19 pandemic and the need for interagency, private, and international partnerships to stop criminals is becoming increasingly paramount.44

2. Invest in securing America’s election infrastructure and combating foreign interference and disinformation efforts.

As US adversaries continue to launch various cyber tactics against US democratic processes and institutions, Congress needs to invest in securing America’s election infrastructure, ensuring campaigns do not receive foreign assistance, and combating disinformation efforts at all costs.

First, Congress should appropriate sufficient funding to state and local governments to adequately protect their election infrastructure from cybersecurity threats leading up to the 2020 elections and beyond. While election security experts have identified measures to enhance the cybersecurity of election infrastructure—such as voter registration databases, voting machines, and reporting systems—state and local governments lack the funds necessary to fully implement these measures. Security officials agree that local jurisdictions need voter-verified paper audit trails, risk-limiting audits, paper ballots, and additional tried and tested security measures to enhance their security postures.45Unfortunately, only half of the states with paperless voting machines in 2016 will have replaced them by the 2020 elections, meaning that 12% of voters will vote on paperless equipment in 2020.46Further, 26 states do not require post-election audits.47As a result, election officials may struggle in verifying voters’ ballots in the wake of any actual or perceived interference. Fortunately, House Democrats passed the Heroes Act (H.R. 6800) in May 2020, which would allocate over $3.5 billion to minimize COVID-19 risks to voters and enhance voter security.48As the elections loom, it will be increasingly difficult for election officials to implement these security measures. Nonetheless, Congress should continue to advocate for additional spending for measures that can be implemented immediately and ensure funding is sustained over several years.

Second, Congress should consider legislative proposals to mitigate the impact of foreign actors meddling in the elections by reducing their ability to offer assistance to candidates and campaigns. Just as the Russians hacked Hilary Clinton’s campaign and various Democratic Party organizations to support Donald Trump in 2016,49the FBI and DHS have warned that they are expected to perform similar tactics in 2020. But Republicans have resisted efforts to mitigate this threat.50The Democratic Congressional Campaign Committee (DCCC) has twice requested that the National Republican Congressional Committee (NRCC) not use hacked materials in the 2020 elections. The NRCC has denied the requests both times.51Congress should consider legislative proposals that would require presidential campaigns to report foreign contacts and assistance before the elections.52Additionally, Congress should consider further actions to protect America’s elections from foreign interference and discourage the use of hacked materials, such as establishing norms on how the media handles stolen information, mandating transparency in the use of foreign consultants and companies in campaigns, and increasing transparency concerning candidate’s foreign business interests.53

Lastly, Congress must work to combat foreign disinformation campaigns aimed at sowing division among the American public and injecting doubts in voters’ minds about the democratic process. The Russians have begun instituting lessons learned from their 2016 experience to be more effective in disseminating disinformation in the 2020 election. Congress must educate the public about disinformation efforts by Russia and other governments and condemn President Trump’s attempts to ignore or downplay them. Congress must also collaborate with technology companies to shore up their defenses against foreign influence operations and protect against the spread of disinformation.54

3. Re-establish the United States as a global leader in setting policies on behavior in cyberspace and boost international cooperation and capacity on this issue.

The global nature of the cyber threat requires dedicated and deliberate leadership and coordination at the highest echelons of the US government. Given the scope of countries impacted by cyber threats, little progress can be made in America’s cybersecurity efforts if our cyber diplomatic and development efforts are not expanded and strengthened. To catch international cybercriminals, America needs a coordinated international effort and cooperation on cyber investigations.

Legislation such as the “Cyber Diplomacy Act of 2019” (H.R. 739) to elevate the Office of the Coordinator for Cyber Issues at the State Department is a critical first step, but is not enough.55The office must also receive a clear mandate that includes a focus on closing the cybercrime enforcement gap, strengthening its efforts to identify the perpetrators of cyberattacks, and implementing diplomatic training programs. Congress must also provide it with the necessary resources and personnel to implement those initiatives. Positioning and equipping the State Department as a key entity on the global stage is critical to drive forward a rebalance in America’s cybersecurity approach.

