US Elections Are Under Threat From Cyberattacks — And So Are Yours
May 22, 2018
Matt Rhoades writes for Politico, on the threat that British elections face from cyberattacks.
When we talk about the integrity of elections, we tend to think about voter registration, transparency of donations, or the secrecy of our ballots.
But on both sides of the Atlantic, the most disturbing new threat is the specter of cyberattacks against our campaign infrastructure.
Whether in the wake of the U.K.’s EU referendum in June 2016, the U.S. presidential election that November, or the 2017 British general election, newspapers have been filled with endless speculation about foreign governments attempting to influence the outcome of elections.
Unfortunately, much of the debate on the topic has become a partisan political tool used by both sides to make accusations against each other — creating chaos, just as cyberattacks are intended to do.
What is deadly serious is the prospect of a malicious actor — who could be a foreign government, domestic extremist group or a single individual — acting to degrade the integrity of elections in the U.K.
In my country, the USA, technological advances of the last 20 years have led to a commensurate increase in the digital threat. When I first became involved in presidential campaigns in 2000, this never really crossed our minds.
As Mitt Romney’s campaign manager in 2012, I experienced cyberattacks firsthand when China tried to infiltrate our servers, forcing us to spend precious campaign resources on improved cybersecurity. Every cent we spent on protection could have been used addressing voters’ concerns, and that meant even unsuccessful cyberattacks ultimately weakened our campaign.
The threat hasn’t gone away, and it’s why I signed up as a co-leader of the Defending Digital Democracyproject. The initiative is sponsored by the Belfer Center at Harvard University and co-led by Eric Rosenbach, former chief of staff to President Barack Obama’s last Secretary of Defense Ash Carter. The initiative brings together experts in politics, national security and tech to develop strategies and technology to protect campaigns from cyberattacks.
Working also with Robby Mook, Hillary Clinton’s 2016 campaign manager, we have been trying to send a message that cyberattacks are a bipartisan problem requiring cross-party solutions. Mook and I don’t agree on much politically, but one thing we are in lockstep on is that only U.S. voters should decide U.S. elections.
And the more that I follow events in British politics, the more I’ve come to recognize similar vulnerabilities on your side of the Atlantic.
Just recently, British intelligence leaders warned of foreign threats to undermine democracies via cyberattack. Moreover, the head of the National Cyber Security Centre has already warned a major cyberattack is a matter of “when, not if,” and has briefed the major political parties in Britain to that effect.
We all need to be more aware of the nature of the threat, and the need to work constructively across the political divide to mitigate it.
I’m sharing my experience of the challenge we face in the United States not to argue about what might have happened in previous elections, but to encourage folks in both of our countries to come together with forward-looking solutions.
In the U.S., campaign organizations don’t have the technology or the expertise to defend against even unsophisticated cyberattackers. Political parties in the U.K. might have some resources centrally, but a general election with thousands of candidates contesting 650 constituencies presents a huge number of vulnerabilities for a determined attacker to strike at.
The next attempt to undermine British democracy through cyberattacks might not even come from a hostile foreign power.
It could come from an extreme domestic group or individual who just wants to create chaos. The resources, training and tools required to do so are readily available online.
Campaigns and political parties need to be alert to these sorts of threats, and ensure that their cybersecurity processes are taken seriously. Learning from the experiences we’ve had in the USA would be a very sensible first step to take.
Outside the parties, there is also a policy discussion that needs to take place about what more the government and leaders in the tech world can do together to ensure the security of future campaigns.
It’s pretty clear, even to an outsider like me, that Jeremy Corbyn and Theresa May have very little in common politically. But I’m sure both would agree that the outcome of the next general election should be decided by the British voters, not by foreign hackers.