How Election Security Has Become a Top Issue … then what will you do!!!

Let’s forget who wins who loses although I have to admit democracy is at stake and it is more open than taboo as it was before racism etc.,

But we want to concentrate on the minor issues so far on election security which believes me over years in many countries and is already having an impact. Let’s have a look at the underlines and learn something.

When the question of the 2016 US election came on the table: The response: most people, including industry experts at the time, either ignored, mocked, or laughed at the suggestion.  But after the events of the past few years, no one is laughing now at the potential for voting irregularities, either only or How Election Security Has Become a Top Issue offline.

Some of the recent headlines underline a growing sense of urgency, if not panic, regarding the topic and what’s at stake. For example:

• Security Magazine: Cybersecurity Concerns with Online Voting for 2020 Presidential Election
• Roll Call: Congress must act now to help states with vote-by-mail in November, experts say..
• The American Interest: The Danger of Electoral Violence in the United States – “The 2020 election could result in widespread civil unrest unless immediate action is taken.”
• Delaware Public Radio: Delaware drops internet-based voting system used by some absentee voters amid security concerns
• Wall Street Journal: It’s Not Too Late to Save the 2020 Election
• NY Times: Georgia’s Election Mess: Many Problems, Plenty of Blame, Few Solutions for November – “Before Georgia’s embattled election officials can fix a voting system that suffered a spectacular collapse, leading to absentee ballots that never got delivered and hours-long waits at polling sites on Tuesday, they must first figure out who is responsible. …”
• Atlantic Magazine: Why Americans Might Not Trust the Election Results – “Nearly three in five Americans don’t have confidence in the honesty of our elections, a February Gallup poll found. Republicans, Democrats, state officials, grandmothers, first-time voters, the politically engaged, the anti-institutionalists—pretty much the only thing they could agree on was their doubts about the integrity of our democracy. …”

So why now? What makes our current situation different than in the past?

“The pandemic is helping shift the election discourse from processes, operations, and IT cybersecurity to also emphasizing public policies and values, but forget the pandemic for a second let’s look straight in the eye of the beast. For example, eligibility, access, openness, transparency, trust, and truthfulness and equity are core issues.

For the USA, this is in part accomplished from (1) lessons from the 2020 primaries, (2) the police and justice actions being seen in the larger context of the pandemic, economic status, employment, and election framework, and through (3) collaboration among states, governors and state interest groups and (4) increased engagement by the private sector.”

• State collaboration on technology plays a significant role with internal, US generated threats while the private sector strongly assists with US-based as well as external threats. Here are more specific details on the unique aspects of this election cycle:
• Direct and Indirect Pandemic Effects: Unique to 2020, with potential for continuation. Affects registration and voting, fear of crowds, risk of infection, long waits, difficulty in recruiting workers, many previous locations not available, elderly – a high voting group – particularly affected.
• Greater range of issues involved in the election, including public policy values: state / federal authority, powers; executive/ legislative branch powers; judicial and regulatory agendas; federalism framework; driving and connected socio-economic issues such as income, employment, health, race become more visible. These have created divisions as well as have the potential for unification, higher election turnout either way.
• Pre 2016, 2016, 2018, early 2020 lesson not fully assessed, implemented. Backlog on implementing solutions, e.g. U.S. intel: Russia compromised seven states prior to 2016
• Two of the absentee voting approaches – e-voting and mail both face challenges, including systematic attacks on mail voting as well as postal service infrastructure.

• More and more incentivized and practiced US-based and external hackers, increased by the range of public policy and economics and revenue-oriented issues.
• Divisiveness, with some recently shared values. May or may not be temporary.
• Increase collaboration among states, state interest groups, and the private sector offer opportunities. Potential for greater engagement on election infrastructure than in 2016 and 2018.

However, the Top Election Cybersecurity Issues is a reality not to ignore.

Registration: See June 15, 2020, NYT on “Pandemic is Choking off the Quadrennial Surge in Voter Registration” and WSJ, Keep Voters from having to Wait in Line”, June 12, 2020.

Voter Turnout:  Fast Company: These behavioral science tweaks could boost voter turnout during a pandemic election (even if it’s voting by mail)Voter Data Bases: Increased external inquiries and allegations of ineligible or deceased registrants. Targeted sweeps of registered voters, changes in eligibility, often affecting minority or other groups that tend to vote blue.

Mail Voting: Addresses many aspects of Pandemic issues, but there are claims of potential for fraud. See June 12 WSJ “Bolster confidence in voting by mail” and “Encourage Election and Postal Officials to coordinate their efforts as soon as possible”.

