In recent election cycles, the impact of misinformation and disinformation on our democratic institutions has grown in direct proportion to the awareness of how easily social media allows the manipulation of information. The turbulence surrounding COVID-19 has further exacerbated an already volatile environment where social media is creating distinct and often unhealthy societal divisions. Compounding the unstable climate is that nation states that are already well established cyber bad guys have begun to synchronize their ongoing criminal activities with their perception-management operations to create an environment in which millions of Americans have become distrustful and suspicious of everyone and everything.
Many of today's election security conversations revolve around the issue from the perspective of the mechanics of voting — how citizens cast their ballots, how those ballots are recorded and counted, and how to thwart hackers from disrupting those systems. However, security professionals also increasingly find themselves in the role of mediating misinformation and disinformation activities as a strategic cybersecurity risk issue. That's as it should be. Since security professionals have already been focused on combating the efforts of Russian and other cybercriminals, it's only sensible for state and local government officials to turn to their chief information security officers and their teams to assist election officials.
Underlining the legitimate role for CISOs and other security professionals, the Department of Homeland Security's most recent Homeland Threat Assessment, issued earlier this month, makes the disinformation threat from Russia particularly stark. The DHS assessment describes as "Moscow's primary objective" weakening America "through efforts to sow discord, distract, shape public sentiment, and undermine trust in Western democratic institutions and processes."
No one discounts the importance of securing our election infrastructure from direct cyberthreats, but "it is equally important to articulate the importance of trust and patience in the process, especially in an election with a pandemic as the backdrop," said Matt Devost, CEO of the security consultancy OODA and a former senior adviser to the Department of Defense. Government security professionals are particularly well suited to assist in addressing education and awareness to help citizens recognize and mitigate threats and for providing transparency around complex issues.
Education and Awareness. One of the primary roles of security professionals in any organization is educating users on information security threats and risky behaviors, including identifying misinformation intended to exploit the natural tendency of people to trust technologies like email and social media. Security professionals can work with election officials to develop frequently-asked-questions documents focused on how mis/disinformation infiltrates the Internet and why a healthy dose of citizen skepticism can eliminate a lot of the anxiety associated with trying to separate fact from fiction.
A variety of external educational resources are available. The DHS Cybersecurity and Infrastructure Security Agency's #Protect2020 initiative, for example, is intended as a starting point on election security for both election officials and the public. In an article titled "How Election Officials Can Fight Misinformation and Mistrust," the National Cybersecurity Center's Mattie Gullixson shares best practices and such useful efforts as the National Association of Secretaries of State's #TrustedInfo2020, which highlights state and local election officials as the most credible sources for election information.
Transparency. It's no great revelation that Americans are weary of "fake news" and are legitimately concerned about false information being spread to influence the upcoming elections. "The greatest antidote to mis/disinformation for state and local governments is transparency," said Paul Rosenzweig, former deputy assistant secretary for policy at DHS. "The only way to give the nation confidence in the election process is to counter the disinformation that the system is all messed up, with an accurate description of how it is not." There's a role for security professionals in supporting creative and even humorous efforts by election officials to bring transparency to the election process.
It's important to keep in mind that genuine threats to the integrity of November's elections have yet to materialize. "To date, we have not identified any threats that would prevent Americans from voting, or that would change vote tallies," DHS Acting Secretary Chad Wolf told participants in a DHS Cyber Summit held Oct. 7. "We remain confident that malign actors are not able to alter any votes."
How things work out after the polls close on Election Day remains to be seen, of course, but a successful election will have a lot to do with the ongoing efforts that federal, state and local officials, supported by their information security teams, are taking to mitigate threats and counter misinformation and disinformation. Realistically, those efforts could shape the future of our nation. As a quote often attributed to Vladimir Lenin goes, "There are decades where nothing happens, and there are weeks where decades happen."
Governing's opinion columns reflect the views of their authors and not necessarily those of Governing's editors or management.