Congress must also continue to encourage strong US leadership in international forums aimed at establishing norms guiding the behavior of nations in cyberspace and push for the US government itself to abide by any agreed upon norms. The development of new, and strengthening of existing, global cyber norms was a component of the US International Cyberspace Policy articulated in the “Cyber Diplomacy Act” and was also highlighted in the final report of the US Cyberspace Solarium Commission.56Members of Congress have also directly called on the State Department to step up its leadership in this area.57 While the Trump Administration continues to undermine these efforts by disengaging and pulling funds from international organizations and forums and eliminating the position of America’s top cyber diplomat, Congress must step in and promote US leadership in these efforts and ensure these entities have adequate resources to continue their missions.58

Lastly, Congress must provide adequate resources to global cyber capacity building efforts and push for more accountability in how these resources are being spent. The US government, primarily through the Departments of State and Justice, provides support to programs aimed at building the capacity of priority foreign governments on a wide range of cybersecurity issues. This includes providing support to programs aimed at strengthening the capability of criminal justice sectors in other countries to investigate and prosecute cybercrime. Yet, it is unclear how much the US government is spending on these efforts and what metrics are being used to monitor their impact, guide decisions on where and when resources are being deployed, and ensure adequate human rights safeguards are in place to prevent misuse or abuse. And funding for these efforts pales in comparison to the capacity building support provided by the US government to deal with other global threats such as terrorism. Congress can continue to push for such evaluations and ensure through annual appropriations bills that adequate resources are provided to these global cyber capacity building efforts commensurate to the threat.59

Conclusion

As the COVID-19 virus continues to devastate the United States, malicious cyber actors will continue to exploit the pandemic for their own gain. While the executive branch has taken a number of actions to impose consequences on the perpetrators of this cyber activity, the Trump Administration’s approach to this threat remains incoherent and inadequate, starting with the President’s refusal to acknowledge Russia’s attempt to influence the 2016 presidential elections. The Administration has eliminated critical cyber positions from the White House and the State Department, undoing the progress made in previous administrations. Congressional Republicans, along with the White House, have also impeded substantial investment to secure our elections.

Congress has an opportunity to assert its authority and act in our national security interest by taking actions in a number of areas, including: 1) improving the US government’s capability to identify, stop, and punish malicious cyber actors; 2) investing in election security and combatting foreign influence operations; and 3) re-establishing the US as a global leader in cyberspace.

Topics
  • Cybersecurity58

Endnotes

  1. Greenberg, Andy. “The Untold Story of NotPetya, the Most Devastating Cyberattack in History.” Wired, 7 Dec. 2018, www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/. Accessed 4 Jan. 2019.

  2. United States, White House, The Council of Economic Advisers. The Cost of Malicious Cyber Activity to the U.S. Economy. February 2018, www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-Malicious-Cyber-Activity-to-the-U.S.-Economy.pdf, p. 1. Accessed 4 Jan. 2019.

  3. Sterling, Bruce. “Global Cybercrime. Costs a Trillion Dollars. Maybe 3.” Wired, 19 July 2017, www.wired.com/beyond-the-beyond/2017/07/global-cybercrime-costs-trillion-dollars-maybe-3/. Accessed 4 Jan. 2019.

  4. United States, Department of Justice, Office of Legal Education, Prosecuting Computer Crimes, 1 Jan. 2015, www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf, p. V. Accessed 3 Oct. 2018.

  5. Kellerman, Tom and Ryan Murphy. Modern Bank Heists 3.0 25 CISOs from leading financial institutions reveal their thoughts on the 2020 attack landscape. VMware Carbon Black, May 2020. www.carbonblack.com/wp-content/uploads/2020/05/VMWCB-Report-Modern-Bank-Heists-2020.pdf. Accessed 9 June 2020.

  6. “FBI Anticipates Rise in Business Email Compromise Schemes Related to the COVID-19 Pandemic.” Press Release, Federal Bureau of Investigation, 6 Apr. 2020, www.fbi.gov/news/pressrel/press-releases/fbi-anticipates-rise-in-business-email-compromise-schemes-related-to-the-covid-19-pandemic. Accessed 30 Aug. 2020. Hindocha, Anisha and Ishan Mehta. “How Many Ransomware Attacks Have Happened in Your District?” Third Way, 15 Apr. 2020, www.thirdway.org/memo/how-many-ransomware-attacks-have-happened-in-your-district. Accessed 30 Aug. 2020.

  7. Popper, Nathaniel. “‘Pure Hell for Victims’ as Stimulus Programs Draw a Flood of Scammers.” The New York Times. 22 Apr. 2020, www.nytimes.com/2020/04/22/technology/stimulus-checks-hackers-coronavirus.html. Accessed 11 May 2020. Miller, Maggie. “Senior official estimates $30 billion in stimulus funds will be stolen through coronavirus scams.” The Hill, 9 June 2020, thehill.com/policy/cybersecurity/501936-senior-official-estimates-30-billion-in-stimulus-funds-will-be-stolen. Accessed 30 Aug. 2020.

