Deputy Attorney General Rod J. Rosenstein Delivers Remarks at the Aspen Security Forum Aspen, CO

It is a privilege to join you this afternoon at one of the world’s premier security conferences.

We meet at a fraught moment. For too long, along with other nations, we enjoyed the extraordinary benefits of modern technology without adequately preparing for its considerable risks. Director of National Intelligence Dan Coats elevated the alarm last week, when he stated that “the digital infrastructure that serves this country is literally under attack.” That is one of the rare instances when the word literally is used literally.

Our adversaries are developing cyber tools not only to steal our secrets and mislead our citizens, but also to disable our infrastructure by gaining control of computer networks.

Every day, malicious cyber actors infiltrate computers and accounts of individual citizens, businesses, the military, and all levels of government. Director Coats revealed that our adversaries “target[] government and businesses in the energy, nuclear, water, aviation and critical manufacturing sectors.” They cause billions of dollars in losses, preposition cyber tools they could use for future attacks, and try to degrade our political system. So combating cybercrime and cyber-enabled threats to national security is a top priority of the Department of Justice.

Attorney General Jeff Sessions established a Cyber-Digital Task Force in February to consider two questions: What are we doing now to address cyber threats?  And how can we do better?

Today, the Department of Justice is releasing a report that responds to the first question, providing a detailed assessment of the cyber threats confronting America and the Department’s efforts to combat them.

The Task Force report addresses a wide range of issues, including how to define the multi-faceted challenges of cyber-enabled crime; develop strategies to detect, deter and disrupt threats; inform victims and the public about dangers; and maintain a skilled workforce.

The report describes six categories of cyber threats, and explains how the Department of Justice is working to combat them.

One serious type of threat involves direct damage to computer systems, such as Distributed Denial of Service attacks and ransomware schemes.

Another category is data theft, which includes stealing personally identifiable information and intellectual property.

The third category encompasses cyber-enabled fraud schemes.

A fourth category includes threats to personal privacy, such as sextortion and other forms of blackmail and harassment.

Attacks on critical infrastructure constitute the fifth category. They include infiltrating energy systems, transportation systems, and telecommunications networks.

Each of those complex and evolving threats is serious, and the report details the important work that the Department of Justice is doing to protect America from them. 

I plan to focus today on a sixth category of cyber-enabled threats: malign foreign influence operations, described in chapter one of the task force report.

The term “malign foreign influence operations” refers to actions undertaken by a foreign government, often covertly, to influence people’s opinions and advance the foreign nation’s strategic objectives. The goals frequently include creating and exacerbating social divisions and undermining confidence in democratic institutions.

Influence operations are a form of information warfare. Covert propaganda and disinformation are among the primary weapons.

The Russian effort to influence the 2016 presidential election is just one tree in a growing forest. Focusing merely on a single election misses the point. As Director Coats made clear, “these actions are persistent, they are pervasive, and they are meant to undermine America’s democracy on a daily basis, regardless of whether it is election time or not.”

Russian intelligence officers did not stumble onto the ideas of hacking American computers and posting misleading messages because they had a free afternoon.  It is what they do every day.

This is not a new phenomenon. Throughout the twentieth century, the Soviet Union used malign influence operations against the United States and many other countries.  In 1963, for example, the KGB paid an American to distribute a book claiming that the FBI and the CIA assassinated President Kennedy.

In 1980, the KGB fabricated and distributed a fake document claiming that there was a National Security Council strategy to prevent black political activists from working with African leaders.

During the Reagan Administration, the KGB spread fake stories that the Pentagon developed the AIDS virus as part of a biological weapons research program.

As Jonathan Swift wrote in 1710, “Falsehood flies, and the Truth comes limping after it.”

The Reagan Administration confronted the problem head on.  It established an interagency committee called “the Active Measures Working Group” to counter Soviet disinformation.  The group exposed Soviet forgeries and other propaganda.

Modern technology vastly expands the speed and effectiveness of disinformation campaigns.  The Internet and social media platforms allow foreign agents to spread misleading political messages while masquerading as Americans.

Homeland Security Secretary Kirstjen Nielsen explained last weekend that our adversaries “us[e] social media, sympathetic spokespeople and other fronts to sow discord and divisiveness amongst the American people.”

Elections provide an attractive opportunity for foreign influence campaigns to undermine our political processes.  According to the intelligence community assessment, foreign interference in the 2016 election “demonstrated a significant escalation in directness, level of activity, and scope of effort compared to previous operations.”

The Department’s Cyber-Digital Task Force report contributes to our understanding by identifying five different types of malign foreign influence operations that target our political processes.

First, malicious cyber actors can target election infrastructure by trying to hack voter registration databases and vote-tallying systems.  In 2016, foreign cyber intruders targeted election-related networks in as many as 21 states. There is no evidence that any foreign government ever succeeded in changing votes, but the risk is real.  Moreover, even the possibility that manipulation may occur can cause citizens to question the integrity of elections.

