It’s troubling to think that another nation might change the outcome of a presidential election. What’s more troubling is to think it may have already happened. What’s certain is that there was a massive, unprecedented attempt to sway the 2016 election in favor of Donald Trump. As outlined in Robert Mueller’s indictment of Russia’s Internet Research Agency (IRA), Russian actors faked or coopted American identities to spread native content that was critical of Hillary Clinton and Democratic policy positions.
These efforts were highly targeted, using data and exploiting internet algorithms to reach the most susceptible US voters. The campaign lasted years with IRA operatives sinking tens of millions of dollars into network building and content creation. The results were seen by over one hundred million Americans. And it’s plausible that they successfully tipped the scales in favor of Donald Trump.
Experts believe it extremely unlikely that these attacks will remain in the past. Former special counsel Robert Mueller, whose two-year investigation culminated in a 300-page special report on Russian interference, was clear in his remarks to the House Judiciary Committee in 2019. When asked if Russia would redouble their interference attempts in 2020, he replied that “they’re doing it as we sit here.”
2020 Interference Campaigns: Are They Already Running?
Mueller’s warning has already proven prescient in the midst of a contentious Democratic primary. Even as foreign messaging continued to support incumbent Donald Trump, intelligence suggested that a concurrent campaign sought to aid candidate Bernie Sanders in his quest for the Democratic nomination. Although seemingly contradictory, the focus on these two candidates is not new. Internal IRA documents dating back to the 2016 election instructed Russian agents to “Use any opportunity to criticize Hillary and the rest except for Sanders and Trump — we support them.”
Despite these similarities, Russia’s methods appear to be evolving: to evade content controls on social media, the IRA has transitioned to US-based servers and has begun to mimic existing US political groups. The goal is presumably to have Americans spread this misleading content themselves, believing it to be genuine, rather than mimicking Americans like in 2016. Threats may also be coming from more countries than just Russia: some experts believe that Chinese and Iranian groups may also be emboldened to intervene in 2020, in which case the situation could quickly become even more complex.
In an election season plagued by misinformation and a burgeoning pandemic, simply knowing about these tactics won’t be enough—especially when the president continues to deny any their legitimacy. In today’s hyperpolarized political climate, many voters will echo these denials even as they themselves spread foreign-authored social media posts or illegitimate news sources. To combat these threats, the cybersecurity community must push for decisive action to protect against election interference of all types.
What Does Presidential Election Interference Look Like?
The IRA’s brand of election interference was insidious. It worked because it built and exploited the trust of voters directly, influencing their opinions on the candidates and, eventually, their votes. A key avenue to this was social media agitation, in which foreign actors posed as Americans to sow conflict on issues such as abortion and gun control, as well as to spread misinformation about the candidates. Russia also employed a series of cyberattacks to steal information about voters and to obtain sensitive information to leak. Infamously, Russian operatives managed to hack Hillary Clinton’s campaign manager, exposing a mass of her emails to the public. Such leaks can be embarrassing at best, or threaten national security at worst.
Troublesome though these attacks are, there has thankfully been no evidence thus far that any agency has tampered with actual voting tallies. However, a number of experts have raised concerns about potential vulnerabilities, especially as public confidence in voting systems declined after a disastrous Iowa caucus. Election sites, which provide voters with critical information about where and how to vote, are reportedly susceptible to cyberattacks, running on unsupported software that lack standard security measures.
A more direct line of attack could involve ransomware or other manipulation of voting registries, which were compromised in 2016. And most troublingly, some voting systems themselves are old and vulnerable to manipulation, especially those that do not produce a paper trail. The most troubling possibility is that votes might be changed after the fact with no way of tracing the original vote. While less plausible than some of the other lines of attack, even the possibility of vote tampering is a significant problem that erodes public confidence in voting.
With Covid-19 inciting a push for national vote-by-mail, it’s possible that these concerns will remain largely unfounded for this election, but the larger trend is clear: the American election system has many weaknesses that foreign actors could, and likely will, exploit.
