An Op-Ed From the Future on Election Security

[InfoSec News <alerts () infosecnews org>]

https://www.lawfareblog.com/op-ed-future-election-security

By Alex Stamos
Lawfare.com
September 4, 2019

There have been many pieces, in Lawfare and elsewhere, about the weaknesses in 
America’s political and election systems. In my career as a security executive, 
I sometimes found it difficult to communicate risk to non-expert audiences when 
focusing on a specific vulnerability. It is often more effective to paint a 
dire but realistic scenario relying on the proven capabilities of real 
adversaries combined with a variety of known, systemic issues.

Below is a potential Lawfare piece from New Year’s Day 2021, following a 
not-quite-worst-case scenario of election interference using real 
vulnerabilities in U.S. electoral systems, as well as social media, traditional 
media and the political sphere. For a more thorough discussion of weaknesses 
and recommended mitigations, please see the election security report from my 
colleagues and me at Stanford’s Cyber Policy Center.

***

Jan. 1, 2021

New Year’s Day is traditionally spent recovering from the previous night’s 
revelry. This year, the United States awakens to the greatest New Year’s 
hangover in the country’s almost 245-year history: a crisis of constitutional 
legitimacy as all three branches of government continue to battle over who will 
take the presidential oath of office later this month. This coming Wednesday, 
Jan. 6, a joint session of Congress will meet for what is a traditionally 
perfunctory counting of the Electoral College votes. With lawsuits still 
pending in seven states, both major-party candidates claiming victory via 
massive advertising campaigns and the president hinting that he might not 
accept the outcome of the vote, it’s time to reflect on how everything went so 
very wrong.

The first signs of external interference were seen in the spring of 2020. As 
the Democratic primary field narrowed, a group of social media accounts that 
had voiced strong support for particular candidates early on pivoted from 
supporting their first-choice candidates to alleging that the Democratic 
National Committee (DNC) had unfairly rigged the primary. The uniform nature of 
these complaints raised eyebrows, and an investigation by Twitter, Google and 
Facebook traced the accounts back to American employees of a subsidiary of the 
Sputnik News Agency—an English-language media entity owned by the Russian 
state. Yet as these groups were careful not to run political ads and to use 
U.S. citizens to post the content, there was no criminal predicate for deeper 
law enforcement investigations.

The activity around the election intensified in the summer, when medical 
records for the son of the presumptive Democratic nominee were stolen from an 
addiction treatment center and seeded to the partisan online media. But that 
wasn’t all: Less than 24 hours later, embarrassing photos from the phone of the 
incumbent president’s single, Manhattanite daughter were released on the dark 
web. While the FBI has remained silent on the matter, citing an ongoing 
investigation, the New York Times recently quoted anonymous NSA officials 
attributing the first leak to Russia’s SVR intelligence service and the latter 
to the Chinese Ministry of State Security. As to why Russia and China appear to 
be backing opposing candidates, America’s adversaries do not necessarily share 
the same geopolitical goals, and it is clear that the Chinese are no longer 
willing to sit on the sidelines of U.S. politics while the Russians interfere.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_