CIA, CIA Officer, Intelligence, national security, Russia, Spy — July 29, 2020 at 12:06 am

Disinformation and the Case for a Well-Regulated Cyber Militia


As experts contemplate how to address the serious risk to national security posed by disinformation, there is consensus among many for better expert coordination, better communication and better education as our best options for addressing the issue. Some are arguing for a centralized government office to help direct it all.

Still others, like former CIA Officers Stephanie Hartwell and Steven Hall, aren’t looking to government to do more, but are instead urging us to look to other countries that are having greater success managing the threat and mobilizing their citizens to help.

“A well-regulated militia, being necessary to the security of a free state…..”  – excerpt from the Second Amendment to the Constitution of the United States

Disinformation and the Case for a Well-Regulated Cyber Militia

Estonia is located right next door to Russia, a geographic reality which over the years, has proven challenging for the small Baltic country.  The experience of having been invaded by the Soviet Union in 1940, and then subsequently, occupied for almost 50 years, has provided Estonia a degree of focus that we, in the United States, lack.  The Estonians have long understood that living in the shadow of the much larger Russian bear, means that each and every one of their citizens needs to do their part to protect themselves from Moscow’s attacks, whatever form those attacks might take.  Estonians understand it is not just about their government or their military.  It’s about each and every one of them.

Contrast this with the situation in the United States.  As of now, the probability of an actual physical invasion by Russia using conventional or even nuclear forces is highly unlikely.  While the United States has more and much larger hard power, like Estonia, America has been subjected to withering attacks from Russia using the most virulent form of soft power, cyberattacks and information warfare.  Yet, Vladimir Putin has been more successful at damaging our country using information warfare than he has against Estonia, a country which is both much closer to Russia and much smaller than America.

How is this possible?  Why has the United States, with a huge military budget (one that includes funding for both offensive and defensive cyber capabilities) failed to stop or even meaningfully address Russian disinformation attacks – attacks that for the most part weaponized social media run by American companies?  Perhaps it is American diversity, or our individualism, or maybe multiple generations who have not broadly experienced war that has made us complacent, even doubtful, of the extent and danger of Russian aggression.  It is, whatever the reason, remarkable.
After its independence following the dissolution of the USSR in 1991, Estonia established itself as a Western-leaning democracy, and elected American-educated Toomas Ilves as its president.  Ilves was president in 2007, when the Russians launched a large-scale cyberattack against Estonia, damaging its infrastructure from news outlets to its financial system. The attack was Russian retaliation for the removal of a Russian statue from Tallinn, Estonia’s capital, venerating the Soviet Union’s contributions during World War II.  Part of the Soviet “contribution” was the annexation of Estonia into the USSR, so Estonia’s desire to remove the statue is understandable.  And while the Russian outcry in response to the statue incident was predictable, the use of a cyberattack was not. The 2007 Russian attack was the first time Moscow truly flexed its cyber muscle as a means to achieving a geopolitical goal.  Since 2007, Western democracies from Germany to France to America have all experienced the results of Russia’s new-found cyber capability.

Estonia, perhaps more than any other country, learned from the experience, and has steeled itself against further online Russian attacks by creating a modern-day force of Estonian volunteers to fight back against its much larger neighbour.  Their goal: to find, fix, and finish Russian cyber warfare aggression against their country.  They are real patriots, citizens who do more than stand at a ball game while the flag is raised, hands over hearts.  The group Estonia has formed to defend itself against Russian cyber aggression is comprised of Estonian citizens taking civic action on behalf of their country, assisted and orchestrated by a website called

Think of it.  A country a fraction of the size of the United States, with a fraction of our resources, is successfully and unambiguously standing up to the threat of Russian cyber aggression.  Sound inspiring?  To all Americans, regardless of political bent, it certainly should.  Why can’t we do the same?

