"What if a foreign opponent hacks our Foreign Minister's website and changes the number of votes?" US National Security Advisor Robert O'Brien asked earlier this month. Sure, the United States has never been hit by such electoral disruption. But the art of protecting a country is the art of foreseeing what the enemy might do next. As both Russian Vladimir Putin and Chinese Xi Jinping have shown, American rivals are innovative. Elected Americans who are at risk in known and unknown ways must do their part to protect the country – by thinking like the enemy. That means volunteering to fight cyber intruders and prepare for an election day when power outages and GPS malfunctions can occur.
O & # 39; Brien is far from angry about the damage various opponents of US democracy can do if they meddle in these extremely difficult elections. Last month, FBI Director Christopher Wray told US lawmakers that Russia was generating a "steady drumbeat of misinformation" aimed at discrediting Democratic presidential candidate Joe Biden and the election itself, and in August William Evanina, the director of the National Counterintelligence and Security Center. warned that Russia, China and Iran all tried to meddle in the elections – China to denigrate Trump, Russia to denigrate Biden, and Iran to discredit the elections as a whole. Facebook has already removed some accounts that were used to spread fake Russian news.
But now the public is familiar and cautious about disinformation and encroachments on the electoral infrastructure. In a January NPR poll, 41 percent of Americans said the United States was unwilling to keep the November elections safe. But what if America's rivals don't focus on their old tools in these elections? Recorded Future, a cybersecurity firm funded by both Google Ventures and CIA investment arm In-Q-Tel, noted last month that there were no “observable government-sponsored hack-and-leak operations in Russia this year " has given.
However, in November 2019, Russian activists hacked Burisma, the Ukrainian company that the son of Democratic candidate Hunter Biden is affiliated with. Then, on Wednesday, the New York Post – a US tabloid – published a synopsis of Jäger's alleged contacts with Burisma, based on emails found on a Hunter laptop and for repair at a store, according to email in Delaware were apparently shared with Trump confidante Rudy Giuliani. The details, and indeed the veracity of the story, remain murky, and Twitter and Facebook have already limited their distribution on their platforms.
Constant fake news and hacking of election infrastructure can in fact just be the white noise that numbs people's attention. "Attack (the enemy) where unprepared appears where not expected," advised Sun Tzu in The Art of War. Although the Chinese War Manual in the 5th century BC It was published, generations of Western and Asian leaders have since devoured Sun Tzu & # 39; s wisdom. Putin appears to be a devoted student of Sun Tzu, or maybe he's just a shrewd strategist. When the West responded to Russia's annexation of Crimea and the hybrid war in eastern Ukraine by stepping up the Baltic states' defenses against similar attacks, Putin went to Syria instead.
That means US officials must think like Putin, Xi, or Kim Jong Un of North Korea. Or why not think like Venezuelan leader Nicolás Maduro, who undoubtedly wants to sabotage the elections of a country he claims has tried to sabotage his government? And they have to consider what would do the most damage on election day. There are a number of dire scenarios.
If much of the US has a power outage on election day, people will turn their full attention to figuring out what's wrong and how to get power back. The act of voting becomes an afterthought. Russian hackers have been investigating utilities' information technology systems, and according to cybersecurity firm Claroty, more than 70 percent of the control system vulnerabilities uncovered in the first half of 2020 can be remotely exploited.
Why not mess around with GPS systems across the country? During NATO's 2018 Trident Juncture exercise in Norway, Russian troops blocked GPS, affecting not only NATO troops but Norwegian aircraft as well. The pilots had to navigate manually. "Jamming is not very difficult," said Mark Dickinson, president of the Space Data Association, an international organization of satellite operators, after jamming Russia during Trident Juncture. "While spacecraft are usually well protected, blocking nearby commercial GPS signals can interfere with them."
Such interference could affect your smartphone. This year, many Americans will have to go to new polling stations, possibly quite a distance from their homes. Imagine the effect on the election if the GPS were disrupted and voters couldn't find their way to the polling station. GPS jammers are so cheap that Maduros Venezuela could afford them.
