ArchiveCyberOODA OriginalPolitical Risk

Russia 2020 – What Will Putin Do Next?

With the 2018 midterm elections completed an appropriate level of focus is required to think through “What’s next?” from and adversarial perspective.  While it is highly unlikely that Russia sits this one out, it is as equally unlikely that the next series of influence operations will look like the previous ones in 2016.  How will Russian strategies of “reflexive control” and “hybrid warfare” impact the United States and other nations going forward?

Proactively thinking about adversary innovation needs to be a critical part of our cyber defense strategy, not just within the U.S. government but in private industry as well.  Here is our informal take on some of the threat trends we will be confronting over the next two years.

The 2020 Elections

We are operating on the assumption that Russia seeks to erode our trust in the institution of elections and not elect a particular candidate.  Eroding trust in elections shakes the foundation of democracy and creates much discontent within internal U.S. politics which distracts us from global affairs contributes to a less robust foreign policy posture.

Due to this, it is safe to expect a shift in the strategy, tactics, and focus of activities targeting the 2020 elections.  Creating a situation in which the integrity of the elections is questioned by a large segment of the voting population requires some pre-poisoning of the information well.  For example, a successful influence campaign might:

Highlight voter registry issues and the integrity of voting process.  Amplifying, or even falsifying, voter registration controversies plays well to re-enforce conceptions of unfair elections or a party “cheating” to get ahead.  

Hack the vote.  To decrease confidence in electronic voting watch for influence campaigns focusing on the insecurity of electronic voting machines and other election infrastructure.  We could also see non-persistent compromise of the devices to create “real news” stories that can be amplified in a variety of contexts.

Close race engagement.  While it is highly likely we’ll see a continuation of the operations designed to invoke hostility over key societal issues we could also see direct engagement to amplify localized races in swing or tight districts.  The closer the race, the more susceptible the population is to engagement over voter registry and other vote integrity issues.

Ghosts in the closet.  The past year has provided ample exemplars for issues that are likely to invoke polarized responses and will be utilized in influence operations. For example on the Southern border; the need for a border wall (or not), the risks of immigrant caravans, the (un)necessary deployment of military personal, the invocation of a national border emergency, and crimes committed by illegal immigrants and transnational gangs.

Disruption of Social Integrity

Moving beyond the elections, it is important to think through the strategic objective inherently present in the targeting of trust in society.  What other types of targets are valuable in eroding trust and disrupting social integrity?

Death and taxes.  Focused attacks that bring into question the integrity of IRS systems would be incredibly disruptive and could also result in the leakage of personal identifying information.

Market dynamics.  Outside the electric power grid, attacks that impact the credibility of markets and financial institutions are likely to cause disproportionate outcomes.  While direct compromise is always a potential attack vector, it is important to note that public markets could be impacted by influence operations targeting algorithmic trading platforms or public sentiment.

Potholes and Post Offices.  Government services including social, health, and security services are all potential targets to instill fear and discontent regarding the government’s ability to provide essential services.

Mueller P.I. There is likely to be a large quantity of influence memetics designed around the process and findings of the Mueller investigation.

The truth is out there.  In a world of high volume content we’ll see a vast increase in the noise in the signal to obfuscate truths, reinforce pre-conceptions, and create confusion and chaos that results in filter failure for citizens.  There will be dozens of variations of the truth around most issues, an increased propagation of fake news, misleading memes, and a plethora of new domains and information sources all with varying levels of reliability.

Follow the influencers.  While Twitter and Facebook captured the imagination and budget for the previous round of information operations, we should be prepared for a migration to other platforms and tactics.  Namely, LinkedIn and Instagram provide viable options for enhancing certain messages. As social media platforms bolt on protections for their native advertising infrastructure we will also see an expansion into traditional advertising and content sharing networks and direct messaging/email campaigns.

Puppetmasters.  While there was a tremendous amount of focus on creating false personas and amplifying messaging through sheer volume, we should expect a shift that supports real personalities and genuine identities.  The sponsor that emboldens a new podcast or web site will have more influence than the fake Twitter accounts and this content tied to real identities supporting a particular agenda can be broadly shared.  Rather than a Twitter shotgun approach we will see one that looks more like death by a thousand InfoWars.

Black is the new mail. The same bullying and compromising tactics we see used in the social grid are being perfected by unscrupulous businesses and countries. Some nations have been inspired to buy influence with think tanks and sponsor media in ways that help mitigate bad press. It appears that the firm that owns the National Enquirer has attempted to blackmail Jeff Bezos. It is not a huge leap to assess that the old school Russian espionage recruitment tactics that have served them so well in the past have also moved into cyberspace. We assess that kompromat (compromising material) will be increasingly leveraged against U.S. businessmen, politicians, and other influencers.

The Tech Race.  A great technological race is underway today. Initiatives in the domains of cloud computing, cyber warfare, digitization and artificial intelligence have the potential to shift the geopolitical balance of power. All indications are that Russia will continue to pursue actions meant to give them strategic advantage in these domains. This includes attempts to slow our use of these technologies. Expect Russian actions to sow seeds of distrust in ways that will delay and disrupt the use of these technologies, especially by the U.S. national security community.

Take Aways

Don’t fight the last war.  While it is important to develop technology, processes, and approaches to solve existing problems, organizations must look to the future and anticipate adversary innovation as part of their solution roadmap. A useful model for predicting adversary innovation is our HACKthink approach. 

Organizations must build adaptable models for detecting influence operations.  This may require unique networked approaches to curation and content integrity scoring that rely less on machine learning and more on observed behavior and reliability scoring for questionable content reporting.

We need to build additional trust and resiliency into our critical infrastructures like the election system, government, and financial services and our resiliency models need to account for influence operations and not just direct hacking attacks.

Businesses can help inoculate leadership and employees to the impact of Russian influence operations by training on critical thinking and policies which give individuals a way to check facts and opinions via internal means vice relying on untrusted sources.

Businesses should include influence operations scenarios in tabletop incident response exercises and advanced read teaming assessments (for more on these see

Interested in learning more about the Russian Threat?  Please visit our Russian Threat Report.

Matt Devost

Matt Devost

Matthew G. Devost is the CEO & Co-Founder of OODA LLC. Matt is a technologist, entrepreneur, and international security expert specializing in counterterrorism, critical infrastructure protection, intelligence, risk management and cyber-security issues. Matt co-founded the cyber security consultancy FusionX from 2010-2017. Matt was President & CEO of the Terrorism Research Center/Total Intel from 1996-2009. For a full bio, please see