Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

03:35 PM
Connect Directly

US Counterintelligence Director & Fmr. Europol Leader Talk Election Security

The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.

Nations worldwide have faced the challenge of maintaining trustworthy elections in the face of evolving cyberthreats. As the United States rapidly approaches its 2020 presidential election, officials are concerned about how to best protect the democratic process from cyberthreats.

William Evanina, director of the National Counterintelligence and Security Center (NCSC) for the US Office of the Director of National Intelligence, joined former Europol Cyber Chief Sir Robert Wainwright and CrowdStrike chief security officer Sean Henry for a discussion at this week's Fal.Con 2020 conference. The three talked about top threats to election security around the world and how public and private sectors should collaborate.

Related Content:

Security Firms & Financial Group Team Up to Take Down Trickbot

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: What's Really Happening in Infosec Hiring Now?

"A big part of global election misinformation is hack and leak operations, as well as disruption of the electoral system, which puts into question the trustworthiness of the election infrastructure," said Henry, who previously served as the executive assistant director for the FBI's Criminal, Cyber, Response and Services Branch. "Will my vote count? Will your vote count? Can we be sure the election is secure and valid?"

For Evanina, the threat of disinformation and influence operations is top of mind. While this is "nothing new" for Russian threat actors, he said, it has grown into a massive problem for the US. Over the past year, adversaries have taken US modern events — protests, rioting, and COVID-19, among others — and accentuated and amplified them on social media, he explained.

"I would proffer the public and the democratic nations around the world really don't understand what disinformation and influence looks like and feels like when you see it," Evanina said. "I think social media, and the ability to promulgate information expediently on the Web, is going to be a big vulnerability for democracies going forward."

While disinformation campaigns and the spreading of false narratives are a global problem, "there's a side to this that's even more dangerous and insidious," Wainwright added. European officials who have explored attacks on election infrastructure and illicit funding operations as part of the election cycle have found attack operations have grown more advanced over time.

Between 2016 and 2020, "the complexity of threats as definitely moved on, and we definitely need to up our game as a result," he said.

A key component of this is intelligence sharing among nations, a practice that has intensified in recent years as counterterrorism efforts increased, Wainwright continued. While he was concerned these efforts would push election interference to the side, he reported over the past two years he has seen a greater intensive effort around protecting elections from attackers.

Prioritizing Public-Private Partnerships
This intelligence sharing exists both within Europe and within the US, as well as in transatlantic cooperation between agencies in Europe and in the US. But cooperation among governments is not enough: Experts agreed the private sector plays a critical role in defense and many companies — especially technology firms and social media giants — have a responsibility to help.

Social media companies have done a good job in the past five years of using their technological capabilities to remove terrorism content over the past five years, Wainwright said. "Some of these companies are working at a much more intensive rate than they were in 2016, because the challenge and the threat has moved on," he added. There's a big role they can play to aid in election security.

"The public-private partnership has never been more important than it is right now," said Evanina. It's a complicated situation he said, but he believes the government has to catch up with technology. Many employees in the private sector face trained, advanced attackers daily, Henry noted, and they could prove invaluable in helping government efforts.

This election cycle, the US government has partnered with Facebook, YouTube, Twitter, and other social media companies, which has exacerbated organizations' concern and desire to be a solution in protecting democracy, Evanina said. The problem is, these partnerships must work both ways. Companies must also be protected in the event they fall victim to a cyberattack.

"We have to acknowledge what's happening right now around the globe, where nation-state actors are using intelligence services to attack private sector companies," he said, pointing to the Equifax breach as an example. "We have to be willing and able to partner."

He called for the public and private sectors to "find a happy medium" where they can provide due diligence with information sharing, as well as privacy protection and protection from regulatory sanctions, after a company is victimized. "Being a victim cannot be something that's going to carry penalties," Evanina said.

This isn't about what role the government can play on one side and the private sector on the other, said Wainwright. A multiagency, multisector approach to election security is an "all-hands-on-deck" effort that involves two critical areas: ensuring high, common cybersecurity standards across election infrastructure, and understanding where threats come from. Here, he believes, we could potentially see great collaboration between the public and private sectors.

Ultimately, the experts agree that more needs to be done, especially with respect to informing the public of threats.

"I think we have not succeeded across our democratic countries in explaining to our populace how important and how fragile our democracy is," said Evanina. "And part of that fragility, the core fundamental basis of that fragility, is free and open elections."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Apprentice
10/17/2020 | 9:53:36 PM
Oligarchy/darknet future or deep state/shallow state coup d'etat
The events described in this article focus on spies who are cloak & dagger but hemmed in on all sides by the inertia of cold war hegemony from bad state actors. That is the public sector. When the oligarchs on both side of this conflict clash this is the uncommon realm of private sector.

Of course, I am raising the bar too high for myself, but mark my words, Treadstone will have the last and final word. You can't keep a good positivist down.
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-23
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
PUBLISHED: 2021-06-23
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.