NSA’s Russian cyberthreat task force is now permanent

The task force the National Security Agency and U.S. Cyber Command created last year to thwart Russian influence and cyberattacks is now permanent.
NSA, National Security Agency, RSA 2019
(Scoop News Group photo)

The task force the National Security Agency and U.S. Cyber Command created last year to thwart Russian influence and cyberattacks on the U.S. is now permanent, spokespeople from both agencies confirmed to CyberScoop.

The “Russia Small Group” — whose existence NSA Director Paul Nakasone announced in July of last year, absent guidance from the White House on how to handle Russian cyberthreats — settles in as the White House, Congress and the Pentagon have taken steps to clarify how and when the military should conduct offensive operations in cyberspace.

The NSA would not comment on the number of people on the task force, where it is based, or when the operation became permanent. One intelligence official told CyberScoop the group’s new permanent designation, under routine operations, likely marks a surge of incoming resources, just as in any military surge.

“We intend to build on this foundation as we prepare with our interagency partners for a broader challenge in the upcoming 2020 election cycle,” a Cyber Command spokesperson told CyberScoop. The New York Times first reported that the task force had become permanent.


The NSA and Cyber Command have revealed at least one operation that stems from the new freedom to operate, as well as the explicit focus on Russia: The group successfully interrupted the internet access of the Russian-government-backed Internet Research Agency in the buildup to the 2018 midterm elections, as first reported by The Washington Post.

The IRA’s goal was to “provoke and amplify political and social discord” in the U.S., as the Special Counsel Robert Mueller wrote in his final report on Russian influence in the 2016 election.

Recent documents help define the types of activities the Russia Small Group might engage in: In 2018 the Trump White House issued a presidential memorandum loosening some authorizations for offensive cyber-operations, superseding an Obama-era presidential policy directive on the matter. The 2019 National Defense Authorization Act lists clandestine cyber-operations as traditional military operations, helping to give the Pentagon more leeway. The military’s “defend forward” doctrine, outlined in its 2018 cyber strategy document, allows it to disrupt malicious cyber-activity at its source.

The move by the NSA and Cyber Command comes as the government itself is acknowledging a long-term threat from Russia in cyberspace.

FBI Director Chris Wray said Friday Russian cyberthreats have “continued pretty much unabated” while speaking at the Council on Foreign Relations.


Secretary of State Mike Pompeo said Monday that the U.S. should expect Russia to continue making efforts to interfere in U.S. politics for decades to come. “We should expect in 2050 the Russians will still be at it still,” Pompeo said while speaking at the Council on Foreign Relations at a separate event Monday.

“We recognize that our adversaries are going to keep adapting and upping their game,” Wray said. “And so we’re very much viewing 2018 as just kind of a dress rehearsal for the big show in 2020.”

Russia’s activity, as detailed by Mueller and other investigations, also included spearphishing attacks on the Democratic National Committee and the Democratic Congressional Campaign Committee to steal hundreds of thousands of campaign documents, some of which were disseminated through WikiLeaks.

The Russia Small Group will continue to work with the FBI’s own election security task force, as well as with the Central Intelligence Agency, an NSA spokesperson said. The group will also continue coordinating with the Department of Homeland Security’s election security and foreign influence task forces which have also been made permanent, according to a DHS official. The CIA did not respond to a request for comment Monday.

Correction: This story has been corrected to state that the New York Times first reported the task force’s new status.

Latest Podcasts