Government Can’t Do it for Us
It is of course tempting to say, “Well, protecting us against Russia and other foreign adversaries is up to the government.  That’s why we have Cyber Command, NSA, and CIA.  That’s why we have the military. That’s why we pay taxes.”  But the cyber threats posed by Russia cannot be entirely or even significantly neutralized by the federal government.  The US military and intelligence agencies, when focused as they were designed to be, on external threats like Russia and China, have significant capabilities.  But those capabilities are much more limited when looking inward toward the homeland, and for good reason.

There are legal constraints that properly protect the notions we value in democracies, such as freedom of speech and privacy rights.  Most Americans are uncomfortable when they see US forces marching down the streets – and that is a good thing, a healthy sign in our democracy.  American civil liberties pose less trouble when the US military or intelligence services are operating on a foreign battlefield.  But Russia has brought the cyber fight to America, into our living rooms and onto our kitchen tables, often using servers owned by American companies and located on US soil.  We cannot rely solely on our naturally outward-facing intelligence services and military to rally Americans to mount a successful counterattack against the Russians or our other adversaries.  It may cause them to think twice, but in the end, it will not stop them.

KGB tactics and the Reagan response
The modern-day version of the Soviet KGB – Russian intelligence services such as the SVR, the FSB, and the GRU – regard on-line disinformation campaigns as a critical component of hybrid warfare against the United States.  Russia understands it would lose a conventional war against the US or any of our NATO allies.  And yet, as part of his geopolitical goal to make Russia a world power again, Putin seeks to weaken democracies worldwide, especially the US.  The Internet is the only place where the Russians can match American strength, and they do so by striking at wedge issues that already divide us, weakening us from within.  While Russia has used information operations against the West for years, Putin must be shocked at his good fortune these days: America is more divided right now than any time in either of the authors’ lifetimes.

The best historical example of the insidious nature of Russian disinformation is the long debunked but often regurgitated AIDS propaganda story planted by the Russians in the 1980’s, now known as Operation Infektion.  As part of this operation (conducted decades before the Internet became widely available), the Soviets disseminated various versions of the genesis of HIV, the virus causing AIDS.  Moscow had the world believing that the disease originated inside the US government (either in the Department of Defense or the CIA) as part of a biological warfare plan.  There was also an African angle – Soviet propagandists claimed falsely that the CDC sent doctors to Africa to find an infectious disease so that America could horrifically weaponize it.  Not unlike the racial undertones used when describing COVID-19 as “The Chinese virus” or “The Wuhan virus,” the Moscow-based AIDS fiction picked, and continues to pick, at the open wound of racism that has plagued America for hundreds of years.  When Moscow’s involvement in the AIDS story became clear, we had a president willing to strike back at the Russian aggression.  Ronald Reagan created a task force that painstakingly traced the bogus AIDS story back to the KGB.  Reagan himself delivered the findings to Gorbachev, eliciting an apology from the Russian President.

Fast forward to 2016, when Moscow authored another information attack against the United States using social media.  This time around, Russia created opposing Facebook pages, one called “Heart of Texas,”  a right-wing entity which among other things, espoused Texas secession, and another entitled “United Muslims of America.”  Both of these purported to be based in the United States and run by Americans.  Moscow, via these bogus electronic pages, organized rallies at the same time and place in Houston:  one (by the United Muslims group) supporting a better understanding of Islam of Texas, and the other (by the Heart of Texas group) violently opposed to it.  The goal in getting the groups together was to provoke violence and amplify dissention.  The Russian intelligence services had little trouble getting Americans to take to the streets against one another.  And all of it was accomplished remotely, from the safety of far-away Russia.

Fast forward again to June 2020.  A left-leaning activist named Adam Rahuba, using a FaceBook page called LeftBehindUSA, urged progressives to protest at the civil war battlefield at Gettysburg.  Predictably, this caused right-wing activists who were worried about the removal of Confederate statues and symbols to descend upon Gettysburg, so as to protect the site from supposed Antifa atrocities, such as flag burning and grave desecration. On cue, a group of angry and heavily-armed individuals, many bearing confederate flags, arrived at Gettysburg to defend Union army graves from, well, nothing.  Rahuba had fabricated the event, with the goal of embarrassing right-wing activists.

