Election Security: We Dodged a Bullet, but Don’t Get Complacent

The RSA Conference 2021 Virtual Experience is happening May 17-20 and Symantec, as a division of Broadcom, will be providing a summary of some of the leading stories from the conference to help you stay informed.

In 2020, the worst-case scenarios involving outside interference in the U.S. presidential elections failed to materialize. But state and federal authorities say it wasn’t for wont of trying.

Two reasons:

This time around the U.S. was prepared, thanks to unprecedented cooperation between government and the private sector. Secondly, adversaries chose to focus on spreading misinformation and disinformation. But in a post-mortem offered at the RSA Conference 2021, election and security officials said this remains an ongoing struggle in the shadows against hostile nation-states who are smart about picking their battles.

“We didn't see our adversaries go after the ballot box, but we saw them try to influence our minds…aimed towards de-stabilizing society,” said Cynthia Kaiser, a section chief with the FBI.

Kaiser said that Russia and Iran, which she identified as the main threat actors in the last election cycle, concentrated on creating content or amplifying messages found on social media. Post-election, she said the agency had found evidence they were trying to intimidate election officials and exacerbate tensions after Joe Biden’s election victory.

“We're not done. We have to continue what we're doing and get better at what we're doing,” Kaiser said, adding that she remained concerned about future elections “where adversaries believe they can conduct activities with impunity because there are no consequences or risks attached to their behavior.

“I think it's essentially about getting some of these adversaries to change their cost-benefit analysis, whether they should be doing these activities in the first place and get them to the point where they’re saying, ‘It's just not worth it.’ That’s a long game.”

Better Security Coordination

As Lester Godsey, the Chief Information Security Officer of Arizona’s Maricopa County, prepared for last fall’s elections, he recalled the frustration he felt in years past trying to get better intelligence support from government agencies.

“It used to feel like information sharing was more or less one way,” he said. By contrast, Godsey said he saw “a night and day difference in terms of intelligence sharing” in 2020.

For example, on Election Day Maricopa County was tracking suspicious activity on social media channels, as well as any evidence of Advanced Persistent Threats, and passed the information to federal authorities. For its part, the FBI was in close contact, reporting on what it had seen in Maricopa County and other regions of the U.S.

“It was excellent,” Godsey said. “And honestly, in terms of communication, that's been the most collaborative effort I've ever been involved in.”

Geoff Hale, the senior cyber security advisor at the Cyber Security and Infrastructure Security Agency (CISA), an arm of the U.S. Department of Homeland Security, agreed that improved preparation made a big difference. He said the 2020 election offered a “model” in terms of the security safeguards and capabilities put in place beforehand. At the same time, he said the nation needs to recognize that there’s a “new normal” in terms of threats and risks to election infrastructure.

“We saw the playbook in 2016,” Hale said, adding that threat actors working on behalf of national adversaries are not calling it quits. “[They] evolved in 2020. We're going to have to be ready in elections to come.”

The challenge is to avoid turning this into a game of whack-a-mole, he said, where the system is scrambling to react to disinformation.

“We have in the US government, some of the most robust capabilities to degrade disinformation actors coming in from foreign sources,” he said. “The ability to target those threat actor interventions is a great tool in the tool set. But it can't be the only thing we have.”

Hale and others on the panel underscored the urgency to address the supply of disinformation in different ways. But they also recognized that they’re hard-pressed to stay ahead of an impossibly large amount of bad information churned out around election time.

“Americans are often searching for information,” he said. “But how do you prevent the information environment from being overly distorted? We're not trying to stop anyone from being wrong on the internet. We're just trying to make sure that their information environment is not so broken.”

I think it's a great challenge,” Hale continued. “There’s always going to be a segment of the population that is going to reject the message from the messenger ­– particularly when the messenger is the federal government. But the best that we can do in many instances is try to make sure that the information environment is not in great disorder so that those populations that are undecided about whether this artifact of disinformation is true or not and that they have the opportunity to find better sources.”