Second, cyber operations can target political organizations, campaigns, and public officials.  Foreign actors can steal private information through hacking, then publish it online to damage a candidate, campaign, or political party.  They can even alter that stolen information to promote their desired narrative.

Russia’s intelligence services conducted cyber operations against both major U.S. political parties in 2016, and the recent indictment of Russian intelligence officers alleges a systematic effort to leak stolen campaign information.

The third category of malign influence operations affecting elections involves offers to assist political campaigns or public officials by agents who conceal their connection to a foreign government. Such operations may entail financial and logistical support to unwitting Americans.

Fourth, adversaries covertly use disinformation and other propaganda to influence American public opinion.  Foreign trolls spread false stories online about candidates and issues, amplify divisive political messages to make them appear more pervasive and credible, and try to pit groups against each other.  They may also try to affect voter behavior by triggering protests or depressing voter turnout.

Finally, foreign governments use overt influence efforts, such as government-controlled media outlets and paid lobbyists. Those tactics may be employed lawfully if the foreign agents comply with registration requirements. But people should be aware when lobbyists or media outlets are working for a foreign government so they can evaluate the source’s credibility. Particularly when respected figures argue in favor of foreign interests, it may matter to know that they are taking guidance from a foreign nation.

The election-interference charges filed in February demonstrate how easily human “trolls” distribute propaganda and disinformation. A Russian man recently admitted to a reporter that he worked with the trolls, in a separate department creating fake news for his own country. He “felt like a character in the book ‘1984’ by George Orwell – a place where you have to write that white is black and black is white.… [Y]ou were in some kind of factory that turned lying ... into an industrial assembly line. The volumes were colossal – there were huge numbers of people, 300 to 400, and they were all writing absolute untruths.”

When the man took a test for a promotion to the department working to fool Americans, he explained, “The main thing was showing that you are able to … represent yourself as an American.”

The former troll believes that Russian audiences pay no attention to fake internet comments. But he has a different opinion about Americans. He thinks that we can be deceived, because Americans “aren’t used to this kind of trickery.”

That remark is sort of a compliment. In repressive regimes, people always assume that the government controls media outlets. We live in a country that allows free speech, so people are accustomed to taking it seriously when other citizens express their opinions.  But not everyone realizes that information posted on the Internet may not even come from citizens.

Moreover, Internet comments may not even come from human beings. Automated bots magnify the impact of propaganda. Using software to mimic actions by human users, bots can   circulate messages automatically, creating the appearance that thousands of people are reading and forwarding information. Together, bots and networks of paid trolls operating multiple accounts allow foreign agents to quickly spread disinformation and create the false impression that it is widely accepted.

The United States is not alone in confronting malign foreign influence. Russia reportedly conducted a hack-and-release campaign against President Macron during last year’s French elections, and instituted similar operations against political candidates in other European democracies. Other foreign nations also engage in malign influence activities.

So what can we do to defend our values in the face of foreign efforts to influence elections, weaken the social fabric, and turn Americans against each other? Like terrorism and other national security threats, the malign foreign influence threat requires a unified, strategic approach across all government agencies. The Departments of Justice, Homeland Security, State, Defense, Treasury, Intelligence agencies, and others play important roles.

Other sectors of society also need to do their part. State and local governments must secure their election infrastructure. Technology companies need to prevent misuse of their platforms.  Public officials, campaigns, and other potential victims need to study the threats and protect themselves and their networks.  And citizens need to understand the playing field.

The Department of Justice investigates and prosecutes malign foreign influence activity that violates federal criminal law.  Some critics argue against prosecuting people who live in foreign nations that are unlikely to extradite their citizens. That is a shortsighted view.

For one thing, the defendants may someday face trial, if there is a change in their government or if they visit any nation that cooperates with America in enforcing the rule of law. Modern forms of travel and communication readily allow criminals to cross national boundaries. Do not underestimate the long arm of American law – or the persistence of American law enforcement. People who thought they were safely under the protection of foreign governments when they committed crimes against America sometimes later find themselves in federal prisons.

Second, public indictments achieve specific deterrence by impeding the defendants from traveling to rule-of-law nations and raising the risk they will be held accountable for future cybercrime.  Wanted criminals are less attractive co-conspirators.

Third, demonstrating our ability to detect and publicly charge hackers will deter some others from engaging in similar conduct.

Fourth, federal indictments are taken seriously by the public and the international community, where respect for our criminal justice system – including an understanding of the presumption of innocence and the standard of proof beyond a reasonable doubt – means that our willingness to present evidence to a grand jury and ultimately at trial elicits a high degree of confidence in our allegations.

