The world may be on tenterhooks as tally machines work overtime to process a record number of ballots and legal challenges threaten to delay the final result, but early signs suggest that proactivity has protected the 2020 United States election against cyber security compromise – despite a fog of social media misinformation.
The closely-watched nail-biter – which still hadn’t been called a day later as ballot counting and legal challenges continued in key states – was plagued by reports of low-tech manipulation through robocalling misinformation campaigns, and scattered technical issues such as Wi-Fi outages and power problems.
Overall, however, authorities were confident that months of cyber security preparations were bearing fruit.
“To date, we have not identified any threats capable of preventing Americans from voting or changing vote tallies for the 2020 elections,” Chad Wolf, acting secretary for the US Department of Homeland Security (DHS), reported in a recent US Cybersecurity & Infrastructure Security Agency (CISA) webinar on election hacking shortly before the election.
“As we approach the final weeks of the 2020 election, we know that malign actors are counting down the days until November,” he said, “but so are we…. We remain confident that malign actors are not able to alter any votes.”
Concerns that Russia or other actors would try to interfere in 2020 evolved as an increasing body of evidence highlighted campaigns of interference in the 2016 elections – and revelations last month suggested that Russia, China and Iran were using “covert and overt influence measures” and had collected US voter registration data to fuel a targeted campaign of misinformation.
Yet even as COVID-era changes to voting procedures increased the “fluidity” of the election environment, Wolf said, ”security has remained paramount to the process” as CISA teams engaged with state election officials through grassroots outreach programs.
This included the establishment of election infrastructure councils, utilising private-sector research to analyse trends, and helping local authorities tap election-security grants to improve their resilience against cyber attacks.
CISA had also offered election authorities a cyber security toolkit, including risk assessments and penetration testing for election machine vendors.
“We now have direct lines of communication with technology and social media companies and election officials,” Wolf said, “so that both parties can seamlessly take action against false information spreading online.”
With accountability a key focus for election officials, 92 per cent of the election’s ballots also have paper analogues – meaning any questions or recounts would be supported by an auditable paper trail.
Protecting the information stream
Although CISA had provided ongoing support up to and including on election day – and hadn’t detected active attacks on election infrastructure – CISA director Christopher Krebs issued an election-day statement warning that “we are not out of the woods yet”.
Even the fact that CISA had to engage with social media firms shows how much the threat landscape has evolved since Russian manipulation of the 2016 election took authorities by surprise.
This time around, the integrity of information streams has been as important as the integrity of voting technology.
Ensuring delivery of accurate information to the public was a key issue in the US state of Kentucky, for example, where COVID drove a surge in absentee voting – a significant change in a largely rural state where 98 per cent of votes had historically been cast in person.
As COVID drove a surge in absentee balloting, state election administrators worked with CISA to develop and secure a voter portal in just two months.
“We were behind the curve,” Kentucky secretary of state Michael Adams explained, “but we’ve had our best minds working on this to make sure it’s safe and intact, but also very functional and voter friendly.”
Technology “has not really been the biggest challenge” of the election, he added: “The thing that keeps me up at night is not vote suppression or vote fraud, or even foreign actors; it’s the challenge that I’ve got getting information to the public.”
Ensuring timely, authoritative information has been crucial at every stage of the election – which has made this election a litmus test for social media giants’ efforts to step up surveillance of use of their platforms for election lobbying and misinformation.
Compared with 2016 – where unfiltered transmission of information left them open to compromise – social media giants took a much more proactive stance this time around.
Twitter, for one, warned that tweets by US President Donald Trump about “surprise ballot dumps” could be misleading – echoing earlier occasions where the social media firm was forced to intervene in Trump’s months-long campaign against what he labelled a “rigged election”.
Facebook has also wrestled with finding the correct level of intervention, removing accounts linked to Russian and Iranian misinformation campaigns but hedging its bets on Trump as the president escalated his war with social media giants’ alleged censorship.
Yet artificial intelligence has improved by leaps and bounds in the intervening years, powering ever more-convincing deepfakes and misinformation bots that are now more sophisticated than ever.