claims that voting machines were casting incorrect votes. Still, many policymakers and advocacy groups continue to pillory social media companies for what they see as a lack of urgency when it comes to combating misinformation or
disinformation on their platforms.
“They played a part,” Krebs said. “There’s always much more
to do here, and keep in mind that the adversary will continue to pivot, pivot, pivot as we raise defenses and block off avenues.” Here again, DHS has indicated a willingness to enter the fray — in this case, by offering vulnerability scans and other protection services to any political campaign that wants it. When speaking with presidential campaigns, “we haven’t had anyone decline to have a call with us or not be excited
about the resources that we’re offering.” Masterson said. Cybersecurity experts say political campaigns are often most vulnerable in the early days of operations, when they are marked by high staff turnover, shoestring budgets and a lack of the sort of professional organization and sophistication
thattypicallytranslateintogooddigitalsecuritypractices. C Case in point: Research by the Global Cyber Alliance found that only four of 14 Democratic presidential campaigns were M
using Domain-based Message Authentication, Reporting and Y Conformance, a tool designed to prevent outside parties from CM
spoofing an organization’s email messages.
In addition, a look at what’s going on in other countries
could yield insights into how influence operations have CY evolved in response to new protections. For instance, Ukrai- CMY nian intelligence officials claimed in March that Russian oper- K atives had sought to buy or rent Facebook accounts from Ukrainian citizens in order to avoid security measures the U.S. instituted after the 2016 election. Similar tactics of co- opting native social media accounts and organizations were detailed in the Mueller report.
“We can’t just plug the holes that we’ve identified because you just don’t fight wars that way,” Norden said. “We see it in cyberattacks...they develop, they mutate. Adversaries who want to influence an election are going to find new ways. Having said that, we haven’t even plugged the very obvious holes that we do have.”
Past said what worries her most is the “strategic silence” on the part of state actors such as China and Russia in the past year, and she and Norden noted the lack of activity in recent years from which to draw valuable lessons.
But Past added that although policymakers should prepare for new tactics and strategies, it’s not clear that a foreign influence or election hacking operation would need to stray far from Russia’s strategy in 2016.
“There’s been no convincing response, government-wise or internationally or diplomatically, that would tell any nation- state...that they should [deviate] from the Russian playbook,” she said. “And most of the costs around those attacks have become less, not more, over the last few years.” n
MY
CIS_VERTICAL_HalfPage_Ad_WhitePaper_2019.pdf 1 1/29/19 8:13
SURVIVAL DEPENDS ON IT
Chameleons have survived for centuries through their instinctual ability to transform to their changing environment. In IT, survival requires the same ability to recognize when it’s time to change. New challenges require a new, innovative partner and approach.
PREPARE PROTECT PROSPER
Read our white paper Mainframe vs. Cloud: Don’t Judge A Platform By Its Name at
chameleonis.com
May/June 2019
FCW.COM 33