NSA, U.S. Cyber Command, election security
Background image: Phil Roeder / Flickr / CC BY 2.0

Exclusive: A high-level election security group is back. NSA and Cyber Command want to keep it under the radar

U.S. Cyber Command and the National Security Agency will not identify the latest leaders of their joint election security task force, in part to shield them from the threats and harassment other election officials have received for merely being associated with such work.

In a departure from previous election cycles, neither organization will publicize the names of the co-chiefs of the Election Security Group (ESG) because of the often-hostile environment surrounding U.S. elections since the 2020 presidential race, Recorded Future News has learned.

The identities also are being withheld, government sources said, as part of a larger push by top U.S. national security and law enforcement officials to convey that election security is a whole-of-government effort and therefore public messaging on the charged topic should be driven by agency chiefs — such as the Director of National Intelligence or the head of the FBI — and not bureaucratic entities or career employees.

The shift in strategy and the heightened concern for the safety of officials both come as the Biden administration warns of potential foreign interference in the November elections as well as dangers to individuals who help run the system.

The warnings are on top of longstanding concerns about potential cyberattacks targeting voting infrastructure, or human errors becoming amplified in influence operations that undermine confidence in election outcomes — especially with the rise of commercially available artificial intelligence tools that can assist an array of attacks at scale.

"We can confirm that the Election Security Group has stood up but we do not have anything further at this time," an NSA spokesperson said in an email when asked who the new co-leads are. A Cyber Command spokesperson sent a similar response.

Not divulging the identities of its employees, save certain senior leaders, is standard policy for NSA. However, both the agency and Cyber Command readily publicized the task force’s leaders in previous election cycles.

In 2020, David Imbordino, a career NSA official, and then-Army Brig. Gen. William Hartman, the commander of the Cyber National Mission Force and the command’s current No. 2, were selected to helm the group and publicly spoke about potential dangers ahead of Election Day.

Different environment

Poll workers and election officials at all levels have seen an uptick in threats since the 2020 presidential race and the false claims of widespread fraud spread by former President Donald Trump and his Republican allies. 

Just this week an Ohio man was sentenced two-and-a-half years in prison for making death threats against then-Arizona Secretary of State Katie Hobbs for certifying Biden’s win in the state, the latest in a series of such cases nationwide.

And the Cybersecurity and Infrastructure Security Agency, which helps protect elections and U.S. voting systems from foreign hackers, has become a routine target of threats and conspiracy theories from far-right Republicans over the role it played debunking Trump’s fraud claims. The agency’s director was recently the target of a swatting attack.

“Since the end of 2020 to the present day there has been a very consistent environment that really sort of celebrates and encourages threats to public officials,” according to Kim Wyman, a Republican who served as Washington’s secretary of state for eight years and later oversaw CISA’s election security portfolio, which is separate from the NSA-CYBERCOM task force.

In particular, threats of physical violence against public election officials have become “normalized,” said Wyman, now a senior fellow at the Bipartisan Policy Center.

“It’s scary.”

Roots in the Russia Small Group 

The joint task force, originally dubbed the Russia Small Group, was established in 2018 by former Cyber Command and NSA chief Gen. Paul Nakasone to safeguard the midterms from meddling by Moscow. 

It was initially helmed by then Air Force Brig. Gen. Timothy Haugh, who succeeded Nakasone last month, and Anne Neuberger, now President Joe Biden's deputy national security adviser for cyber and emerging technology. 

It was renamed ahead of the 2020 presidential election and its mandate expanded to include threats from countries like China, North Korea and Iran, as well as non-state actors.

The latest incarnation assembled a “month or two ago,” according to Rob Joyce, the outgoing director of the NSA’s Cybersecurity Directorate.

“This year we have adapted in that we've created a foreign malign influence lead and some dedicated resources,” he told reporters during a March 15 roundtable discussion. “So instead of a big stand up [and] stand down, we will have some continuous effort that then grows during the election cycles.”

Joyce did not say who is heading the group or who is serving as the new influence lead.

Yet because of their positions and responsibilities, the co-chiefs likely have, or will, provide congressional testimony before Election Day.

While it’s possible that such testimony would be provided exclusively behind closed doors, those appearances could be exposed by unfriendly members of Congress and eventually make them the targets of political attacks or one day get them hauled before lawmakers to discuss their work publicly, according former national security officials.

Wyman, who herself had her personal cell phone number posted online by the campaign manager of the failed 2020 GOP candidate for governor in Washington, said the decision by two of the country’s top national security organizations not to disclose who is spearheading their election security efforts is “probably a risk calculation.”

“These are people who are in public positions that are funded by tax dollars and I'm certain that [Haugh is] well aware of that,” she told Recorded Future News. 

“It's trying to balance the safety of your people that work for you and making sure that they are safe in their jobs or safe at their workplace or safe in their homes with the public's right to know who's doing that work,” she said. 

Like everything in the election security space “it's always a tricky line to walk because you aren't trying to hide who's doing the work or what they're doing because the public has a right to know,” Wyman explained. 

But, at the same time, you “also don't want to put your employees in harm's way because they're just trying to use their skills to earn a living and to contribute to their country.” 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Martin Matishak

Martin Matishak

is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.