This should be a lesson to both sides of the political spectrum: we all need to be on the lookout for social media-based influence operations.  A well-regulated cyber militia would benefit all Americans from attackers, both foreign and domestic.

A Well-Regulated Cyber Militia
It is clear that Russia (as well as other adversaries) have launched a new wave of information attacks and hybrid warfare against us.  We have also posited that the tools of the federal government, such as the military and intelligence agencies, are best suited to the foreign battlefield.  What is required, therefore, is for the American citizenry to take the protection of our democracy directly into our own hands.  This is in the American DNA, going back as far as the Revolutionary War.  What we need is a well-regulated cyber militia, necessary to the security of a free State.

What exactly do we mean?  First, all Americans, regardless of political bent, should understand that they are really the front line of cyber defense.  The Russians and other adversaries (China, Iran, North Korea) are targeting society using social media, so we as members of that society must educate ourselves in order to defend the country.  Those of us who regularly use social media must understand how we are being targeted.  Is there a meme or an article or a feed which enrages (or delights) you?  Take two minutes to research it before you amplify it.  Does a Facebook page contain highly-partisan content but remarkably bad grammar?  Perhaps it is run by foreigners who seek to damage America.  Take five minutes and research it.  Does a Twitter account sport a photo of an attractive young woman, downloaded from elsewhere on the Internet?  Perhaps it is a fake account.  Dig into it. Expose it.

How Can an Average Citizen Research such Information?
Let’s look again to Estonia, whose citizens have essentially deputized themselves to fight online for their country.  The Estonian site is worth taking a look at.  On Propastop, Estonian cyber militia warriors find tools needed to spot and stop the Russians.  The American version should be simple and direct: daily identification of disinformation, a tutorial on how to spot and debunk Russian information operations, and maybe a weekly award for valor in preserving democracy.  There are other mechanisms that also could be included on the American version of such a site, and undoubtedly it would evolve as new threats emerged.  The bottom line is it would go a long way toward getting America where it needs to be if we hope to fight Russia and other adversaries at the best level – the grassroots level.

The American platforms that Russia weaponizes (Facebook, Twitter, Instagram, and so forth) should sponsor and actively support this cyber defense.  Large American companies protecting American national interests is also in our DNA.  During World War II, American industry directly supported the war effort.  During the Cold War, American technology companies worked with the US Government in the face of worldwide Soviet aggression.  It should be no different today. Each social media platform should help develop and prominently display a link to the American version of Estonia’s Propastop.  At the very least, actions like these might help tech companies avert the government regulation they seek to avoid.

It will take all the ingenuity and steadfastness of Americans to beat back the Russians and out other cyber adversaries.  But what better patriotic undertaking, both for the American social media platforms that financially flourish in our free society, and for American citizens, whose militias helped shake off our British overlords in the 1700s.  Our founding fathers strongly supported the formation of militias and deemed them necessary to win our independence from tyranny.  And while the founders could not have imagined cyberattacks, much less cyber militias, we cannot help but think they would support the idea.  This is the 21st century call to arms to protect what Lincoln instructed at Gettysburg:  that a government of the people, by the people, and for the people, shall not perish from the earth.

The post Disinformation and the Case for a Well-Regulated Cyber Militia appeared first on The Cipher Brief.

Stephanie Hartell, Former Group Chief, CIA
Stephanie Hartell is former Group Chief of CIA’s Counterterrorism Center’s Technical Targeting, one of CIA’s largest technical collection programs. Hartell also managed CI programs for several field locations in Southeast Asia and for CIA’s Counterproliferation Division.


  • Steven L. Hall

    Steven L. Hall, Former Member, CIA’s Senior Intelligence Service Cipher Brief Expert Steven L. Hall retired from the CIA in 2015 after 30 years of running and managing intelligence operations in Eurasia and Latin America. Most of Hall’s career was spent abroad, overseeing intelligence operations in the countries of the former Soviet Union and the former Warsaw Pact.

    View all posts

Comments are closed.