E-voting: Multiple issues on vulnerability raised by many e nittiest and experts. Recent studies by MIT and others.

Accelerated Vote Suppression: Multiple techniques: disenfranchisement including removal from rolls, targeted site placement, and consolidation, reduction in days or hours, etc. Vote suppression accelerates during census cycle decision and data utilization phases.

Insist that big-tech companies do their part: See WSJ, June 12, 2020. The WSJ has done a good job of covering this issue.

Collaboration Among States, State Association and Security Entities

Cybersecurity and Democracy Collide: Locking Down Elections

“The EI-ISAC (Elections Infrastructure Information Sharing and Analysis Center) handles information for election officials and provides no-cost cybersecurity services.

How are we Addressing New Cyber threats?

Yes, we’ve been discussing election cybersecurity threats for years, but new cyber threats keep surfacing. Consider these recent examples:

NY Times: Amid Pandemic and Upheaval, New Cyber threats to the Presidential Election

“With the general election less than 150 days away, there are rising concerns that the push for remote voting prompted by the pandemic could open new opportunities to hack the vote — for President Vladimir V. Putin of Russia, but also others hoping to disrupt, influence or profit from the election. …

Homeland Security officials have been focusing “intensely on hardening registration systems,” said Christopher C. Krebs, who leads the department’s Cybersecurity and Infrastructure Security Agency. He said his teams had been working to make sure that towns, counties and states patch software vulnerabilities, back up their systems, and also have paper printouts of poll books — the registration lists used on Election Day — should criminals or adversary nations render the digital versions inaccessible. …”

Vanity Fair: Hackers Are Already Screwing With the 2020 Election

“Expanding access to the ballot will be necessary this cycle, as officials scramble to hold an election against the backdrop of a pandemic. But the security vulnerabilities they present are almost certain to be exploited by the president and his allies.

Solutions Please: Organizational Election Resources and References

Over the past few years, there have been many ways that election security topics were addressed by lawmakers and other government leaders and organizations. From states getting classified briefings in 2018 elections to the Senate Intelligence Committee writing a report on election vulnerabilities ahead of the midterms to the US Election Assistance Commission providing $380 million to states in election security funds,  the response to the 2016 election was broad-based.  

Cyber Threats Could Wreak Havoc From targeted misinformation to manipulated data, these are the cybersecurity concerns election officials worry about most.
FacebookTwitterEmail

Four top US national security officials announced solemnly that they had evidence that two foreign adversaries, Iran and Russia, had obtained US voter data and appeared to be trying to spread disinformation about the election. Imagine the impact on your country’s state.

It was the latest—and most troubling—that had seen near-daily events set off potential alarms about how the US will hold up on and approaching Election Day. In the following days following the final hours before the voter registration deadline in Virginia, an accidentally cut fiber-optic cable knocked out access to the state registration portal.

Voters in states like Alaska and Florida began reporting threatening emails, purportedly from the white supremacist group Proud Boys, saying that the targeted Democratic voters should support Donald Trump—or else. National security officials soon confirmed that the emails appeared to originate with Iran.

FBI Director Christopher Wray said and used the opportunity “We are not going to let our guard down,” Wray said. Yet the emails and other episodes suggest that the presidential election was sure to be filled with more unexpected surprises and tense moments—and served as reminders of the myriad ways that the election could go wrong.

Interviews and conversations with numerous election, law enforcement, and intelligence personnel over the past year have highlighted a dozen specific scenarios that particularly worry them as Election Day nears. The concerns roughly break down into two categories: technical attacks on data or access and online information operations.

Such attacks would aim to accomplish one of three goals, which election security officials sometimes describe as subversion, disruption, and defamation. Those respectively cover attempts to outright change the outcome of vote totals, to limit or impede citizens’ ability to vote in the first place, and to undermine voters’ confidence in the election’s legitimacy.

While many such attacks remain theoretical, some of the scenarios have already played out in other circumstances in recent months or in other elections overseas. In addition to the apparent Iranian email campaign, US officials have feared that the trickbot botnet could be used to deploy a wave of ransomware against election targets in the weeks ahead. US Cyber command had to react under pressure else Trump was hot on fire.

The first US presidential election since Russia’s unprecedented—and wildly successful—2016 attack was always going to be fraught, in part because other countries might follow Russia’s lead. Warnings—some dire—have come steadily from US officials that foreign actors, criminals, or even domestic groups might try to launch attacks on the integrity or legitimacy of the election.