Or imagine what would happen if the internet were down for even an hour on Election Day. Blocked electronic voting machines are just the beginning. The lights would fail and banks, airports, utilities, and government agencies could not work. (This is almost exactly what happened to Ukraine during a Russian cyberattack in 2017.) Earlier this week, an apparently accidentally disconnected fiber optic cable prevented residents of Virginia from registering to vote.
Estonia, a determined high-tech nation that became the first country in the world to hold nationwide elections over the Internet in 2005, knows the damage hostile governments can do if they target the Internet. Two years later, the country was hit by a massive cyber attack that was later traced back to Russia and disrupted government agencies, banks and news agencies. In some cases this took several weeks. Today, the country not only has more secure IT systems, but also a cyber defense league in which IT experts volunteer for the security of the country.
The United States could learn from Estonia that it is possible to maintain a vibrant democracy even when opponents try to harm it, but that has many citizens to do their part. This part can also affect ordinary citizens who identify and report trolls, as do Lithuania's self-proclaimed "elves". Or ordinary citizens who find out in advance where to go to cast their vote in case GPS doesn't work that day.
National Guard forces, augmented by Estonian-style cyber defense units, would make the United States more resilient. It is too late to make this election, but if America is to protect itself from innovative adversaries, it will need more cyber defenders than those currently employed by the government. "The Internet is built in such a way that it is virtually impossible to control anything centrally," said Staffan Truve, co-founder and CTO of Recorded Future. "And because the Internet is so decentralized, the hunt down potential polluters is a bit of a slap in the mouth."
Right now, companies that could make a difference often choose not to. When Recorded Future recently identified the IT infrastructure used in disinformation campaigns, the IT vendor decided not to take down the perpetrators. "They prefer to protect the identity of the perpetrators rather than protect the public," Truve concluded. Microsoft has had more success. This week it announced that it had disrupted a massive hacking operation that could have indirectly affected the US election infrastructure. The software giant shut down the servers behind a huge malware network called Trickbot – but it was only able to do so after obtaining federal court permission to disable the IP addresses associated with the Trickbot servers.
But there is hope. "California is full of smart people," said Truve. “The tech sector could do a lot more to keep the elections safe. If Google wanted to live up to its old motto "Don't be angry" (since 2015: "Do the right thing"), it could devote significant resources to election security. Google has the most information and the greatest computing power. " The brightest tech heads in California and other countries could act in the spirit of the "Defensive Forward" strategy of the US cyber command, in which US cyber warriors wage a fight against potential attackers, often by signaling to them that if they attack, they will face personal consequences.
Losing the right to visit or own property in Western countries, or prosecution for venturing abroad, is a significant price to be paid to a professional hacker, and indeed government officials. I call this the “Horsehead in Bed” strategy after the scene in The Godfather, and since it can be done without offensive elements (which are the prerogative of a country's government) it seems like a perfect mission for cyber volunteer. Defender.
These smart people in California and beyond should, along with the rest of us, imagine how America's adversaries could do the most damage. If there is internet mayhem on election day, make sure you have cash and a radio at home. In the event of a traffic disruption because the traffic lights are not working, be careful with your fellow passengers or vote in good time. Plan for possible internet outages by bringing a book to the polling station. Casting your vote can involve considerable waiting times. If you are a cyber expert, putting election day aside to hunt down potential interferers in the name of democracy, rather than hunting in the usual places. What if a number of schools or nursing homes were destroyed by cyberattacks and dozens of people voted in the polls?
It is not certain whether Russia, China or any other country will attack American networks, GPS or Internet providers on election day. In fact, they are unlikely to do so. However, the security of the country means preparing together for even the most unlikely scenarios. Armed forces do not prepare for wars because such wars are just around the corner. You are not. By being prepared, the military is signaling to opponents that there is no point in attacking. Citizens should also signal this in their own areas of responsibility. At the moment, Americans seem to disagree on many issues, but the security of their choices should be among them.