COVER STORY
THE KNOWN UNKNOWNS
Experts differ on whether elections officials will face the same threats as 2016 or whether they should expect the unexpected in 2020
By Derek B. Johnson
“There’s been no convincing response, government-wise or internationally or diplo- matically, that would tell any nation-state... that they should \[deviate\] from the Russian
playbook.”
U.S. Cybersecurity officials are gearing up to prevent foreign influence campaigns from affecting the 2020 elections.
Experts are divided over whether local officials and federal agencies should expect the same type of efforts to undermine the election infrastructure and manipulate online discourse that they experienced in 2016 – or whether they should expect the unexpected.
On Election Day in 2018, federal officials said they saw no indication that voting infrastructure was successfully targeted by cyberattacks or other efforts designed to strike voters from the rolls, change vote counts or hinder officials from completing election tallies.
Yet, concerns about malign influence campaigns and new
vectors of attack continue to factor into discussions about the 2020 election.
Matthew Masterson, a senior advisor at the Department of Homeland Security who focuses on election security, said he spends “a lot of time thinking through that undermining confi- dence \[angle\] and ways that we can build that resilience because the reality is you don’t actually even have to touch a system to push a narrative that undermines confidence in the election process.
He made the comments at a cybersecurity conference in April. At the same event, Liisa Past, former chief research officer in the Cyber Security Branch of Estonia’s Information System Authori- ty, said campaigns to influence elections operate on multiple fronts.
“It really illustrates the adversarial activity, which is that they’re throwing spaghetti at the walls, Past said. “Cyber is one wall, \[while\] misinformation, disinformation and social media in another wall. We’re having to assume that using proxies and ... useful idiots is another wall, and I’m afraid that behind it there might also be an element of blackmail and personal manipulation.”
The challenge, she added, is “how do you come up with a risk management model that clearly has the same degree of
NS4
NOVEMBER/DECEMBER 2019 | NETWORKING SECURITY
3dfoto/Shutterstock.com