If trouble does come, it’s unlikely to look exactly like the 2016 attack. Social media companies have gotten better at spotting bad actors on their platforms; Facebook took down a disinformation network tied to Russian intelligence late last month, and Twitter has dismantled Iranian efforts as well. But not only have attackers’ tactics evolved, but other foreign adversaries have also clearly learned from Russia’s playbook. It’s not all bad news. In many ways the 2020 election is uniquely positioned to be resilient; election administrators, as underfunded and overworked as they are, have worked hard in the past four years to shore up the most vulnerable systems and expand the use of paper backups. Similarly, national security agencies and Congress

It’s not all bad news. In many ways the 2020 election is uniquely positioned to be resilient; election administrators, as underfunded and overworked as they are, have worked hard in the past four years to shore up the most vulnerable systems and expand the use of paper backups. Similarly, national security agencies and Congress have poured hundreds of millions into election security, and US Cyber Command has engaged with election threats in a way it never even tried to in 2016. “I think it was just a blind spot for us,” one former Cyber Command official told me about the 2016 attack. “I don’t remember anyone turning to us and saying we need to do something to help make this not happen.”

Attacks on Data, Access, and Availability

1. Ransomware: Throughout this year ransomware has topped the threat assessments of election security officials. Numerous local and state entities, from cities like Atlanta and Baltimore to two-dozen Texas towns, have been hit with ransomware attacks from organized criminal groups in recent months, underscoring the fragile and outdated state of much of the nation’s local government IT infrastructure. While the attacks thus far have been financially motivated, there were roughly 1,000 such strikes over the course of 2019 against states, municipalities, election vendors, health care providers, and other public entities; this year is likely to be even worse once the victims are totaled up.

The global threat and challenge from ransomware have grown dramatically this year amid the pandemic, as tens of millions of workers rapidly switched to working from home, and companies were forced to expand their IT infrastructure and open up systems, and IT and security resources were interrupted or stretched thin. While so far these attacks appear to be primarily for-profit targets of criminal opportunity, it’s not much of a leap to imagine a November 2020 ransomware attack with political undertones.

A ransomware attack that freezes up local voter databases could be conducted as either a coercive for-profit attack—forcing election bodies to pay steep ransoms on tight timelines to ensure the smooth functioning of the election—or fully destructive, paralyzing systems with no hope of unlocking them, as with Russia’s NotPetya ransomware attack in June 2017. Similarly, an attack targeting a campaign’s get-out-the-vote operations, email lists, or internal networks could cost a candidate the one thing they don’t have as the clock tick’s downtime.

The fears of an election-focused ransomware attack were a major reason for last week’s concerted attack on Trickbot, the world’s largest botnet, and a purveyor of Ryuk ransomware. Officials feared that doing it any earlier might give the network time to reboot and reorganize.

Even so, Cyber Command’s efforts appear to have made little dent in the criminal gang. Even after Microsoft and other security companies attacked, portions of the Trickbot network remain functional.

One simple way that the CISA is recommending election officials minimize the threat of ransomware is to embrace a particularly old-fashioned technology: Print out voter rolls and poll books.

2. Advance Voter Data Manipulation: One clear way to throw sand in the gears of the election would be to access and change voter registration databases in advance—for instance changing names, street addresses, or zip codes in ways that would cause confusion at polling places. “A pre-election undetected attack could tamper with voter lists, creating huge confusion and delays, disenfranchisement, and at large enough scale could compromise the validity of the election,” John Sebes, the chief technology officer of the election-technology-focused OSET Institute warned last year.

While a nationwide vote-changing operation would be all but logistically impossible, election watchers still fear a single targeted attack.

Russian hackers are known to have penetrated the voter systems of at least two Florida counties in 2016, though they do not appear to have changed anything. At least one other jurisdiction, Riverside, California, saw unknown hackers apparently tamper with voter party affiliation data in 2016, leading to confusion at the polls and voters being turned away. The episode remains unconfirmed publicly by federal or state officials—only the county district attorney has spoken about it openly—and the hackers’ intent is unclear since the data tampering apparently included both Republican and Democratic voters. “I’m very concerned,” Riverside County district

attorney Mike Hestrin told NBC earlier this month. “I think that our current system has numerous vulnerabilities.”

