U.S. Technological Edge Key to Cyber and Election Security
2020 has demonstrated the increased role of technology in our daily lives. Nearly ninety percent of Americans called the internet “important” or “essential” during the coronavirus outbreak. Even before the pandemic, a greater share of small companies reported that “digital tools have helped foster innovations in their business.” As we approach the 2020 election, America’s tech sector can replicate its role supporting our economy by helping secure our electoral infrastructure, which DHS rightfully considers “a vital national interest.”
Despite the deep divisions of this current political climate, there is sincere consensus among supporters on both sides surrounding the issue of election security. Per a recent Economist/YouGov Poll, most voters agree that “both Russia and China are trying to influence the upcoming election.” Back in February, the same poll measured significant suspicion about our country’s capacity to keep elections safe; more than half of respondents said they “don’t have much confidence that the country can defend itself against foreign interference.”
The concern among the American people reflects intelligence reports that have surfaced recently. A late August CIA report, for instance, concludes that Vladimir Putin is “probably directing” a foreign influence operation to interfere in the election. And per the most detailed disclosure yet, the Office of the DNI recently summarized activity that Russia, China, and Iran were undertaking: ahead of the election, “foreign states will continue to use covert and overt influence measures in their attempts to sway U.S. voters’ preferences and perspectives, shift U.S. policies, increase discord…and undermine the American people’s confidence in our democratic process.” Indeed, soon after the report’s release, Microsoft announced that it "'detected and stopped' a series of cyberattacks emanating from hackers in Russia, China and Iran" – the foreign actors identified by intelligence officials – "that targeted 'people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns.'" Meanwhile, the 200-plus groups and individuals isolated by Microsoft fail to capture the full scope of those targeted as the company is largely limited to analyzing threats to customers.
Key players in the private sector are rapidly responding to the foregoing risks that our electoral processes face in the fall; Facebook, for instance, announced the removal of “fake pages created in China aimed at influencing [the] U.S. election,” and “will be rejecting political ads that claim victory before the results of the 2020 election have been declared." Further, the Cyber Threat Alliance of Cisco, Symantec, McAfee, and Palo Alto Networks, among others, has decided to cooperate in "early sharing," as cybersecurity officials look for ways "industry and government can cooperate to punish government-linked hacking groups in Russia, China, Iran and North Korea that are behind many of the most damaging campaigns.”
Given the virtual threats we face, it is vital that we fully empower DHS’ Cybersecurity and Infrastructure Security Agency to protect America’s election security. Relegating this responsibility to members of the National Guard may be a misguided move – particularly at a time of heightened public anxiety over whether the transition of power will be peaceful. Meanwhile, although the FBI has dispelled misplaced concerns about perceived voter fraud on Election Day, it recently detailed how foreign interests could spread disinformation thereafter. As officials typically require several days to weeks to certify results – a delay only compounded by COVID-19 – “foreign actors and cybercriminals could exploit the time required to certify and announce elections’ results by disseminating disinformation that includes reports of voter suppression, cyberattacks targeting election infrastructure, voter or ballot fraud, and other problems intended to convince the public of the elections’ illegitimacy.”
American tech companies of all sizes are doing their level best to protect our democratic process with the same degree of determination they’ve applied to help power our economy through an unprecedented pandemic. Amid those efforts, it behooves public officials to harness, rather than hinder, the technological edge that makes American innovation the envy of the world. The bipartisan Foreign Investment Risk Review Modernization Act of 2018 – which would protect our country's critical technology infrastructure from foreign bad actors – together with policies that increase national intelligence collection and authorize the U.S. Cyber Command to respond proportionally to adversaries amount to important first steps. But beyond any particular policy, it is imperative to implement a comprehensive cyber-security strategy that is guided by the Pentagon's call to nurture a secure, thriving digital economy and foster strong domestic innovation.
As President Trump and Vice President Biden continue to debate a range of issues, they cannot dispute the gravity of the virtual threats we face from foreign entities with diametrically different values. Accordingly, the next administration must not only recognize the importance of protecting America’s global tech edge, they must understand that America’s tech edge is what protects this nation on the cyber-battlefield.
Chris P. Carney represented Pennsylvania’s 10th Congressional District for two terms and previously worked at the Pentagon for four years on strategic analysis of the global terrorist threat.