For years, the US government has been promising—or threatening—a more autonomous and aggressive Cyber Command, the sibling of the National Security Agency whose hackers are authorized to wage cyberwar and disrupt America's adversaries with direct acts of digital sabotage. During last November's congressional election, it seems, the newly empowered agency quietly flexed its muscles in an operation that took out internet access for Russia's Internet Research Agency, a Kremlin-linked hub of social media disinformation.

But while that takedown created an immediate, albeit temporary, impediment for the IRA's trolls at a key moment, much of the security and intelligence community argues that the message the operation sent—its power as a "signal" to US adversaries online—will resonate further and longer. But the question remains: What does that message actually say?

On Tuesday, The Washington Post reported that Cyber Command targeted the St. Petersburg-based Internet Research Agency with a cyberattack in late 2018—exactly how, or for how long, isn't clear—that knocked the organization offline during the US midterm elections, potentially preventing a last-minute flood of disinformation designed to affect the election's results or turnout. Some US senators even told the Post that Cyber Command's actions had deterred Russia's attempts to repeat their meddling from the 2016 presidential campaign.

The St. Petersburg headquarters of the Internet Research Agency, Russia's so-called troll factory. Dmitri Lovetsky/AP

But most of the former intelligence and cybersecurity officials who spoke to WIRED about Cyber Command's operation say that the key significance of turning off the IRA's internet access was not the immediate outage it created, but the larger message it communicated to the Kremlin—amplified further by the classified operation now having leaked to the Post. The mere action of demonstrating that level of control over the IRA's network makes clear that the US government could have done worse, such as destroying computers or leaking the IRA's internal communications.

"This operation was nothing more than a signal to the Russians that what you did was not acceptable, and we’ll take action and use some element on the spectrum of force to counter that," says Sergio Caltagirone, a former technical lead at the NSA who has since worked in threat intelligence at Microsoft and security firm Dragos. "You start small to get the message across: If you do this, we will do something. If they do it again, you ratchet up the pain a little more."

Exactly how much immediate pain the IRA-targeted operation itself caused remains far from clear. The IRA's staff was reportedly sufficiently annoyed by the shutdown that Cyber Command recorded complaints they sent to their systems administrators. But former White House cybersecurity adviser Rob Knake, who served for four years on President Barack Obama's National Security Council, argues that IRA staffers may have had to do little more than walk to a coffee shop, or tether their computers to their phones, to overcome a mere network outage. "If you cut internet access to a bunch of trolls at a troll farm, they work from home or go to their local Starbucks," Knake says. "I think the message it sent was probably far more significant."