Problems with voter registration data would almost certainly lead to eligible voters being given so-called “provisional ballots,” which allow them to cast a vote while the underlying eligibility is double-checked. Such ballots, a standard part of all elections, introduce their own complexity, particularly if they end up needing to be used in large numbers since they would delay the final count and could introduce opportunities for court challenges of individual ballots. One strength of the US system here is just how decentralized these voter rolls actually are; hackers might be able to hit a single jurisdiction or even a handful, but it’s not like there’s a single national voter database that could muck up voting for everyone.

3. Day-of-Vote Interruption: The Covid-19 pandemic will mean that there are fewer polling places open in many parts of the country, all of which rely on a wide assortment of voting technologies. That increases the chances that technical gremlins could freeze up systems, slow down lines, and discourage voters from participating. Already this year, citizens in Georgia faced lines on the state’s first day of early voting that stretched to 10 hours or more after bandwidth challenges slowed the pace of its check-in system to as few as 10 voters an hour. “The system would kick us out, or make us log back in, or was slow responding — you didn’t know what was going to happen really,” one county election director told The Washington Post. It took until Wednesday to implement technical fixes that got the system back up to speed.

Security journalist Kim Zetter has called those voter check-in devices, known as “electronic poll books,” the “security hole everyone ignores.” They adhere to no uniform standards or federal certifications, and a leaked NSA document showed that Russia targeted at least one e-poll book manufacturer as part of its 2016 attack.

While the poll books can’t be used to alter someone’s vote, Georgia shows how problems with the devices’ connectivity could discourage voters from participating in the first place. Moreover, just as with problems introduced into the underlying voter data, check-in challenges could lead to an increase in provisional ballots, slowing the final vote count, and increasing the number of votes that could be challenged in court or a recount.

4. Actual Vote Manipulation: In 2016, as it watched Russian intelligence probe US voting networks, the US government communicated what it saw as a clear “red line”: The US would not stand for any attempt by Russia to change actual vote totals in the election. Here again, the decentralized nature and diversity of America’s voting systems serves as a protection. Given how many different technologies one would have to master and how many different jurisdictions would have to be targeted, it would be enormously hard to affect enough votes to change the outcome of the election.

Fears have long existed about the insecurity of the myriad voting technologies used by the nation’s thousands of independent election systems, and news stories in recent weeks have pointed out the physical vulnerabilities of the storage facilities where voting machines sit in between elections. The concern is particularly high about so-called “ballot-marking devices,” touchscreen machines that print out a receipt that is then scanned by another machine. These devices will be in widespread use this year, but they are considered uniquely problematic because the proprietary barcodes used on the receipts make it challenging for voters to double-check that their votes were recorded as intended. Does that random series of lines on your receipt look like a vote for Biden or Trump?

University of Michigan professor J. Alex Halderman has for several years been raising concerns about the weaknesses and vulnerabilities inherent in the centralized electronic systems used in certain states. “If Russia or other attackers can break into a state’s election management system, they can spread malicious software to voting machines throughout that jurisdiction, and potentially change all of the digital records,” Halderman said in a radio interview this summer. “That’s the threat that really keeps me up at night.”

A Pennsylvania election in 2019 showed how much can go wrong even without outside interference. Electronic records in Northampton County showed the Democratic judicial candidate winning just 164 votes out of 55,000 ballots. Luckily, the jurisdiction had paper backups and was correctly able to retally the votes. No one has yet figured out what went wrong, but officials blamed a software bug.

While a nationwide vote-changing operation would be all but logistically impossible, election watchers still fear a single targeted attack or even the appearance of one. If someone were to release a video online that appears to show a voting machine being hacked in Broward County, Florida, that could potentially undermine confidence in results more broadly. It could also easily be a fake; old voting machines are freely available for purchase. The FBI and CISA similarly warned voters in September of what they called “false claims of hacked voter information likely intended to cast doubt on the legitimacy of US elections,” pointing to how voter data can be purchased through publicly available sources and thus appear to be stolen or manipulated when it’s not.

5. Messing with Reporting: Rather than attempting to change the actual votes, hackers could also target those reporting on the vote totals on election night—attempting to manipulate the results on state secretary of state websites or the vote totals tallied by wire services like the Associated Press. Such an attack, if carried out subtly, could undermine confidence in the final results as Americans question strange election night swings or changes in the initial unofficial vote totals.

Even simpler, in some ways, would be just hijacking news organization websites or social media accounts to send out false results or news bulletins. There’s precedent: In 2013, the AP’s Twitter feed was hacked to send a tweet reporting an explosion at the White House, a report that quickly wiped out $136 billion in stock market gains that day as nervous investors worried about a terror incident. It took just six minutes. The Justice Department later charged the Syrian Electronic Army over the act of cyber vandalism.

