Highly organized disinformation campaigns and a vulnerable voting infrastructure are propelling the United States toward what may be the most problem-plagued election cycle in the nation’s history.
That’s the inescapable conclusion based on views from a number of security experts and industry leaders who appeared at the RSA Conference on cybersecurity in San Francisco this past week.
A hint of what is coming can be found in events of the past several days. U.S. officials told the news agency AFP that Russian-linked accounts on Facebook Inc., Twitter Inc. and Instagram were claiming that the U.S. was responsible for the global coronavirus outbreak. Russia has denied involvement.
“I feel the Russian voice in that,” said Admiral James Stavridis, who previously led the NATO Alliance in global operations and is now a member of the Carlyle Group’s executive team. “Russia is going to interfere in our election in 2020.”
Disconnect between tech and government
A concern among security experts is that though there’s a growing consensus that nation-states such as Russia will attempt to interfere in the U.S. electoral process this year, the channels of communication between government and the tech industry are not always open.
At an RSA panel session this week, representatives from several social media giants discussed the threat landscape for voter manipulation. When asked whether the U.S. government had contacted their companies to share intelligence on the coronavirus disinformation allegedly being spread by Russia on their platforms, representatives indicated that neither Facebook nor Twitter had been provided any details as of Thursday afternoon.
“We have asked for any evidence they have in support of this,” said Nathaniel Gleicher, head of cybersecurity policy at Facebook. “We haven’t received anything yet.”
When it comes to manipulation of public opinion, Facebook continues to be the platform of choice based on a report issued last fall by the University of Oxford. Researchers found evidence of organized social media manipulation campaigns by at least 70 countries, more than doubling the amount found in a similar study two years ago.
“Social media hacks our attention by manufacturing outrage,” said Bruce Schneier, a lecturer on public policy at the Harvard Kennedy School of Government. “We need to better integrate tech and policy.”
Vulnerable voting machines
Amid concerns around the weaponization of social media, Congress has held hearings on the matter, yet no legislation has been passed. However, government officials have been focused on threats which could disrupt the voting infrastructure itself.
The Cybersecurity and Infrastructure Security Agency or CISA was created after 2016 to prevent a repeat of hacks by Russia which breached two county voting systems in Florida. The focus this time is to ensure there are paper backups for every voting machine used across the country in case of similar attacks.
“2016 was a wakeup call across the federal government,” said CISA Director Chis Krebs. “Everybody is on this issue as hard as any issue I’ve seen.”
The problem remains that voting machines remain no better protected now than they were in 2016, based on tests conducted by security professionals as recently as last summer. At the Las Vegas DEF CON white-hat hacker gathering in August, researchers found new and old ways to compromise every single machine available.
A year before, one 11-year-old boy was able to change election results in under 10 minutes.
“All voting machines today and all voting machines in the future will be hacked,” said Harri Hursti, founding partner of Nordic Innovation Labs and one of the world’s foremost experts on electronic voting security. “There are a lot of places where there has been no progress whatsoever in over a decade.”
Concern over phone app
Infrastructure vulnerabilities are not merely confined to existing voting machines. While a report released earlier this month by SecurityScorecard found that candidates for the Democratic presidential nomination had dramatically improved the security posture of their publicly available internet platforms, proposed new voting tools were fraught with peril.
“A voting app via phone is frightening,” said Paul Gagliardi, head of threat intelligence and CISO of SecurityScorecard, who has been assessing malware threats in mobile platforms. In an exclusive interview with SiliconANGLE, Gagliardi indicated that his firm would revisit campaign security again just prior to the November election.
RSA’s annual U.S. gathering provides an opportunity for the security community to assess the current landscape and for attendees to digest what the future may bring before the conference convenes again one year later. Elections across the country will be held by then and the security community will be called upon to determine if democracy remained properly protected or simply became roadkill on the hacking highway.
“Democracy is based on information, choice and agency and all three are under attack,” said Harvard’s Schneier. “The world’s problems will be easier to solve if everyone just understood a little more security.”
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.