The US is taking the cyber threat to elections seriously and has launched a bipartisan initiative to protect democratic processes from cyber attacks.
The Defending Digital Democracy (DDD) project was announced by the Belfer Center for Science and International Affairs at Harvard Kennedy School.
The project is to be co-led by the former campaign managers for Hillary Clinton and Mitt Romney and experts from the national security and technology communities, including Facebook and Google.
“By creating a unique and bipartisan team comprised of top-notch political operatives and leaders in the cyber and national security world, DDD intends to offer concrete solutions to an urgent problem,” the Belfer Center said in a statement.
The project will be run by Eric Rosenbach, co-director of the Belfer Center and former chief of staff to secretary of defence Ash Carter.
Rosenbach recruited Robby Mook, Hillary Clinton’s 2016 campaign manager, and Matt Rhoades, Mitt Romney’s 2012 campaign manager, to join DDD as Fellows and co-leaders.
“Americans across the political spectrum agree that political contests should be decided by the power of ideas, not the skill of foreign hackers,” said Rosenbach.
“Cyber deterrence starts with strong cyber defence, and this project brings together key partners in politics, national security and technology to generate innovative ideas to safeguard our key democratic institutions.”
Mook said that in the past two years, nearly every election on both sides of the Atlantic has been affected by foreign cyber attacks, including Hillary Clinton’s in 2016.
“Many foreign countries, and even terrorist organisations, exploit digital technology to advance their agendas and influence public narratives abroad. This project will find practical solutions to help both parties and civic institutions that are critical to our elections better secure themselves and become more resilient to attacks.”
Rhoades said cyber attacks on campaigns and elections are a threat to democracy and affect people of all political parties.
“Foreign actors could target any political party at any time, and that means we all need to work together to address these vulnerabilities. This project will bring together not just different parties and ideologies, but subject matter experts from cyber security, national security, technology and election administration to make a difference.”
The Belfer Center said the DDD project will help institutions fortify themselves against attacks by foreign nations and non-state actors aimed at influencing the outcome of and undermining confidence in elections by: developing solutions to share important threat information with technology providers, governments, and political organisations; and providing election administrators, election infrastructure providers, and campaign organisations with practical “playbooks” to improve their cyber security.
It also said the project will help institutions to develop strategies for how the US and other democracies can credibly deter hostile actors from engaging in cyber and information operations; assess emerging technologies, such as blockchain, that may improve the integrity of systems and processes vital to elections and democracy; and convene civic, technology and media leaders to develop best practices that can shield public discourse from adversarial information operations.
The DDD project has enlisted Marc Elias of Perkins Cole and Ben Ginsberg of Jones Day, two of the top Democratic and Republican election lawyers in the US to advise the project, along with a bipartisan senior advisory group made up of leaders in technology, cyber security and national security.
This advisory group includes Heather Adkins, director of information security and privacy at Google; Dmitri Alperovich, co-founder and CTO at CrowdStrike; Debora Plunkett, former director of the National Security Agency’s information assurance directorate; and Alex Stamos, chief security officer at Facebook.
UK’s NCSC to educate politicians on cyber threats
There have been growing concerns in political circles about cyber threats after a US intelligence report concluded that Russia had orchestrated cyber attacks against Hilary Clinton and the Democratic National Committee to influence the outcome of the US presidential election.
In February 2017, UK defence secretary Michael Fallon said there had been a “concerning step-change in Russian behaviour” in the past year, citing cyber attacks on Bulgaria in October 2016, on the US presidential election, and parliamentary elections in Montenegro in October 2016.
In March 2017, it emerged that the UK’s National Cyber Security Centre (NCSC) planned to run special seminars designed to educate UK politicians on cyber threats to democracy.
NCSC chief executive Ciaran Martin reportedly wrote to political parties warning them of the “potential for hostile action against the UK political system”. He warned that databases of voters’ views and personal information, as well as internal emails, could be at risk, promising seminars to educate politicians on the threat.
Commenting in July 2017 on the opening of a new facility in Gloucester designed to help tackle cyber crime in the UK as part of a £3m investment by Lockheed Martin, chancellor of the exchequer Philip Hammond welcomed the move to explore cutting-edge systems that will help bolster UK defence against online attacks.
“We have witnessed recent attempts to undermine our digital infrastructure – including a cyber attack on Parliament, the very heart of democracy. We are clear that the UK must continue to keep up with the scale and pace of the threats it faces,” he said.
The Parliamentary Digital Service reported that it had to defend against a sustained and determined cyber attack on all parliamentary user accounts in attempt to identify weak passwords to gain access to users’ emails.
Parliament said in a statement that “significantly fewer” than 90 of the 9,000 accounts on the parliamentary network had been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service.
Although it was business as usual in both houses of Parliament following the weekend attack, investigations into the attack and remediation work is believed to be continuing, and there were reports of issues affecting some parliamentary staff’s internet and email connectivity more than two weeks after the attack.