In “The Tipping Point: Cyber Risks to the Election System,” a panel held on the second day of the International Conference on Cyber Security, panelists sounded a cautiously optimistic note about the soundness of the United States election system.
While Anthony J. Ferrante, FCRH ‘01, GSAS ‘04, Global Head of Cybersecurity at FTI Consulting, said there’s “no doubt that our election systems are at risk,” most of the panelists, including Ferrante, expressed more concern with misinformation fostered on social media than the physical voting systems.
Anne Nueberger, Director of Cybersecurity at the National Security Agency, and lead investigator of election fraud, said that outside of a few incidents, the overall integrity of elections remains sound, but how outside adversaries work to influence elections in the social media space continues to concern her.
“Three things have happened in the social media ecology that have made it more effective. First the rise of cryptocurrency. You can purchase infrastructure pretty anonymously, ” she said.
“Second, encryption … And third, you can actually pretty easily buy influence packages. You can just Google it online.”
Ferrante noted that the very platforms being used to spread important information emanating from the conference, like Twitter and Facebook, are being weaponized. He said that when he worked for the White House in 2016, the administration studied the voting process, from voter registration at the DMV through election night, and finding no disruption, concluded that the system is very sound. That was not for lack of trying though. He cited an incident of election meddling in Illinois that revealed a widespread national effort on the part of Russian to interfere with the system.
“We realized that for adversaries to actually take steps to manipulate the vote and change the outcome of an election, it would be really hard to do without being noticed, without alerting authorities, and send out massive signals that everyone would know about,” he said.
Not surprisingly, Chris Wlaschin, vice president, Election and Systems & Software, concurred. He said that the fact that states control the election process for their respective districts creates a diverse ecosystem, from paper ballots to touch screens, that creates the system’s greatest strength. However, he did say that more could be done in terms of educating state election officials.
“Much more can be done in the election infrastructure, but it’s not just about buying new equipment,” he said. “It’s about invoking better awareness, hiring security companies like the ones who are here today [at the conference].”
Ferrante said that many state election officials don’t have the technical or financial resources to pay for such expertise, something Brad Tusk, CEO of Tusk Ventures, chalked up to politics. He said money is wasted on politicians’ pet projects rather than shoring up the system.
“Spending lots and lots of resources to protect a totally broken system is fine, but I don’t think we’re accomplishing as much as we think we are because in the first place we don’t have a functioning democracy, we don’t have a functioning Congress,” he said.
“Sure, it would be great to protect us from Russia, Iran and everyone else, but … I think we need the focus not just be on security but a lot more on access and a lot more on turnout.”