Fifth, victims deserve vindication, particularly when they are harmed by criminal acts that would be prosecuted if the perpetrator were located in the United States.

Sixth, federal criminal investigations support other penalties for malign foreign influence operations. For example, the Department of the Treasury can impose financial sanctions on defendants based on evidence exposed in indictments. Voters in foreign democracies, and influential citizens in autocratic regimes, can consider the allegations in making their own decisions about national leadership and foreign alliances.

The Department of the Treasury imposed sanctions on the individuals and entities identified in the February election-interference indictment, along with others engaged in malign activities. Nineteen individuals and five entities are subject to sanctions that freeze assets under American jurisdiction. Even if they are never brought to court, they will face consequences.

The sanctions forbid those individuals and entities from engaging in transactions with Americans and using the American financial system. The Administration followed up with similar financial sanctions for a broader range of malign activities against seven oligarchs, 12 companies, 17 Russian government officials, and two other entities.

Prosecutions are one useful tool to help deter modern criminals who remain beyond our shores. The same approach applies outside the context of crimes committed to influence elections. That is why our government regularly files charges against criminals who hide overseas, such as Iranian government hackers who broke into computer networks of a dam; Iranian hackers who infiltrated American universities, businesses and government agencies for the Islamic Revolutionary Guard Corps; an Iranian hacker who infiltrated and extorted a television network; Chinese government hackers who committed economic espionage; and Russian intelligence officers who stole data from an email service provider.

Intelligence assessments and criminal indictments are based on evidence.  They do not reflect mere guesses. Intelligence assessments include analytical judgments based on classified information that cannot be disclosed because the evidence is from sources — people who will be unable to help in the future if they are identified and might be harmed in retaliation for helping America  — and methods — techniques that would be worthless if our adversaries knew how we obtained the evidence.  Indictments are based on credible evidence that the government must be prepared to introduce in court if necessary.

Some people may believe they can operate anonymously on the Internet, but cybercrime generally creates electronic trails that lead to the perpetrators.

Gathering intelligence about adversaries who threaten our way of life is a noble task. Outside the Department of Justice headquarters stands a statue of Nathan Hale. Hale was executed immediately, without a trial, after he was caught gathering intelligence for America during the Revolutionary War. His final words are recorded as follows: “I am so satisfied with the cause in which I have engaged, that my only regret is that I have but one life to offer in its service.”

The days when foreign criminals could cause harm inside America from remote locations without fear of consequences are past. If hostile governments choose to give sanctuary to perpetrators of malicious cybercrimes after we identify them, those governments will need to take responsibility for the crimes, and individual perpetrators will need to consider the personal cost.

But criminal prosecutions and financial sanctions are not a complete solution. We need to take other steps to prevent malicious behavior.

To protect elections, the first priority is to harden our infrastructure.  State governments run American elections and are responsible for maintaining cybersecurity, but they need federal help.  The Department of Homeland Security takes the lead in helping to protect voting infrastructure, and the FBI leads federal investigations of intrusions.

The FBI works closely with DHS to inform election administrators about threats.  DHS and the FBI provide briefings to election officials from all fifty states about our foreign adversaries’ intentions and capabilities.

We also seek to protect political organizations, campaigns, candidates, and public officials. The FBI alerts potential victims about malicious cyber activities and helps them respond to intrusions.  It shares detailed information about threats and vulnerabilities.

To combat covert foreign influence on public policy, we enforce federal laws that require foreign agents to register with the U.S. government. Those laws prohibit foreign nationals from tricking unwitting Americans while concealing that they are following orders from foreign government handlers.  The Department of Justice is stepping up enforcement of the Foreign Agents Registration Act and related laws, and providing defensive counterintelligence briefings to local, state, and federal leaders and candidates.

Public attribution of foreign influence operations can help to counter and mitigate the harm caused by foreign government-sponsored disinformation. When people are aware of the true sponsor, they can make better-informed decisions.

We also help technology companies to counter covert foreign influence efforts.  The FBI works with partners in the Intelligence Community to identify foreign agents as they establish their digital infrastructure and develop their online presence.  The FBI helps technology companies disrupt foreign influence operations, by identifying foreign agents’ activities so companies may consider the voluntary removal of accounts and content that violate terms of service and deceive customers.

Technology companies bear primary responsibility for securing their products, platforms, and services from misuse.  Many are now taking greater responsibility for self-policing, including by removing fake accounts. We encourage them to make it a priority to combat efforts to use their facilities for illegal schemes.

Even as we enhance our efforts to combat existing forms of malign influence, the danger continues to grow. Advancing technology may enable adversaries to create propaganda in new and unforeseen ways. Our government must continue to identify and counter them.

Exposing schemes to the public is an important way to neutralize them. The American people have a right to know if foreign governments are targeting them with propaganda.

