20181105 perspectives midterm election hacking

Editor’s Note: Shawn Henry is chief security officer and president of services at CrowdStrike and former executive assistant director of the FBI. The opinions expressed in this commentary are his own.

Over the past two decades, cyber breaches have become a growing reality — and many Americans have become fearful that foreign adversaries will meddle in US elections.

As a former FBI official, people have asked me heading into the mid-terms: Could these elections be hacked?

In short, yes — but perhaps not from a technical “hack” perspective.

There’s definitely a risk that polling stations could be breached — indeed, having paper ballots is a best practice, as white-hat hackers (ethical hackers who aim to surface vulnerabilities so they can be fixed) demonstrated last summer when they infiltrated voting machines dozens of ways, primarily through exploiting known vulnerabilities. For example, hackers showed they could change the reported vote totals on a mock election website in less than 10 minutes. They’ve also illustrated how easy it is to tamper with voter registration databases, which could result in people being turned away when they show up to the polls. (I should note that the National Association for Secretaries of State issued a statement pointing out that these demonstrations were in a “pseudo” test environment.)

However, most experts agree that’s not the greatest threat that elections face. The more insidious and enduring threat is the manipulation of information, and the impact that cyber breaches of political entities can have on the public’s ability to understand and trust the integrity of the electoral process.

But this is not entirely new. During my time at the FBI, I witnessed breaches — widely believed to be from China — on both the Obama and McCain presidential campaigns in 2008. China has uniformly denied accusations.

Moreover, disinformation, propaganda and attempts to manipulate public perception have been documented throughout history. The earliest human campaigns leveraged paintings, cartoons, posters, pamphlets, films, radio and TV shows. Now, they use the full global reach and impact of modern digital communications. During World Wars I and II, nation states dropped “propaganda bombs” — leaflets that would spread over enemy territory — to manipulate public opinion. Today, those same goals are delivered on through the Internet.

What is new is the global weaponization of content in an attempt to achieve the broadest societal impact. Social media tools allow for nation-states, terrorist groups and organized crime groups to anonymously and quickly sow confusion, influence public perception and disrupt civil discourse.

During the 2016 presidential campaign, we saw a paradigm shift in how cyber breaches are leveraged to impact elections and throw confidence off balance. The rise of disinformation campaigns on platforms like Facebook and Twitter brings a new era of cyber conflict that dramatically changes the norms in cyber espionage and intelligence collection and operations. All it takes is to raise questions about the integrity of the elections and its results.

What’s more, raising questions about trust itself can erode public faith in institutions: Just last week, the Pew Research Center released a survey that found that only 8% of Americans are very confident in the security of election systems. Hacking and spreading disinformation or leaked information is a much easier way to seed doubt in the electorate’s mind than actually manipulating the voting results. The motive behind these disinformation campaigns is for foreign adversaries to demonstrate that the US democracy is brittle and can be easily undermined.

Often, the tactics employed for these attacks are not particularly sophisticated. Assaults on third parties like those deployed in 2016 by the Russian cyber espionage group Fancy Bear (i.e. spear phishing — the practice of sending fraudulent emails from a “trusted” sender to a targeted organization to gain access to sensitive information) are commonplace. Yet, organizations continue to suffer breaches.

There are three key areas we must address to bolster the country’s cyber defenses:

Raise awareness

Government agencies must address hack attempts via real-time reporting to the public. In addition, Congress should hold companies responsible when they contribute to this threat, whether wittingly or unwittingly.

Develop a deterrence strategy, and encourage cooperation

Unless we establish an enforceable accord with our allies to minimize the onslaught of targeted cyber intrusions, we can expect to see adversaries continue to jump into the fray. Without a deterrence strategy — that helps boost our defenses and raise public awareness, among other things — these cyber intrusions will remain unabated and continue to erode the democratic process in the US and globally.

Election targeting is now a global phenomenon engineered to destroy democracy. We need to promote broader cooperation among countries on investigation and prosecution of cyber criminals.

Boost detection and defensive technologies

We need to invest in defensive technologies that can rapidly detect breaches, especially those conducted by sophisticated adversaries, in order to help threatened organizations efficiently stop and remediate intrusions. The biggest threat is when organizations don’t know they’ve been breached, known as a “silent failure” of the perimeter, allowing the adversary unfettered access to the environment for a lengthy period of time.

The ability to quickly detect and respond before they can establish themselves is critically important for successful defense. Protecting the integrity of the democratic process is truly a global imperative, one directly tied to preserving our way of life, civil liberties and economic prosperity. Failure to secure these vital components of the republic will most certainly result in dramatic changes to free society.