  8. Tucker, Eric and Christina A. Cassidy. “FBI official: Number of coronavirus cyber complaints on rise.” AP News, 21 Apr. 2020, apnews.com/dadffbc0337943a08a82f8d57d340795. Accessed 6 May 2020.

  9. United States, Cybersecurity and Infrastructure Security Agency. “APT Groups Target Healthcare and Essential Services.” May 5 2020. https://www.us-cert.gov/ncas/alerts/AA20126A Accessed 9 June 2020.

  10. United States, Federal Bureau of Investigations and Cybersecurity and Infrastructure Security Agency. “People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations.” May 13, 2020. www.cisa.gov/sites/default/files/publications/Joint_FBI-CISA_PSA_PRC_Targeting_of_COVID-19_Research_Organizations_S508C.pdf.pdf. Accessed 9 June 2020

  11. Tidy, Joe. “How hackers extorted $1.14m from University of California, San Francisco.” BBC News, 29 June 2020, www.bbc.com/news/technology-53214783. Accessed 30 Aug. 2020.

  12. United States, Department of Homeland Security. “Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors.” 15 March 2018, https://www.us-cert.gov/ncas/alerts/TA18-074A. Accessed Oct. 3 2018.

  13. Mazzetti, Mark, and Katie Benner. “12 Russian Agents Indicted in Mueller Investigation.” The New York Times, 13 July 2018, www.nytimes.com/2018/07/13/us/politics/mueller-indictment-russian-intelligence-hacking.html. Accessed 9 Oct. 2018.

  14. Shearer, Elisa and Elizabeth Grieco. “Americans Are Wary of the Role Social Media Sites Play in Delivering the News.” Pew Research Center, 2 Oct. 2019, www.journalism.org/2019/10/02/americans-are-wary-of-the-role-social-media-sites-play-in-delivering-the-news/. Accessed 26 May 2020.

  15. Santhanam, Laura. “American voters worry they can’t spot misleading information, poll finds.” PBS NewsHour, 21 Jan 2020, www.pbs.org/newshour/politics/social-media-disinformation-leads-election-security-concerns-poll-finds. Accessed 26 May 2020

  16. Greenmeier, Larry. “False news travels 6 times faster on Twitter than truthful news.” PBS News Hour, 9 Mar 2018, www.pbs.org/newshour/science/false-news-travels-6-times-faster-on-twitter-than-truthful-news. Accessed 26 May 2020.

  17. Collins, Eliza. “Yes, 17 Intelligence Agencies Really Did Say Russia Was behind Hacking.” USA Today, 16 Dec. 2016, www.usatoday.com/story/news/politics/onpolitics/2016/10/21/17-intelligence-agencies-russia-behind-hacking/92514592/. Accessed 26 May 2020.

  18. Vitkovskaya, Julie, et al. “Who’s been charges in Mueller-linked probes, and why.” The Washington Post, 12 Dec. 2018, www.washingtonpost.com/graphics/2017/national/robert-mueller-special-counsel-indictments-timeline/. Accessed 26 May 2020.

  19. “Read the Special Counsel's Indictment Against the Internet Research Agency and Others.” The New York Times, 16 Feb. 2018, www.nytimes.com/interactive/2018/02/16/us/politics/document-The-Special-Counsel-s-Indictment-of-the-Internet.html. Accessed 26 May 2020.

  20. Nakashima, Ellen. “U.S. Cyber Command operation disrupted Internet access of Russian troll factory on day of 2018 midterms.” The Washington Post, 27 Feb. 2019,  www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html. Accessed 26 May 2020.

  21. Williams, Pete. “FBI chief Wray: Russia works '365 days a year' to undermine American democracy.” NBC News, 26 April 2019, www.nbcnews.com/politics/national-security/fbi-chief-wray-russia-works-365-days-year-undermine-american-n999086. Accessed 26 May 2020.

  22. Tucker, Eric. “US: Russia could try to covertly advise candidates in 2020.” AP News, 4 May 2020, apnews.com/8e96b52c88d836a15f5668d8ba57b5f3. Accessed 26 May 2020.

  23. Sanger, David and Nicole Perlroth. “Chinese Hackers Target Email Accounts of Biden Campaign Staff, Google Says.” The New York Times, 4 June 2020, www.nytimes.com/2020/06/04/us/politics/china-joe-biden-hackers.html. Accessed 9 June 2020.