And in July, hackers used social engineering to gain access to dozens of high-profile Twitter accounts and push a bitcoin scam. The spiraling security incident took Twitter hours to control and eventually led to the platform temporarily blocking all verified accounts from posting at all. The idea of such an attack playing out on Election Day or amid a tense period after the polls close, with high-profile politicians or news accounts tweeting out alarmist or contradictory messages, could quickly spiral into a national crisis. Twitter has since taken steps to harden high-profile accounts against such attacks, but it remains to be seen whether that’s enough.

6. Distributed Denial-of-Service Attacks: At the end of September, CISA and the FBI issued a joint announcement specifically warning about the possibility that DDoS attacks could disrupt election infrastructure. The statement came almost exactly four years after the last time the US government feared such an election attack. Many forget that amid the confusion over the precise nature of Russia’s attack in 2016, US government and industry officials speculated that the rise of the Mirai botnet that fall might be a “rehearsal” for an Election Day attack. US government officials stood ready to take swift action against portions of the Mirai network if it was turned against the election. Last year, separate DDoS attacks targeted websites used by both the Labor Party and the Conservative Party amid the UK’s general election.

In a tight election that unfolds over a fixed period of time, knocking a website offline or slowing access to it for even a few hours could stymie a campaign’s get-out-the-vote efforts, lead to voting delays at certain polling places, or slow the reporting of results. However, CISA and the FBI underscored that even amid a DDoS attack, the underlying voter data or vote tallies would remain untouched. As the announcement said, “The FBI and CISA have no reporting to suggest a DDoS attack has ever prevented a registered voter from casting a ballot or compromised the integrity of any ballots cast.”

7. Infrastructure Attacks: While the perennial bogeyman in cyber scenarios is always an advanced attack on physical infrastructure—an attack on the power grid, pipelines, water, or other key systems—the good news is that such attacks remain both incredibly rare and largely the domain of only a handful of advanced foreign adversaries.

There are all sorts of normal tech hiccups around elections as it is—as the unintentional Virginia cable-cutting demonstrates—and localized power outages from storms or construction mishaps regularly end up affecting polling places, but the remote possibility remains that such outages or disruptions could be introduced nefariously to Election Day. The security firm Cyber Eason last year ran a series of tabletop exercises specifically looking at how real-world attacks might impact Election Day. One exercise focused on a hacktivist group—known in the exercise as Kill Organized Systems (K-OS), pun intended—that disrupted traffic lights and brought the election to a standstill by paralyzing the city’s transportation system.

“If you can prevent people from getting to the polls … if you can effectively disenfranchise certain segments of the population, that’s far more disruptive to the republic than taking out a few voting machines,” Cyber Eason’s Sam Curry said after the exercise.

Again, pulling off such an attack would be exceedingly unlikely, and the nature of US infrastructure would make it basically impossible to pull off at scale. But a sophisticated attacker could certainly attempt to cause trouble in a critical city in a swing state.

Information Operations

8. Hack and Dump: This week’s New York Post series on Hunter Biden sets off nearly every warning alarm about a possible hack-and-dump-style information operation, akin to the Russian thefts of emails from the Democratic National Committee and Hillary Clinton campaign chair John Podesta.

Presidential campaigns have long been targeted by foreign intelligence services—China hacked the campaigns of both John McCain and Barack Obama in 2008—but it wasn’t until Russia’s attack in 2016 that a foreign adversary thought to weaponize such campaign espionage and turn it into public information dumps. This year has seen repeated warnings that campaigns are being targeted by hostile actors looking to gain access to staffers and leadership—Microsoft says it has detected attacks against both Joe Biden’s campaign and Donald Trump’s from actors linked to Russia, China, and Iran—although it’s unclear whether those attacks have been for pure intelligence purposes or to collect embarrassing information that could be dumped closer to the election.

While the news media is trying to handle these stories more maturely than it did in 2016, a hack-and-dump of legitimate, newsworthy information would be all but irresistible.

In 2017, French presidential candidate Emmanuel Macron came up with a tactic for combating a hack-and-dump right before election day: His campaign told reporters that they had seeded their own internal servers with fake documents and emails. The duplicity helped discourage reporters from covering the stolen files since they couldn’t be sure what was real and what wasn’t. Have Biden and Trump and other key officials followed that lead?

