WASHINGTON — The United States deployed operatives to Estonia in the weeks before the November election to learn more about defending against Russian hackers as part of a broader effort to hunt down foreign cyberattacks, American and Estonian officials said.
Estonian officials believe the growing cooperation with the United States will be an important deterrent to any attacks by neighboring Russia, while American officials have used the collaboration to help bolster their election defenses.
Estonia has one of the more sophisticated network defenses in Europe, offering American military personnel a chance to work with experts with experience discovering and defending against Russian attacks. American officials also deployed such teams during the midterm elections in 2018, but previous deployments have been to countries with relatively undeveloped digital defenses.
The deployment in Estonia allowed U.S. Cyber Command, which runs the military’s offensive and defensive operations online, to broadly observe Russian techniques in Estonia and compare them with Moscow’s tactics used in the United States, said Brig. Gen. William J. Hartman, the commander of the Cyber National Mission Force.
“The ability to share that information back with our whole of government partners is a key component of the defense of the elections,” General Hartman said. Estonian officials said Russia did not attack its military networks while the American team was deployed there, from Sept. 23 to Nov. 6.
American officials have previously noted that they have expanded the number of teams of experts from Cyber Command that they have sent overseas, but they identified only broad regions, not specific countries. The teams generally comprise more than a dozen operatives, officials said.
On several of those deployments, American operatives identified new kinds of malware used by Russia that the United States government then released publicly, blunting their effectiveness, according to defense officials.
No foreign power was able to disrupt the American vote, either by hacking into election systems or spreading vast amounts of disinformation. That was partly because of increased federal help protecting state and local government networks, and partly because of more aggressive Cyber Command operations.
Military officials now see election defense as a core mission that requires constant efforts to learn what foreign powers may be attempting. Officials said the overseas deployments to places like Estonia are critical to the surveillance of Russian hackers.
Estonian officials believe their aggressive actions have helped deter Russian attacks, and the expanding partnership with the United States is also reinforcing that deterrence.
Estonian officials said Russians used to use their country to test out new and different attacks, both hacking operations and attempts to spread disinformation.
That changed in recent years. As Estonia has become more aggressive at sharing information about Russian tactics, Moscow has shifted its focus to other countries to preserve the effectiveness of its arsenal of exploits and malware, Estonian officials said.
“If we discover the malicious activity and we share it with the world, our partners, then attacking is more expensive,” said Mihkel Tikk, the deputy head of the Estonian Defense Forces’ Cyber Command. “So the adversary has to start making decisions and making choices about who they attack.”
Estonian officials are eager for more deployments of American operatives, or even a permanent detachment from U.S. Cyber Command to be stationed in the country. Russia has long aimed cyberattacks at Estonia and other neighboring countries.
American officials said they plan to continue the short-term deployments of teams around the world.
The operations are important in helping to control escalation with adversaries, said Thomas C. Wingfield, the deputy assistant secretary of defense for cyber policy. When the United States can find ways to make cyberattacks and cyberoperations by adversaries like Russia and China less effective and more expensive, it will prevent those countries from escalating their attacks, he said.
“Inaction in cyberspace contributes to escalation, more than reasonable action in cyberspace,” Mr. Wingfield said. “States like Russia and China are deriving significant strategic gains from what we consider to be aggressive, irresponsible and destabilizing cyberactivity that is relatively cheap and easy for them to perpetrate.”