  24. For more information regarding recent international and domestic cybercrime enforcement actions, please see Peters, Allison and Anisha Hindocha. “US Global Cybercrime Cooperation: A Brief Explainer.” Third Way, 26 June 2020, www.thirdway.org/memo/us-global-cybercrime-cooperation-a-brief-explainer. Accessed 7 July 2020. Garcia, Michael and Anisha Hindocha. “Where Are We Now? Examining the Trump Administration’s Efforts to Combat Cybercrime.” Third Way, 22 June 2020, www.thirdway.org/report/where-are-we-now-examining-the-trump-administrations-efforts-to-combat-cybercrime. Accessed 30 Aug. 2020.

  25. “Department of Justice Announces Disruption of Hundreds of Online COVID-19 Related Scams.” Press Release, United States Department of Justice, Office of Public Affairs, 22 Apr. 2020, www.justice.gov/opa/pr/department-justice-announces-disruption-hundreds-online-covid-19-related-scams. Accessed 11 May 2020.

  26. “Connecticut Announces Joint Federal-State COVID-19 Fraud Task Force.” Press Release, United States Department of Justice, U.S. Attorney’s Office, District of Columbia, 6 May 2020, www.justice.gov/usao-ct/pr/connecticut-announces-joint-federal-state-covid-19-fraud-task-force. Accessed 11 May 2020; “Top Federal and State Prosecutors Form Delaware COVID-19 Anti-Fraud Coalition.” Press Release, United States Department of Justice, U.S. Attorney’s Office, District of Delaware, 24 Apr 2020, www.justice.gov/usao-de/pr/top-federal-and-state-prosecutors-form-delaware-covid-19-anti-fraud-coalition. Accessed 11 May 2020; “Federal and State Officials Launch Virginia Coronavirus Fraud Task Force.” Press Release, United States Department of Justice, U.S. Attorney’s Office, Western District of Virginia, 20 Mar. 2020, www.justice.gov/usao-wdva/pr/federal-and-state-officials-launch-virginia-coronavirus-fraud-task-force. Accessed 11 May 2020; “Federal and State Officials Launch West Virginia Coronavirus Fraud Task Force.” Press Release, United States Department of Justice, U.S. Attorney’s Office, Northern District of West Virginia, 31 Mar. 2020, www.justice.gov/usao-ndwv/pr/federal-and-state-officials-launch-west-virginia-coronavirus-fraud-task-force. Accessed 11 May 2020.

  27. Perloth, Nicole, and David Sanger. “White House Eliminates Cybersecurity Coordinator Role.” The New York Times, 15 May 2018, www.nytimes.com/2018/05/15/technology/white-house-cybersecurity.html. Accessed 26 May 2020.

  28. Johnson, Derek B. “Senate Panel Votes to Revive State Cyber Office.” FCW, fcw.com/articles/2018/06/26/cyber-state-senate-office.aspx. Accessed 20 May 2020.

  29. US Cyberspace Solarium Commission. United States Cyberspace Solarium Commission Report. March 2020, drive.google.com/file/d/1ryMCIL_dZ30QyjFqFkkf10MxIXJGT4yv/view Accessed May 11, 2020. Eoyang, Mieke and Anisha Hindocha. “Reexamining the Solarium Commission’s Proposal for a National Cyber Director.” Lawfare, 21 May 2020, www.lawfareblog.com/reexamining-solarium-commissions-proposal-national-cyber-director. Accessed 30 Aug. 2020.

  30. Peters, Allison and Amy Jordan. “Countering the Cyber Enforcement Gap: Strengthening Global Capacity on Cybercrime.” Journal of National Security Law and Policy, 13 Feb. 2020, jnslp.com/wp-content/uploads/2020/02/Countering_the_Cyber_Enforcement_Gap.pdf. Accessed 11 May 2020; Hindocha, Anisha. 2020 Reader’s Guide to Understanding the US Cyber Enforcement Architecture and Budget. Third Way, 26 Mar. 2020, /www.thirdway.org/report/2020-readers-guide-to-understanding-the-us-cyber-enforcement-architecture-and-budget. Accessed 11 May 2020.

  31. Hindocha, Anisha. 2020 Reader’s Guide to Understanding the US Cyber Enforcement Architecture and Budget. Third Way, 26 Mar. 2020, www.thirdway.org/report/2020-readers-guide-to-understanding-the-us-cyber-enforcement-architecture-and-budget. Accessed 11 May 2020.

