Cybersecurity became part of the national election conversation in 2016, as Russia targeted government networks with cyberattacks and an influence campaign that sought to spread disinformation and sow discord in the democratic process.
Four years later, the specter of this threat appeared again in the 2020 race, as officials said on Oct. 22 that Russian attackers broke into government systems.
But on the morning after Election Day, there are currently no reported attacks by nation-states against the U.S. This week had one major disclosure: The U.S. undertook cyber operations against Iranians earlier in recent days, The Washington Post reported. And on Oct. 12, Microsoft said it stopped a botnet that could distribute ransomware. At this point, there’s been no indication that a successful attack took place.
Though it’s difficult to say for sure why there was less nefarious activity coming to the surface, it remains true that the idea that cyberattacks could influence elections was less of a surprise this time around.
“We’re more vigilant than we were four years ago,” said Richard Forno, assistant director of UMBC’s Center for Cybersecurity. “I think the military and intelligence community and homeland security took a more heightened role, getting the word out, monitoring things and in the case of the military, actively trying to disrupt possible online attacks.”
Preparation were also in place on the ground.
During the election season, Dr. Natalie Scala, an associate professor in the Towson University Department of Business Analytics and Technology Management, worked with Josh Dehlinger, an associate professor in the TU Department of Computer and Information Sciences, to train poll workers to spot threats to election security.
There are three classes of threat, Scala said: cyber, physical and insider. Cyber could be something like an electronically malfunctioning poll machine. Physical could be a polling device that is tampered with overnight. Insider is a matter of the workers’ actions, such as if a polling official accidentally marked someone’s vote during a practice run.
In the lead-up to the election this week, Scala said they’d never found or had to act against any of these scenarios, but the goal was to be prepared so that workers can be “hypersensitive” to something that is out of sorts, and any threat was addressed immediately, and not days or weeks later.
“The poll worker is that first line of defense,” Scala said this week. “So we felt there was this need there to make sure poll workers were trained and able to help us defend.” She added that the goal is to help give the public confidence in the process.
To be sure, the election remains in process, as counting continued into Wednesday in the key swing states that will determine the winner of the presidential election. And if there are recounts it could raise additional possibilities. But overall, Forno said the challenge going forward for the country is “more political than cyber.”
Yet the infrastructure that helps votes be cast isn’t the only place where attacks can be waged. In cybersecurity circles, social engineering is a frequent threat. While a special line of code can help an attacker break into a system, in reality what gets them in is often an absent-minded click on a suspicious link. The social hacking skills behind phishing schemes are the same skills used to undermine elections.
“Often the weakest link in the chain is actually a person,” Dr. Anupam Joshi, director of UMBC’s Center for Cybersecurity. “If you look at all these ransomware attacks and so on, the reason they happen is because the attacker managed to get someone to click on a link in an email, even though we’ve all been warned.”
When it comes to elections, this can play out in a public way. Instead of an email link infecting a computer, it’s a social media site that leads to false news in an effort to make them believe a certain way. Maybe it’s the belief that these votes weren’t counted, or this candidate rigged that state. Spreading Facebook posts and tweets geared towards convincing a substantial minority on either side of the political spectrum that the election was somehow manipulated can do as much damage to election security as hacking a voting system.
“You can actually use this social engineering not just to infect someone’s machines but to send them further down an echo chamber,” said Joshi.
That’s evolved, as well. In the aftermath of the 2016 election, the focus was on how Russia spread disinformation to sow discord. In 2020, it became more evident that threats were circulating within the U.S. on a domestic level, with no need for Russian trolls to fan the flames.
With a reckoning about how misinformation on social media spread in 2016, platforms like Twitter and Facebook came under pressure to respond. It’s also become more clear that the misinformation is being fanned by President Donald Trump.
This cuts at the models of the platform. While increased action is being taken to stop individual users from spreading false information, it can still show up in ads. Alyssa Brumis, a graduate student in the UMBC Language, Literacy, & Culture Doctoral Program, said she conducted research last year that showed misinformation was coming from political advertising paid for by the president’s campaign, even as the platform was placing other limits on individuals posting it.
“As users of Facebook and producers of information on Facebook, we are not able to put out disinformation, but we have a president who is able to go on the platform and say anything,” Brumis said, referring to the advertising model.
And Trump laid the framework to spread doubt, which was why few experts were surprised when he stepped out early Wednesday morning and railed against “fraud” and attempts to steal the election, even though votes were still being counted. In a real-time stress test, Twitter and Facebook both took action by putting labels on the post that info could be inaccurate.
What happens next remains to be seen, but it underscores how the threat evolved this year. No matter who wins the presidential election, Brumis sees it as a “new phase of cyber warfare” going forward.
“We’re in a situation where not only do we have to protect ourselves against foreign actors coming in and doing this,” she said, “we’re also doing a real good job of it ourselves, which is really scary.”
Donte Kirby is a 2020-2022 corps member for Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Robert W. Deutsch Foundation. -30-