Cross-posted at Election Security Daily.
Election security hung over Robert Mueller’s testimony yesterday like an evil fog. The message is a chilling one. Hacking elections works, more countries and nefarious groups are taking their cue from Russia’s success and our government is dragging its feet in confronting the problem.
This raises something that people should consider carefully: Perhaps this is too important an issue to leave to the government.
Election hacking is a broad category. One approach is technical. It includes such steps as altering voter databases and changing tallies. The other is social media manipulation. There are myriad variations of each, and both are potent and dangerous. They can be used in concert with each other.
Russia of course is not the only savvy country around. The success with which they impacted the 2016 election certainly is food for thought for Iran, North Korea and other adversaries. There is no reason to believe that this fight is against a single foe.
Here is how Mueller put it, as per CNN:
“Oh, it wasn’t a single attempt,” Mueller said when asked whether Russia would attempt to interfere in more US elections. “They’re doing it as we sit here, and they expect to do it during the next campaign.”
Mueller said “many” more countries are developing the capabilities “to replicate what the Russians have done.”
No Help from DC
The many security breaches in industry reinforce another important lesson: The malicious actors are smart and motivated. Even multinationals with huge budgets and teams of “white hat” hackers with access to any and all tools aimed at keeping the wolves at bay (or in front of the firewall). And, of course, they periodically fail to do so. Ransomware and other scary attacks on business and critical infrastructure often succeed.
All of this can be juxtaposed against an administration is not serious about perusing election security. While it is true that National Security Infrastructure chief Dan Coats has made some significant moves, the president is famously reluctant take the topic seriously. The fact that Coats is on thin ice may or may not have had something to do with his moves to beef up election security.
The Republicans in Congress also seem to be uninterested in securing our voting systems. The optics of Sen. Cindy Hyde-Smith (R-MS) blocking three security-related bills on the same day that Mueller testified was something out of a black comedy.
It’s a mess. Beyond the attitude of some of our elected officials, the reality may be that technology simply has bypassed the traditional legislative and societal tools for addressing technically based issues. The ability to reach people through social media and insanely sophisticated and powerful tools such as machine learning and artificial intelligence may make it harder to protect election systems than attack them.
Perhaps the answer is not centrally organized and not led by government. It may be that the hacking community needs to use the same tools as the bad actors to protect us. While it’s of course impossible to say what this would look like, the idea seems solid. Online security still has a bit of a wild west character. The pace of change is fast, agile and fluid. It far outstrips government’s ability to react to it. This is especially true if the government is not particularly interested in doing so.
The government, at the federal and state levels, always will play a key role in election security. It may be time, however, for citizen cyber soldiers to step up.