  32. Carter, William A, and Jennifer C Daskal. Low-Hanging Fruit: Evidence-Based Solutions to the Digital Evidence Challenge. Center for Strategic and International Studies, July 2018, https://www.csis.org/events/low-hanging-fruit-evidence-based-solutions-digital-evidence-challenge, pp. 14-15. Accessed 12 May 2020.

  33. The National Domestic Communications Center Executive Advisory Board. “Report to the Attorney General.” National Domestic Communications Assistance Center, Federal Bureau of Investigation, July 2019, ndcac.fbi.gov/file-repository/second-report-to-ag-20190716.pdf/view. Accessed 11 May 2020.

  34. Parks, Miles. “Congress Allocates $425 Million For Election Security In New Legislation.” NPR, 16 December 2019. www.npr.org/2019/12/16/788490509/congress-allocates-425-million-for-election-security-in-new-legislation. Accessed 26 May 2020.

  35. Norden, Lawrence and Edgardo Cortes. “What Does Election Security Cost?” The Brennan Center, 15 Aug. 2019. www.brennancenter.org/our-work/analysis-opinion/what-does-election-security-cost. Accessed 26 May 2020.

  36. Parks, Miles. “Congress Allocates $425 Million For Election Security In New Legislation.” NPR, 16 December 2019. www.npr.org/2019/12/16/788490509/congress-allocates-425-million-for-election-security-in-new-legislation. Accessed 26 May 2020.

  37. An example of a strategic implementation plan is the “2011 Strategic Implementation Plan for Empowering Local Partners to Prevent Violent Extremism in the United States.” United States, White House. “2011 Strategic Implementation Plan for Empowering Local Partners to Prevent Violent Extremism in the United States.” 11 Dec. 2011 obamawhitehouse.archives.gov/sites/default/files/sip-final.pdf. Accessed May 12, 2020.

  38. United States, House of Representatives. “H.R.5227 – Technology in Criminal Justice Act of 2019.” 116th Congress, www.congress.gov/bill/116th-congress/house-bill/5227/text. Accessed 30 Aug. 2020.

  39. United States, House Foreign Affairs Committee. “H.R.739 – Cyber Diplomacy Act of 2019.” 116th Congress, www.congress.gov/bill/116th-congress/house-bill/739/text. Accessed 30 Aug. 2020.

  40. United States, House Appropriations Committee. “H.R.6800 – The Heroes Act.” 116th Congress, www.congress.gov/bill/116th-congress/house-bill/6800. Accessed 30 Aug. 2020.

  41. Mehta, Ishan. “The Need for Better Metrics on Cybercrime.” Third Way, 1 Oct. 2019, www.thirdway.org/memo/the-need-for-better-metrics-on-cybercrime. Accessed 30 Aug. 2020.

  42. “Engel & McCaul Call For Review of U.S. Efforts To Combat Cybercrime.” Press Release, U.S. House of Representatives Committee on Foreign Affairs, 20 June 2019, foreignaffairs.house.gov/2019/6/engel-mccaul-call-for-review-of-u-s-efforts-to-combat-cybercrime. Accessed 30 Aug. 2020.

  43. For more information on establishing baseline metrics, please see Mehta, Ishan. “The Need for Better Metrics on Cybercrime.” Third Way, 1 Oct. 2019, www.thirdway.org/memo/the-need-for-better-metrics-on-cybercrime. Accessed 9 June 2020.

  44. “Engel Calls on State Department to Combat Cybercrime.” Press Release, U.S. House of Representatives Committee on Foreign Affairs, 8 July 2020, foreignaffairs.house.gov/2020/7/engel-calls-on-state-department-to-combat-cybercrime. Accessed 30 Aug. 2020.

  45. McFaul, Michael. “Securing American Elections: Prescriptions for Enhancing the Integrity and Independence of the 2020 U.S. Presidential Election and Beyond.” Stanford University, June 2019, cs.brown.edu/courses/csci1800/sources/2019_06_06_Stanford_SecuringAmericanElections.pdf. Accessed 26 May 2020. Mook, Robby, Matt Rhoades, and Eric Rosenbach. The State and Local Election Cybersecurity Playbook. The Belfer Center, Feb. 2018, www.belfercenter.org/publication/state-and-local-election-cybersecurity-playbook#voterreg. Accessed 26 May 2020.

