U.S. officials face a major test on Tuesday, when voters cast ballots in the first national election since Russia’s interference in the 2016 race for the White House.
Authorities overseeing the elections have one goal: for Americans to feel that their votes are secure and free from foreign influence.
But officials acknowledge Election Day nevertheless will be subject to cyber threats.
Homeland Security Secretary Kirstjen Nielsen said that Tuesday “is going to be the most secure election we’ve ever had,” while adding that with “this dynamic threat, it changes by the minute.”
“The main important thing here is that the adversary wins if we don’t vote,” Nielsen said Friday at the Council on Foreign Relations, noting that she hopes “everyone is voting.”
Interference can come in the form of a digital attack against election systems as well as disinformation campaigns online. Officials warn that such attacks do not need to alter vote tallies to be successful — they just have to undermine a voter’s faith in the election process.
And just like in 2016, the day after Election Day cyber analysts are expected to start scrutinizing the security of the 2018 midterms in order to better prepare for the 2020 presidential election.
Still, in the days leading up to the midterm elections, questions over claims of a cyberattack were raised when Georgia Secretary of State and GOP gubernatorial nominee Brian Kemp announced the voter registration database may have been hacked, and that the state’s Democratic Party was under investigation for unspecified “cyber crimes.”
While a cyber intrusion is possible, experts have cast doubt on Kemp’s characterization by pointing to a dearth of evidence and details surrounding the alleged hack. Others said Kemp’s track record on cyber investigations doesn’t bode well for the legitimacy of this probe. During the Obama administration he accused the Department of Homeland Security (DHS) of trying to breach the firewall of a Georgia voter registration website, a claim later dismissed by DHS under the Trump administration as unfounded.
Josh Geltzer, senior director for counterterrorism at the National Security Council (NSC) under former President Obama who’s now executive director of Georgetown Law’s Institute for Constitutional Advocacy and Protection, said while it’s good for officials and voters to be aware of the cyber threats targeting election systems, he fears those concerns could be utilized to undermine election results.
Citing the Georgia governor’s race as an example, he said there could be “the opportunity to invoke those sorts of concerns for reasons of not respecting results that may, in fact, be valid if they're results that certain actors in the political system don't like.”
“It's important for the public, for the media, all of us to scrutinize what we hear from government officials if they claim that certain results shouldn’t be trusted,” Geltzer said. “Because that is not an accusation to be taken lightly or to be throwing around for political profit, and one hears the faintest whispers at least of the groundwork being laid for that.”
Whether fact or fiction, concern about cyber threats has grown out of the revelation that Russia attempted to hack the election systems of 21 states ahead of November 2016, and that it carried out a sophisticated disinformation campaign on social media aimed to sow division and anger among the electorate.
Vermont Secretary of State Jim Condos, president of the National Association of Secretaries of State (NASS), said states have generally improved their defenses against cyberattacks, but “that doesn’t mean we have to sit back on our laurels and say, ‘We’re not going to get hacked.’”
He said he hopes Congress will pass a bill on election security after the midterms since states have no consistent source of federal funding to strengthen their voting systems.
Lawmakers have failed to passelection security legislation during the 115th Congress. The bipartisan Secure Elections Act — viewed as the bill with the best chance of making it to the president’s desk — stalled in a Senate committee earlier this year.
“The bad actors, if they couldn't get in yesterday, they'll try a different way today. And if they can’t get in today, they'll try a different way tomorrow,” Condos said. “So we have to be ready and able to adjust and be flexible enough to put up the proper defenses in place.”
Despite these publicized efforts to protect every vote, fears of cyberattacks on U.S. elections persist. On the eve of the 2018 elections, The Boston Globereported that attacks on state voting systems by foreign actors have spiked in the weeks leading up to the midterms.
DHS spokesman Scott McConnell told The Hill that the increase is a result of local and state officials sharing more information about attempted cyberattacks. He said DHS has not attributed the attacks to any specific nation-state.
While the attempts to deter cyber threats to election infrastructure have largely been left to state and local officials, efforts to thwart the influence campaigns attributed to foreign countries have fallen to the private sector, particularly social media companies.
Experts say tech giants like Facebook and Twitter have stepped up in the battle against disinformation campaigns over the past two years. But as officials continue to peel back the layers of Moscow’s activities from 2016, there are signs that other countries have been taking a page or two from Russia’s playbook ahead of the midterms.
Security researchers from FireEye this year identified an Iranian influence campaign, which was spread across several social media platforms. The tech companies’ crackdown has continued into the days ahead of the midterms, with Facebook pulling accounts tied to the Iranian government late last month.
Twitter announced Friday that it deleted more than 10,000 accounts dissuading people from voting in Tuesday’s elections.
David Becker, a former Justice Department voting rights attorney, said his biggest concern heading into the midterms is attempts to suppress votes.
“Whether it is foreign adversaries, or even people here in the U.S., who try to make it sound as if voting is much more difficult than it is, give wrong information about date, times, locations, voting, amplify false messages about rampant voter fraud or rigging of elections, those all could have a devastating impact on voters,” Becker, head of Center for Election Innovation & Research, told The Hill in an interview. “And we already know the Russians were doing things along those lines.”
Experts pointed to the social media platforms as needing to do more to guard against the influence campaigns, which have shown to be persistent. The Department of Justice (DOJ) last month announced charges against a Russian national for her alleged participation in an influence campaign that aimed to sway U.S. opinion ahead of the midterms.
The complaint was unsealed as top intelligence officials warned about the threat of ongoing efforts to influence U.S. elections, including disinformation campaigns linked to Moscow and Tehran.
Geltzer, the former NSC official, said tech companies will have to step up their efforts to stop the spread of misinformation or divisive ads on their platforms. He said that while the giants have released information on some of the influence campaigns they’ve revealed, he noted that “it's hard to imagine” that is the full scope of what they’ve observed.
“To try to [prevent the campaigns] more quickly, to be willing to act even faster in the cycle before it can spread as far and wide as this sort of material seems to be spreading, that strikes me as a real priority for all of us,” he said.