Nations worldwide have faced the challenge of maintaining trustworthy elections in the face of evolving cyberthreats. As the United States rapidly approaches its 2020 presidential election, officials are concerned about how to best protect the democratic process from cyberthreats.
William Evanina, director of the National Counterintelligence and Security Center (NCSC) for the US Office of the Director of National Intelligence, joined former Europol Cyber Chief Sir Robert Wainwright and CrowdStrike chief security officer Sean Henry for a discussion at this week's Fal.Con 2020 conference. The three talked about top threats to election security around the world and how public and private sectors should collaborate.
"A big part of global election misinformation is hack and leak operations, as well as disruption of the electoral system, which puts into question the trustworthiness of the election infrastructure," said Henry, who previously served as the executive assistant director for the FBI's Criminal, Cyber, Response and Services Branch. "Will my vote count? Will your vote count? Can we be sure the election is secure and valid?"
For Evanina, the threat of disinformation and influence operations is top of mind. While this is "nothing new" for Russian threat actors, he said, it has grown into a massive problem for the US. Over the past year, adversaries have taken US modern events — protests, rioting, and COVID-19, among others — and accentuated and amplified them on social media, he explained.
"I would proffer the public and the democratic nations around the world really don't understand what disinformation and influence looks like and feels like when you see it," Evanina said. "I think social media, and the ability to promulgate information expediently on the Web, is going to be a big vulnerability for democracies going forward."
While disinformation campaigns and the spreading of false narratives are a global problem, "there's a side to this that's even more dangerous and insidious," Wainwright added. European officials who have explored attacks on election infrastructure and illicit funding operations as part of the election cycle have found attack operations have grown more advanced over time.
Between 2016 and 2020, "the complexity of threats as definitely moved on, and we definitely need to up our game as a result," he said.
A key component of this is intelligence sharing among nations, a practice that has intensified in recent years as counterterrorism efforts increased, Wainwright continued. While he was concerned these efforts would push election interference to the side, he reported over the past two years he has seen a greater intensive effort around protecting elections from attackers.
Prioritizing Public-Private Partnerships
This intelligence sharing exists both within Europe and within the US, as well as in transatlantic cooperation between agencies in Europe and in the US. But cooperation among governments is not enough: Experts agreed the private sector plays a critical role in defense and many companies — especially technology firms and social media giants — have a responsibility to help.
Social media companies have done a good job in the past five years of using their technological capabilities to remove terrorism content over the past five years, Wainwright said. "Some of these companies are working at a much more intensive rate than they were in 2016, because the challenge and the threat has moved on," he added. There's a big role they can play to aid in election security.
"The public-private partnership has never been more important than it is right now," said Evanina. It's a complicated situation he said, but he believes the government has to catch up with technology. Many employees in the private sector face trained, advanced attackers daily, Henry noted, and they could prove invaluable in helping government efforts.
This election cycle, the US government has partnered with Facebook, YouTube, Twitter, and other social media companies, which has exacerbated organizations' concern and desire to be a solution in protecting democracy, Evanina said. The problem is, these partnerships must work both ways. Companies must also be protected in the event they fall victim to a cyberattack.
"We have to acknowledge what's happening right now around the globe, where nation-state actors are using intelligence services to attack private sector companies," he said, pointing to the Equifax breach as an example. "We have to be willing and able to partner."
He called for the public and private sectors to "find a happy medium" where they can provide due diligence with information sharing, as well as privacy protection and protection from regulatory sanctions, after a company is victimized. "Being a victim cannot be something that's going to carry penalties," Evanina said.
This isn't about what role the government can play on one side and the private sector on the other, said Wainwright. A multiagency, multisector approach to election security is an "all-hands-on-deck" effort that involves two critical areas: ensuring high, common cybersecurity standards across election infrastructure, and understanding where threats come from. Here, he believes, we could potentially see great collaboration between the public and private sectors.
Ultimately, the experts agree that more needs to be done, especially with respect to informing the public of threats.
"I think we have not succeeded across our democratic countries in explaining to our populace how important and how fragile our democracy is," said Evanina. "And part of that fragility, the core fundamental basis of that fragility, is free and open elections."