Cybersecurity
Matthew Masterson, a senior adviser at the Department of Homeland Security who focuses on election security, said he spends “a lot of time thinking through that undermining confidence [angle] and ways that we can build that resilience because the reality is you don’t actually even have to touch a system to push a narrative that undermines confidence in the election process.”
He made the comments at a cybersecurity conference in April. At the same event, Liisa Past, former chief research officer in the Cyber Security Branch of Estonia’s Informa- tion System Authority, said campaigns to influence elections operate on multiple fronts.
“It really illustrates the adversarial activity, which is that they’re throwing spaghetti at the walls,” Past said. “Cyber is one wall, [while] misinformation, disinformation and social media is another wall. We’re having to assume that using proxies and...useful idiots is another wall, and I’m afraid that behind it there might also be an element of blackmail and personal manipulation.”
The challenge, she added, is “how do you come up with a risk management model that clearly has the same degree of flexibility as the adversary’s tactics?”
Slow, steady progress at the state level
The report on Special Counsel Robert Mueller’s investigation into Russian interference in the 2016 election and related indictments against members of the Russia-based Internet Research Agency have documented a wide-reaching effort to target state boards of elections, secretaries of state, county government officials and technology companies responsible for making election-related software and hardware.
In response, officials at DHS and its Cybersecurity and Infrastructure Security Agency have built relationships and information-sharing agreements with all 50 states and more than 1,400 local entities. CISA Director Chris Krebs recently joked that he knows the ties between DHS and the election community are stronger today because he receives texts from secretaries of state and election officials at all hours of the
night, asking questions and requesting resources. Nevertheless, by DHS’ own count, there are still thousands of localities left to contact at the county and local levels, where elections are mostly administered. That activity is all the more urgent given a joint intelligence bulletin issued in March by the FBI and DHS confirming what had long been suspected: Russian hackers had probed the election infra- structure of all 50 states in the lead-up to the 2016 election. Despite the revelation in a recent New York Times article that senior White House officials had thwarted an effort by former DHS Secretary Kirstjen Nielsen to create a Cabinet- level election security team to elevate the issue, the work of securing the country’s election infrastructure is making
progress at the state level.
Lawrence Norden, deputy director of the Brennan Cen-
ter for Justice’s Democracy Program, told FCW “there’s no question we’re in a better place” security-wise compared to 2016. He cited the steady (if sluggish) progress on replacing paperless voting machines in the past three years and the heightened awareness of threats on the part of government agencies, technology vendors, election officials and the media.
For instance, hackers had some success with spear-phish- ing attacks in 2016, but he said he hopes that’s less likely to happen in 2020 now that the election community has been educated about the tactic.
Do attackers even need a new playbook?
In the meantime, work continues on efforts to counter dis- information, state-sponsored hacking and leaks that target political campaigns.
The 2018 midterm election was notably quieter than 2016’s presidential election, and Krebs told the House Homeland Security Committee in February that social media companies deserve some credit for stepping up their efforts during the recent election cycle. He said major platforms sent repre- sentatives to a DHS election security war room in Virginia on Election Day and coordinated with officials to pull down blatant instances of misinformation posted online, such as
32 May/June 2019 FCW.COM
“Keep in mind that the adversary will continue to pivot, pivot, pivot as we raise defenses and block off avenues.”
— CHRIS KREBS DEPARTMENT OF HOMELAND SECURITY