Preserving the Integrity of Our Elections
Governmental Action
Despite the best efforts of the national intelligence community, efforts to suppress foreign interference remain strikingly partisan. President Trump continues to dispute reports that foreign entities seek to interfere on his behalf, calling a recent report a “hoax,” accusing the US media of the very sort of “misinformation campaign” that Russia perpetrated in 2016.
Fortunately, some segments of the government have expressed willingness to fight foreign interference. In particular:
- The FBI established a Foreign Interference Taskforce to investigate similar attempts to influence US discourse, including elections
- The Department of Homeland Security has taken steps to help states improve their own voting security measures
- Various intelligence agencies are working behind the scenes to monitor the situation and brief lawmakers on relevant findings
The Cybersecurity and Infrastructure Security Agency (CISA), founded in 2017, has also released a strategic plan entitled #Protect2020. Working in collaboration with technology vendors, election officials, and campaigns, CISA is offering materials and guidance to address possible election interruptions. However, most investigative work regarding foreign interference, including cyberattacks, remains in the hands of FBI and other intelligence agencies. At this stage, CISA’s role is largely informational, although a bipartisan group of senators seeks to expand CISA’s role to establish Cybersecurity State Coordinators.
Private Sector
If the governmental response seems disorganized, it becomes even more complicated when you consider that corporations are putting up their own attempts to prevent interference, although some have been criticized for not going far enough. After coming under scrutiny for its role in disseminating misinformation in 2016, Facebook has announced efforts to identify and remove inauthentic content from foreign actors. Zuckerberg has already confirmed that some pages and groups, originating from Russia and Iran, have been removed under this rule.
Still, Facebook has steadfastly refused to fact-check paid ads from political campaigns, although they have implemented features to better inform users about the source of posts. Twitter, another platform that hosted fake personae throughout the 2016 election, has gone further, vowing to mark potentially manipulated media.
Outside the realm of social media, some companies are attempting to address election security more directly. Companies like Cloudflare and Microsoft have offered cybersecurity services to campaigns themselves. Nonprofits, too, have stepped up to address campaign security, which is fraught with its own risks. By nature, campaigns must build quickly, and centralized oversight can be limited as resources become strained. This can lead to vulnerabilities as thousands of volunteers and staffers access sensitive information, sometimes without taking proper precautions.
On a larger scale, campaigns, like voter registries store valuable information about voters and election strategy that can easily be leveraged or mined by foreign operatives. Cybersecurity experts, whether from the private sector or a nonprofit, help campaigns establish safeguards against phishing, hacking, and other intrusions.
A final area of innovation has been in the development of secure, auditable voting machines. A number of companies and nonprofits have sprung up promising solutions to aging and vulnerable voting machines. Unfortunately, considerable doubt remains as to whether sufficient numbers can be tested and implemented prior to the 2020 election, especially given the historical lack of funding for election infrastructure.
Industry can do a lot to minimize the risk of foreign cyberattacks, but corporations cannot be successful without a unified government effort and education efforts from campaigns and the media. And at the end of the day, measures as simple as securing staffer accounts with two-factor authentication can be the difference in preventing a catastrophic hack.
A Call to the Cybersecurity Community
In her book Cyberwar, scholar Kathleen Jamieson places the responsibility on all Americans to combat disinformation and foreign influence: “the Russian cyberpiracy, espionage, and assaults of 2016 were not a one-off,” she writes, concluding that we need “election security experts, media systems, and the electorate” to work together in the fight against election interference. In his remarks to Congress, Mueller echoed these thoughts, urging the nation to “use the full resources that we have to address this.”
As cybersecurity experts backed by national security advisors, these urgent calls speak to us. Drawing on our team’s cross-disciplinary expertise, Option 3 Ventures LLC invests in the most innovative cybersecurity solutions which promise to protect critical infrastructure against bad actors. Those with inquiries should feel encouraged to contact us as we work together to fund the future of cybersecurity in the presidential election.