The increasingly polarized political dialogue in the United States is due, at least in part, to Russian manipulation of social issues, according to two national security experts who visited Denver Thursday.

The panel on cybersecurity took place during a luncheon hosted by the Colorado Association of Commerce and Industry, the state’s chamber of commerce. It featured retired General Michael Hayden, former head of the Central Intelligence Agency and the National Security Agency under President George W. Bush; and Michael Morell, former deputy director of the CIA under President Barack Obama, and who also served as the agency’s acting director in 2011 and from 2012 to 2013.

Both discussed Russian attacks on the 2016 election and cyber influence on American society.  As an example, Hayden and Morell said that controversy over NFL players “taking a knee” during the playing of the national anthem has been exploited by Russian intelligence, under the direction of Russian President Vladimir Putin.

“Russians had been playing in our social issues for some time, widening divisions about race, gender and income inequality. It’s a sophisticated effort on Putin’s part” to divide the nation, Morell said.

Within 90 minutes of the NFL issue going national, the Russians were involved, Hayden told the CACI audience Thursday. “Covert influence campaigns identify fractures in a society and take advantage of them,” whether it’s the 2016 election, Brexit or other European unity issues.  “We need to stop demonizing those with different political views” because the Russians will take advantage of it.

Morell explained that in Russia, someone could work for Russian intelligence by day, stealing secrets from the U.S. government or from companies like Boeing, and by night would go work for cybercrime groups. The cyber skill level of nation states, like Russia, is higher than it is within organized crime groups, but those helping organized crime are making them as sophisticated as the government, he said.

What’s on the horizon is attacks from organized crime, Morell said, such as information attacks on companies, the same kinds of attacks Russians did on the 2016 election. But those attacks will attempt to undermine a company’s brand, he said. “People can manipulate perceptions into crises you should never have to handle,” added Hayden.

In a perfect world, according to Morell, the government would create a commission that would look at how Americans can defend themselves and how to deter Putin activities going forward. “He won’t stop because it’s been effective for him,” he said.

Cybercrime is now a bigger moneymaker than illicit drug trade, according to Morell. And the level of sophistication is getting greater. He said 90 percent of all successful cyber attacks come via phishing – an innocent-looking email with a hyperlink. The “bad guys” have learned that mass emails, hoping that someone will click on that phony hyperlink, doesn’t work anymore because people have become aware.

So where the cybercriminals are headed is to individual attacks, using information gathered through social media. Morell cited a recent attack on a business CEO who received an email from someone he thought was his real doctor. The cybercriminal knew the person had just had surgery, and told the CEO that he still owed a small amount of money, around $25, and to “click on this link to pay.” And he did. Phishing attacks are getting that sophisticated, Morell said.

Morell told Colorado Politics after the luncheon that the best defense in cybersecurity is a good offense. Cybersecurity firms look for hackers and others schooled in stealing intelligence, because they have the skills to exploit weaknesses. His advice for companies looking for cybersecurity experts is not to look at people who have gone through formal education on the issue, but those with good critical thinking skills and enough background in computer science to understand the technology.

American businesses have to treat threats from cyber attacks the same as any other business risk, like fraud, Morell said. Companies need to identify what’s most valuable – customer data, or intellectual property – and then focus on protecting it. And it’s the smaller companies that are increasingly more at risk, since large companies are already aware and working to protect their assets.

But it’s also up to senior management and company directors to take these threats most seriously, Hayden said. He was asked at a dinner in 2010 how much ramping up cybersecurity would cost. It’s a pretty accurate description of American business, Hayden added, to see cybersecurity “as a subtraction from the bottom line. You have to look at it as integral to your business.”

The government is not quite up to the task of protecting the American public from cybercrime, according to Hayden. Cyberspace as a domain became part of the American military doctrine about 20 years ago, the same kind of domain as land, sea, air and space, and Americans are accustomed to government providing security in these physical domains. But the experience and skill level is not there yet, plus there’s the issues of speed, technology, civil liberties and privacy, he said.

The good news, Hayden added, is that when the government doesn’t show up, the private sector steps in, and there’s an incredible amount of entrepreneurial energy in cybersecurity.

Finally, the nation needs strong national leadership as well as strong public information campaigns to focus attention on the issues of cybersecurity, Hayden said.  “We need a generation of leadership that can not only lead but are ‘digital natives,’ raised in the digital universe.”

Photo by Marianne Goodland