Facing the primary attack on democracy
Democracy is under attack — and our federal, state, and local elections are the front lines.
Both technical attacks and disinformation campaigns designed to undermine election legitimacy are being deployed on a daily basis to threaten the basic tenets of American society.
The Justice Department’s special counsel recently concluded that “there were multiple, systematic efforts to interfere in our elections. And that allegation deserves the attention of every American.” A government “of the people, by the people, and for the people” is possible only if the will of the people is known. We must be able to trust the results of our elections. Without that trust, governments appear illegitimate.
The next presidential election is less than a year away, but our nation’s elections infrastructure has far less time to prepare to preserve the basic principles of democracy.
Maintaining trust in elections was a challenge before the arrival of the internet. Now it has become much more difficult. We face two related core challenges, one technological and the other propaganda.
First, America’s election systems are rife with out-of-date devices and software. This is not something that can be fixed by replacing a few individual components. We need a holistic approach to election security, including hardware, software, networks, and processes.
Second, disinformation threatens the integrity of democracy. The use of social media to amplify distorted or invented messages is well-documented. Our adversaries consider exploiting powerful, viral distribution mechanisms as key elements of their national strategies. At present, we’re countering these attacks reactively — typically after the damage has been done. While technical research on countering disinformation and efforts to identify, understand, and undercut influence campaigns are increasing, our current capabilities fall short.
However, sophisticated attacks combine both technology and disinformation tactics to inflict the most harm. In 2014, hackers associated with Russia infiltrated Ukraine’s central election commission. They deleted key files and implanted a virus to change the results of the election, so a fringe nationalist party would win. Just in time, government experts detected the vote-altering malware — less than an hour before results were to be announced. But that didn’t put an end to the matter: the Russian state media still reported that ultra-nationalists won the Ukrainian election, even though they actually received under one percent of the vote.
Was this a cyber threat? Was this an information threat? It was both.
As a nation, we need to defend against the entirety of threats. We’re accustomed to conducting defense of the nation at the national level, but elections are a fundamentally different beast. Let’s frame this issue clearly:
When it comes to elections, states and localities are the front line — not the federal government.
We must focus the upswell of stakeholder initiatives and national efforts alike on empowering and equipping these local defenders who are at the pointy end of the spear. As citizens, we must all encourage our nation’s elected officials to take the lead and make election security their top priority. We are in a state of emergency. Consideration is not enough. It is time for action.
We also need to add intensity where states’ defensive capabilities are least mature: disinformation and influence. Information and influence campaigns occur all the time — not just in the days preceding an election. With states on the front line, states must be given the capability to act.
Last, it is time for social media platforms to step up.
Last summer, several of the largest companies changed their terms of service to prevent government monitoring and analysis. If the companies with the most relevant data limit the government from executing the national security mission with that data, the primary duty to uphold the public good falls entirely on those very companies, without the benefit of other government resources.
Publicly proclaiming the good-faith removal of a handful of accounts from one social media provider doesn’t come close to the cross-platform, near-real-time risk management that’s required. We are heartened by the ongoing efforts to establish an Internet Observatory at Stanford to support collaboration among the providers, but more must be done.
The integrity of U.S. elections is fundamental to our identity as a nation — and fundamental to our position in the world.
Time is running out.
Only a few months are left to protect a cornerstone of more than two centuries of democracy. Stakeholders from the private sector, academia, government and the NGO community are pulling together to accomplish what’s possible, but these efforts are resource-starved and receive too little support, especially at the highest levels.
We must collectively do all that we can to secure the country’s diverse and underfunded elections infrastructure before 2020.
Philip Reitinger is president and CEO of the Global Cyber Alliance, and formerly served as deputy undersecretary for the national protection and programs directorate and the director of the National Cyber Security Center in the U.S. Department of Homeland Security.
Emily Frye is director for cyber integration at MITRE.