In some cases, our ability to expose foreign influence operations may be limited by our obligation to protect intelligence sources and methods, and defend the integrity of investigations.

Moreover, we should not publicly attribute activity to a source unless we possess high confidence that foreign agents are responsible. We also do not want to unduly amplify an adversary’s messages, or impose additional harm on victims.

In all cases, partisan political considerations must play no role in our efforts. We cannot seek to benefit or harm any lawful group, individual or organization. Our government does not take any official position on what people should believe or how they should vote, but it can and should protect them from fraud and deception perpetrated by foreign agents.

Unfettered speech about political issues lies at the heart of our Constitution. It is not the government’s job to determine whether political opinions are right or wrong.

But that does not leave the government powerless to address the national security danger when a foreign government engages in covert information warfare. The First Amendment does not preclude us from publicly identifying and countering foreign government-sponsored propaganda.

It is not always easy to balance the many competing concerns in deciding whether, when, and how the government should disclose information about deceptive foreign activities relevant to elections. The challenge calls for the application of neutral principles.

The Cyber-Digital Task Force Report identifies factors the Department of Justice should consider in determining whether to disclose foreign influence operations. The policy reflects an effort to articulate neutral principles so that when the issue the government confronted in 2016 arises again – as it surely will – there will be a framework to address it.

Meanwhile, the FBI’s operational Foreign Influence Task Force coordinates investigations of foreign influence campaigns.  That task force integrates the FBI’s cyber, counterintelligence, counterterrorism, and criminal law enforcement resources to ensure that we understand threats and respond appropriately. The FBI task force works with other federal agencies, state and local authorities, international partners, and the private sector.

Before I conclude, I want to emphasize that covert propaganda disseminated by foreign adversaries is fundamentally different from domestic partisan wrangling. As Senator Margaret Chase Smith proclaimed in her 1950 declaration of conscience, we must address foreign national security threats “patriotically as Americans,” and not “politically as Republicans and Democrats.”

President Reagan’s Under Secretary of State, Lawrence Eagleburger, wrote about Soviet active measures in 1983. He said that “it is as unwise to ignore the threat as it is to become obsessed with the myth of a super Soviet conspiracy manipulating our essential political processes.” He maintained that free societies must expose disinformation on a “persistent and continuing” basis.

Over the past year, Congress passed three statutes encouraging the Executive Branch to investigate, expose, and counter malign foreign influence operations. Publicly exposing such activities has long been a feature of U.S. law.  The Foreign Agents Registration Act, which Congress enacted in 1938 to deter Nazi propagandists, mandates that the American public know when foreign governments seek to influence them.

Knowledge is power. In 1910, Theodore Roosevelt delivered a timeless speech about the duties of citizenship. It is best known for the remark that “it is not the critic who counts.” But Roosevelt’s most insightful observation is that the success or failure of a republic depends on the character of the average citizen. It is up to individual citizens to consider the source and evaluate the credibility of information when they decide what to believe.

Heated debates and passionate disagreements about public policy and political leadership are essential to democracy. We resolve those disagreements at the ballot box, and then we keep moving forward to future elections that reflect the will of citizens. Foreign governments should not be secret participants, covertly spreading propaganda and fanning the flames of division.

The government plays a central role in combating malign foreign influence and other cyber threats. The Attorney General’s Cyber-Digital Task Force report demonstrates that the Department of Justice is doing its part to faithfully execute our oath to preserve, protect, and defend America.

I regret that my time today is insufficient to describe the report in greater detail. It is available on the Department of Justice website. I hope you read it and find it a useful contribution to public discussion about one of the most momentous issues of our time.

In brief, the report explains that we must continually adapt criminal justice and intelligence tools to combat hackers and other cybercriminals. Traditional criminal justice is most often characterized by police chasing criminals and eyewitnesses pointing out perpetrators in courtrooms. Cybercrime requires additional tools and techniques.

We limit cybercrime damage by seizing or disabling servers, domain names, and other infrastructure that criminals use to facilitate attacks.  We shut down the dark markets where criminals buy and sell stolen information. We restore control of compromised computers. We share information gathered during our investigations to help potential victims protect themselves.  We seek restitution for victims. We pursue attribution and accountability for perpetrators. And we expose governments that defraud and deceive our citizens.

The Task Force report is just one aspect of our efforts. It is a detailed snapshot of how the Department of Justice assesses and addresses current cyber threats. The work continues, and not just within our Department.

Our government is doing more now than ever to combat malign foreign influence and other cyber threats. Trump Administration agency appointees and White House officials work with career professionals every day to prevent cybercrime and protect elections.

Our adversaries will never relent in their efforts to undermine America, so we must remain eternally vigilant in the defense of liberty, and the pursuit of justice. And we must approach each new threat united in our commitment to the principle reflected in the motto adopted at the founding of our Republic: e pluribus unum.

Thank you.