Following the 2016 elections, investigators found evidence that Russian hackers successfully infiltrated the computerized voting systems of several states. Hackers also stole data from campaigns and weaponized social media polarizing the electorate against and for certain candidates. All of this undermines the trust we all place in the United States’ election system. There is nothing more powerful in a democratic country than a legitimate election. Unchecked, these actions and future similar future actions against our elections are a significant danger to our democracy. It’s clear we’ll be facing similar threats in the 2020 election cycle.
Elections have become a new target in asymmetrical cyber warfare, allowing smaller groups to launch targeted attacks that have an outsized impact. To ensure our democracy is resilient in the face of these bad actors and nation-states, Congress must take action to adequately fund our election system’s cyber defenses and implement programs that bring about greater digital resilience in our government systems and in candidate’s campaigns. More importantly, something so fundamental to the country – trust in our elections – must be pursued with vigor on a bipartisan basis and in a manner that makes our systems more resilient.
The data bears out the risk to our election systems. Researchers from the University of Maryland and the International City/County Management Association conducted the first-ever nationwide survey of local government cybersecurity and found that most of the successful attacks on local governments could have been prevented. Almost 44 percent of all respondents experience some form of an attack at least daily. Most troubling was that among local government leaders, officials were unaware of the need for cybersecurity. Another study conducted by CyberScoop and FedScoop found that the majority of federal IT executives believe the threat landscape is evolving quicker than their agencies can respond.
Our federal elections are handled at a local level. This is both good and bad. It is good in that it means a successful attack would have to cover many domains: our voting infrastructure has natural segmentation built in. The bad is states and local governments must have the funds, tools, and most importantly qualified people in cyber to ensure a fair and accurate tally of votes. Additionally, campaigns-with their plethora of volunteers and sprawling networks- are unfortunately, a very soft target for cyber criminals.
To help safeguard our elections, governments and campaigns must adopt a policy of digital resilience to maintain operations through a cyber breach that will minimize or eliminate any harm, maintain reputational standing, and ultimate erosion of trust. By building digitally resilient campaigns and voting systems we will have digitally resilient elections. This starts by helping government and campaigns understand their entire, as-built networks, including data paths and vulnerabilities within the network, so they can prioritize their cyber resilience efforts for the biggest impact. Congress must assist and demand results.
Partisanship is political. Cyber is not. The House passed the “For the People” bill that focused on election and ethics reform earlier this year aimed at rebuilding trust in the electoral system. In the Senate this bill has hit a wall. They need to understand that the cyber sword cuts both ways – to the Republican favor or to the Democrat favor just depending on who wields it. I believe both parties have a vested interest in solving this problem and getting it right. Congress must act swiftly to fund programs that help build resilience in our electoral system. They should consider how campaigns manage their security as well as redundancies in tallying the votes at the state and local level. The future of our democracy depends our trust in the election system and that depends on it being digitally and cyber resilient.
Ray Rothrock is the chairman and CEO of RedSeal and author of” Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”