Cybersecurity will play a major role in controlling election disinformation, this expert told Pitt Cyber

What role can tech play in mitigating the threat of election disinformation?

The Pitt Disinformation Lab at the University of Pittsburgh’s Institute for Cyber Law, Policy and Security hosted an online event today with Pitt’s Institute of Politics to find the answer. The event was part of an ongoing series from the lab with speakers focused on election security and democracy preservation through the use of cybersecurity, data science and other tech.

Joining Pitt Cyber Founding Director David Hickton was Microsoft Director of Information Integrity Matt Masterson, who also served as a senior cybersecurity advisor in the Department of Homeland Security and as a commissioner in the US Election Assistance Commission. The discussion focused on the rise of disinformation in American elections through tech, and on Masterson’s recent publication “Zero Trust: How to Secure American Elections When the Losers Won’t Accept They Lost,” which explores solutions to election security in the midst of public distrust. Previous speakers in the event series included Michigan Secretary of State Jocelyn Benson and Georgia Secretary of State Brad Raffensperger.

Masterson has a long career in elections security, but he first realized the increasing role of technology while serving in the Ohio Secretary of State’s office. While there, he said, he was “really understanding and working to understand how elections are run, how technology plays [a role] at the forefront of of running elections and what steps we can take to improve access, integrity and accuracy of our elections.”

With experience dating back to the tumultuous 2000 presidential election, Masterson said, “the level of attention, the level of scrutiny, the level of  disinformation around elections in our systems — it is mind blowing, considering how little attention was paid to this, even coming out of [that election].”

“Zero Trust,” which he published with students in 2021 while he was a nonresident fellow at the Stanford University Internet Observatory, specifically outlines three main threats to election security that Masterson has experienced in his career, and provides 11 recommendations for solutions to them. That encompasses known problems like the increase in physical threats to election officials and “broad distrust fomented by bad-faith actors” as well as a widespread understanding both domestically and abroad of how to undermine confidence in election results.

Matt Masterson during Pitt Cyber’s election discussion. (Image via Twitter)

But the report also highlighted a need for increased funding and governance structures around elections IT infrastructure. Specifically, the report named ransomware as an emerging threat and underscored that under-funded local governments running election systems don’t have the defenses they need to prevent attacks from cyber criminals.

“So, we explored a variety of policies and technical recommendations to help offer voters the level of transparency and evidence they need to be able to overcome an environment in which there’s an active campaign to undermine trust in elections,” Masterson said of the report. Those recommendations include increased funding, government preparation for disinformation response, increased public education, the use of paper-based systems for audits, establishment of minimum cybersecurity baselines for election offices and vendors, and a centralized election IT system.

Already, Congress has implemented new measures that align with some of those recommendations, including the Strengthening American Cybersecurity Act of 2022, which was passed at the start of this month. A number of other recommendations have been looked at, too, Masterson said, including the expansion of the Cybersecurity and Infrastructure Security Agency’s Crossfeed program.

The biggest remaining threat, though?

“The funding of our elections,” Masterson said, despite the progress of some other recommendations in the report. “We continue to not provide [election officials] with the level of both resourcing from a money standpoint but also from a personnel standpoint [in terms of] the level of IT expertise that they need to continue to improve the security of elections.”

As long as that’s true, there will be continued threats to the security and integrity of American elections, he said. But that doesn’t mean there isn’t more to be done in the meantime.

“There are ways to manage this risk that are really important,” Masterson said. “And it’s no longer just about the cybersecurity of the process. It’s also about being able to talk to voters about those steps and how it improves the security.”

For more information on Masterson’s discussion and the relevant work at Pitt Cyber, check out the institute’s website, and stay tuned for more upcoming events.