9. Misleading Voting Information: Voting amid this year’s pandemic will force millions of Americans to change their routines. Polling places are moving, and more states are embracing vote-by-mail, introducing unfamiliar procedures that people will need to follow closely in order for their ballots to count. Those new logistical complexities introduce the chance for adversaries—using social media, websites, or even old-fashioned postcards and mailers—to confuse or misdirect voters.

The FBI and CISA have raised warnings that standard “phishing” techniques—like spoofed web domains and misleading URLs—could be used to actively mislead voters searching online for information about voting deadlines, polling places, results, or any of the myriad questions that arise amid the logistics of casting a ballot. Twitter, Facebook, and other social media website have also been uniquely aggressive in taking down misleading information about the election—even sanctioning the president’s own tweets.

10. Voter-Targeted Disinformation: Election-related disinformation has almost certainly arrived as a permanent problem for candidates, tech platforms, and security officials. While misleading mailers, push polls, and other misleading tactics have long been a part of off-line campaigning, the Internet Research Agency’s meme-filled attempt to sow division in the 2016 campaign among everyone from Black voters to Trump MAGA-is provided a road map for other foreign and domestic actors.

Don’t miss the latest Election 2020 news and analysis!

As Stanford’s Internet Observatory revealed in a recent report and op-ed, “The Russians are now perfecting these techniques worldwide—mostly to shape public discourse on topics of geostrategic interest to Russia, such as the ongoing Syrian civil war.” The GRU has created a variety of false entities such as the Inside Syria Media Center, a nonexistent think tank that successfully pushed pro-Assad and anti-Western narratives, and people linked to Internet Research Agency were evidently behind a website called Peace Data that used real US journalists and writers to target left-wing Americans.

While one much-hyped threat this cycle—deep fakes—has failed to materialize, Trump campaign associates have shown the possible damage from so-called cheap fakes, crudely manipulated, and edited videos that mislead viewers. As the blog, Law fare noted, in just two days at the end of the summer, Republican congressional whip Steve Scalisi, White House social media guru Dan Scavino, and the Trump campaign each tweeted different misleading videos.

11. Social Media Threats: One of the oft-forgotten aspects of North Korea’s 2014 attack on Sony Pictures Entertainment and Seth Rogen’s comedy The Interview was the series of terror threats against movie theaters that were set to show the movie. North Korea’s hackers posted a message on Paste in invoking 9/11 and saying, “We will clearly show it to you at the very time and places ‘The Interview’ be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to.” Ultimately, it was those threats that led to the release of the movie being canceled—no theater chain was willing to risk showing it.

At the same time, given the heated rhetoric and protests that have already unfolded on the nation’s streets this year—with spring right-wing protests over pandemic stay-at-home orders followed by a summer of protests over police brutality and racial justice—there are also worries that social media threats or rumors could lead to armed civilians attempting to self-police polling places. This summer, false online rumors of pending invasions from Antifa led to armed gangs assembling to “defend” communities, and rumors in November of either intended violence at polling places or ballot fraud could provoke similarly armed confrontations at voting precincts between civilians and law enforcement.

12. The Tweeter-in-Chief: While no government officials will say it publicly, one of the biggest fears in election security circles is @realdonaldtrump himself and the second-and third-order effects of how an incumbent president with a history of grievance and insecurity might respond to any of the above incidents unfolding.

Indeed, the primary damage from almost any cyberattack on any election would likely come not from the strike itself, but in how it would raise questions in the public’s minds—and particularly in the minds of the losing candidate’s supporters—about whether the result was valid, free, and secure.

This, after all, was perhaps the biggest lesson of Russia’s attack on the 2016 election: After years of the cybersecurity industry focusing on securing critical infrastructure, from electrical grids and water systems to air traffic control networks and pipelines, the first major cyber-attack—the long-feared “Cyber Pearl Harbor”—centered on a piece of our free society that had long gone unprotected: America’s confidence in itself.

Now, four years later—even as the US has shored up its technical defenses—it’s clear that the political discord and division that the Internet Research Agency seized upon and stoked in 2016 is only worse, more polarized, more partisan, and more violent. And that’s not a problem that cybersecurity expertise, the NSA, the FBI, CISA, or local election administrators can solve. The lessons are to be learned and that one group works together to see through our infrastructure closely asked or not, you are as responsible as the others after all your country and reputation come into play

Name: Kris Seeburn

Title: Professor, Independent Consultant, chief Trainer on Cyberwarfare

Washing DC, USA