Election Security and the Intelligence Community Assessment

This article originally appeared on The Cyber Wire.

The US Intelligence Community last week released the unclassified version of its report on foreign interference in the 2020 Federal elections. The investigation found no evidence of foreign attempts to manipulate vote counts or other “technical aspects” of the election.

No cyber ballot-stuffing found, but plenty of Russian and Iranian attempts to influence voters.

Russia’s efforts were marked by extensive preparation and the use of trolls, agents of influence, and influencers of the useful-idiot variety, with messaging amplified by online proxies and Russian official media outlets. In general Russian policymakers, while not in every respect happy with President Trump, clearly preferred him to a President Biden, although they had made their peace with a possible Biden Presidency by the closing weeks of the campaign, seeing a silver lining in President Biden’s presumed interest in reviving arms control agreements perceived as working to Russia’s advantage. Their longstanding goal, which the report says endures into the present, is to weaken the United States, and whatever is likely to accomplish that, particularly erosion of trust in US civil and political institutions, is a good bet.

Iran wasn’t particularly in favor of President Biden, but the Islamic Republic was definitely opposed to President Trump. Their influence operation ran principally through social media and, interestingly enough, highly targeted email campaigns that spoofed the Proud Boys and threatened the recipients, for the most part likely Democratic voters, with crude appeals to vote for Trump, hoping thereby to provoke a backlash against the former President. Tehran’s efforts worked to exploit and exacerbate fissures in American civil society, and the report warns that these efforts have continued, post-election. Iran chose what the report calls “cyber tools and methods” because they were cheap, scalable, deniable, and required no physical access to the US.

China seems to have decided, after running its own cost-benefit calculation, that a concerted campaign to meddle in the US elections wouldn’t have been worth it. The risk of blowback seems to have struck Beijing as unacceptably high. They opted instead to continue traditional economic pressure and lobbying. The report found that other threat actors (Lebanese Hizballah, Cuba, Venezuela, and, oddly, some Turkish patriotic hacktivists) had a negligible effect on the electorate.

A view from the cybersecurity industry.

We were able to exchange questions and answers with Blake Moore, VP of Strategy and Operations at Wickr, who also shared some thoughts on how the US Government might better secure future elections.

How good was the Intelligence Community Assessment, and why did nation-states not directly hack the vote? 

We asked whether the ICA’s assessment was credible. We were also interested in speculation as to why nation-states seem to have passed on the opportunity to hack election systems and directly compromise the vote.

“The analytical rigor and prioritized intelligence collection that led to the ICA conclusion that no foreign actor attempted to alter any technical aspect of the election process should be believed,” Moore said. “I agree with this assessment. Foreign actors would have passed on the attempt based on the potential repercussions given the importance of the electoral process. Intrusion attempts into the technical infrastructure would have inevitably been discovered, which could have had significant negative consequences. Our voting infrastructure is largely secure, and there are other ways to manipulate the vote with an added benefit of plausible deniability. To advance the security of our electoral process and ensure citizens have trust and faith in our voting infrastructure, it is critical to deploy the most advanced secure communications methods, such as end-to-end encryption (E2EE), which is key to increasing the overall technical security of our future elections. 

Why did Russian and Iran run disinformation campaigns in 2020?

There seems to be some evidence that Russia and Iran did mount disinformation campaigns claiming that election systems had been hacked. We asked what the probable goal of such disinformation might be.

Moore sees the opposition in this case as playing a long game. “These campaigns aim to reduce public confidence in the voting process while also creating a precedent that the validity of future elections should be contested. Disinformation campaigns are a potent tool for reducing public trust in the voting process. Even though there was an increased focus on better securing national and state voting infrastructure, bad actors can use other means to lay the foundation for mistrust.”

The vote may not have been hacked this time, but what about future elections?

Looking at the election system as a whole, and recognizing that it’s highly decentralized and complicated, what are its principal cyber vulnerabilities? “Due to the U.S.’s decentralized voting system, the different security protocols and standards implemented by the states create national patchwork of different systems,” Moore said. “A prime example of this is election websites, which range from HTTPS encrypted .gov domains all the way insecure .net domains. We must streamline our security posture through encryption and strong federal cyber standards for securing election information.” 

Are election-sensitive data vulnerable to corruption?

How troubling, we asked, is the possibility of a foreign actor corrupting election-sensitive data? Moore thought, “It would be very troubling if a foreign actor was able to deny, degrade or otherwise corrupt election-sensitive information, as this could impact whether all votes could be counted. This is inherently different from data compromise or theft. The most important way to protect against this threat is to make election infrastructure resilient and ensure that it can withstand attempts to corrupt the data. Strong cyber standards and security posture is key for every single election agency in the country.” 

The report is about election interference by foreign actors. What about domestic ballot stuffing?

The report reasonably takes foreign operations as its topic. But, we asked, are there ways in which domestic political actors have sought, or might seek, to commit cyber-enabled election fraud? This is in some ways a more difficult problem to address, but it’s worth considering. Moore said, “It is unclear if there have been instances of domestic actors looking to commit malicious actions against electoral technical infrastructure, but the solution would be similar to dealing with foreign actors. It is critical that components involved with building and maintaining the infrastructure and/or operations of the electoral process utilize secure, E2EE [end-to-end encryption] collaboration tools to ensure that it is undecipherable for everyone but the intended recipients.”

So, should the traditional Chicago ward heelers try to reinvent themselves for the 21st Century, cryptography is the friend of honest politics and good government.