US Cyber Command and National Security Agency Director Adm Mike Rogers said the US government gave French authorities "a heads up" about Russian infiltration into their presidential campaign infrastructure before the cyberattack was made public. Rogers told a Senate committee on Tuesday (9 May) that the agency warned its French counterparts before thousands of files stolen from Emmanuel Macron's campaign were leaked 36 hours before the country's run-off vote on Sunday.
"We had become aware of Russian activity," Rogers said before the Senate Armed Services Committee hearing. "We had talked to our French counterparts prior to the public announcements that were publicly attributed this past week and [we] gave them a heads up.
"We said, 'Look we are watching the Russians, we've seen them penetrate your infrastructure, here's what we've seen, what can we do to try to assist?'"
Rogers did not specify what activity the agency had observed or what type of infrastructure was penetrated.
On Friday, about 9GB of data from Macron's campaign was leaked online. Macron's campaign said it suffered "massive and coordinated" hacking attack, adding that the documents included authentic campaign files from its staff members' personal and professional accounts. It also warned that the cache included many "false documents" to "sow doubt and disinformation".
Despite the cyberattack, Macron won the run-off vote defeating far-right candidate Marine Le Pen. France's cybersecurity agency ANSII said the information technology fraud division of Paris' police force was investigating the breach
Earlier this month, security firm Trend Micro found evidence that Russia-linked hacking team APT28, also known as Fancy Bear, had attempted to infiltrate Macron's campaign using sophisticated spearphishing tactics. The same group has been previously tied to the DNC hack last year.
In January, US intelligence agencies accused President Vladimir Putin of ordering an "influence campaign" designed to denigrate Hillary Clinton and help Donald Trump win the US election in November. The report also warned that Russia would implement lessons learned from the US election to "future influence efforts worldwide, including US allies and their election processes".
The Kremlin has continued to deny the allegations and any involvement in the cyberattacks.
Rogers said the agency was also working with its British and German counterparts ahead of their own elections.
"We're doing similar things with our German and British counterparts, they have an upcoming election sequence," Rogers said. "We're all trying to figure out how we can learn from each other."
"We need to make it very clear to nation-states that engage in this behaviour that it's unacceptable and there's a price to pay for doing this," he added. He did not specify what kind of help the US is providing to the UK and Germany.
When asked by Republican Senator Lindsey Graham if he concurred with now-former FBI director James Comey that Russia was still meddling in American politics, Rogers said: "Yes."
Rogers said the US was still working on a comprehensive cyber policy to bolster its defences against attacks in what he called a "brave new world out there".
Republican Senator John McCain of Arizona, however, said it was "disheartening" that the White House had yet to develop a new plan to fight cyberattacks within 90 days as President Trump promised.
"The new administration promised one within 90 days of the inauguration, but 90 days have come and gone, and no such strategy and policy have been provided," Senate Armed Services Committee chairman McCain said. "Our nation remains woefully unprepared."