  46. McCadney, Andrea, Elizabeth Howard, and Lawrence Norden. “Voting Machine Security: Where We Stand Six Months Before the New Hampshire Primary.” The Brennan Center, 13 Aug. 2019, www.brennancenter.org/our-work/analysis-opinion/voting-machine-security-where-we-stand-six-months-new-hampshire-primary. Accessed 26 May 2020.

  47. McCadney, Andrea, Elizabeth Howard, and Lawrence Norden. “Voting Machine Security: Where We Stand Six Months Before the New Hampshire Primary.” The Brennan Center, 13 Aug. 2019, www.brennancenter.org/our-work/analysis-opinion/voting-machine-security-where-we-stand-six-months-new-hampshire-primary. Accessed 26 May 2020.

  48. United States, House Appropriations Committee. “H.R.6800 – The Heroes Act.” 116th Congress, www.congress.gov/bill/116th-congress/house-bill/6800. Accessed 30 Aug. 2020.

  49. Zetter, Kim. “How Close Did Russia Really Come to Hacking the 2016 Election?” Politico, 26 Dec. 2019, www.politico.com/news/magazine/2019/12/26/did-russia-really-hack-2016-election-088171. Accessed 26 May 2020.

  50. Tucker, Eric. “US: Russia could try to covertly advise candidates in 2020.” AP News, 4 May 2020, apnews.com/8e96b52c88d836a15f5668d8ba57b5f3. Accessed 26 May 2020.

  51. Pathe, Simone. “DCCC again asks NRCC to pledge not to use hacked materials.” Roll Call, 25 Oct. 2019, www.rollcall.com/2019/10/25/dccc-again-asks-nrcc-to-pledge-not-to-use-hacked-materials/. Accessed 26 May 2020.

  52. The current version of the Intelligence Authorization Act for Fiscal Year 2021 includes this provision. United States, Congress, Senate. “S.3905 - Intelligence Authorization Act for Fiscal Year 2021.” 116th Congress, 08 June 2020, www.congress.gov/bill/116th-congress/senate-bill/3905/text. Accessed 7 Jul 2020.

  53. McFaul, Michael. “SECURING AMERICAN ELECTIONS: Prescriptions for Enhancing the Integrity and Independence of the 2020 U.S. Presidential Election and Beyond.” Stanford University, June 2019, cs.brown.edu/courses/csci1800/sources/2019_06_06_Stanford_SecuringAmericanElections.pdf. Accessed 26 May 2020.

  54. United States, House of Representatives. “Hearing: Emerging Trends in Online Foreign Influence Operations: Social Media, COVID-19, and Election Security.” Permanent Select Committee on Intelligence, 18 June 2020, docs.house.gov/Committee/Calendar/ByEvent.aspx?EventID=110805. Accessed 30 Aug. 2020.

  55. United States, House Foreign Affairs Committee. “H.R.739 – Cyber Diplomacy Act of 2019.” 116th Congress, www.congress.gov/bill/116th-congress/house-bill/739/text. Accessed 30 Aug. 2020.

  56. United States, House Foreign Affairs Committee. “H.R.739 – Cyber Diplomacy Act of 2019.” 116th Congress, www.congress.gov/bill/116th-congress/house-bill/739/text. Accessed 30 Aug. 2020.; “Report.” Cyberspace Solarium Commission, Mar. 2020, www.solarium.gov/report, pp. 46-50. Accessed 16 June 2020.

  57. “Himes Calls on State Department to Advance International Cyber Norms.” Press Release, Office of Congressman Jim Himes, 6 Feb. 2020, himes.house.gov/media-center/press-releases/himes-calls-state-department-advance-international-cyber-norms. Accessed 16 June 2020.

  58. Peters, Allison and Anisha Hindocha. “US Global Cybercrime Cooperation: A Brief Explainer.” Third Way. 26 June 2020, www.thirdway.org/memo/us-global-cybercrime-cooperation-a-brief-explainer. Accessed 7 July 2020.

  59. Peters, Allison and Amy Jordan. Countering the Cyber Enforcement Gap: Strengthening Global Capacity on Cybercrime. Third Way, 2 Oct. 2019, www.thirdway.org/report/countering-the-cyber-enforcement-gap-strengthening-global-capacity-on-cybercrime. Accessed 30 Aug. 2020. “Engel & McCaul Call For Review of U.S. Efforts To Combat Cybercrime.” Press Release, U.S. House of Representatives Committee on Foreign Affairs, 20 June 2019, foreignaffairs.house.gov/2019/6/engel-mccaul-call-for-review-of-u-s-efforts-to-combat-cybercrime. Accessed 30 Aug. 2020.