Election Interference and Cybersecurity

Election Interference and Cybersecurity

REUTERS/Brendan McDermid
from State and Local Conference Calls

More on:

United States

Elections and Voting

Influence Campaigns and Disinformation

Cybersecurity

State and Local Governments

Max Boot, Jeane J. Kirkpatrick senior fellow in national security studies at the Council on Foreign Relations, and Max Bergmann, senior fellow at the Center for American Progress, discuss election interference and cybersecurity, as part of CFR’s State and Local Officials Conference Call series. 

Learn more about CFR’s State and Local Officials Initiative.

Speaker

Max Boot

Jeane J. Kirkpatrick Senior Fellow for National Security Studies, Council on Foreign Relations

Speaker

Max Bergmann

Senior Fellow, Center for American Progress

Presider

Irina A. Faskianos

Vice President, National Program and Outreach, Council on Foreign Relations

FASKIANOS: Good afternoon from New York, and welcome to the Council on Foreign Relations State and Local Officials Conference Call Series. I’m Irina Faskianos, vice president for the National Program and Outreach here at CFR.

We’re delighted to have participants from forty-two states across the country join us for today’s discussion. As you may know, CFR’s an independent, nonpartisan organization and think tank. Through our State and Local Officials Initiative we are here to serve as a go-to resource for information and analysis on international issues that affect state and local governments. We can offer you access to CFR expertise on a wide range of policy topics, Foreign Affairs magazine, and briefings with CFR fellows.

We know that many of you on the call today are on the frontlines of the electoral process, and that’s why we are talking today with Max Boot and Max Bergmann. They co-authored the March 2019 report Defending America from Foreign Election Interference, which was distributed prior to the call. And as we look ahead to election 2020, this is obviously of great concern. I have distributed full bios on both Maxes, so I’ll just give you the highlights on their distinguished backgrounds.

Max Boot is CFR’s Jeane J. Kirkpatrick senior fellow in national security studies. He’s a foreign policy analyst, historian, and bestselling author who has been called one of the world’s leading authorities on armed conflict by the International Institute for Strategic Studies. Mr. Boot has advised the presidential campaigns of John McCain, Mitt Romney, Marco Rubio, as well as U.S. commanders in Iraq and Afghanistan.

Max Bergmann is a senior fellow at the Center for American Progress. His work focuses on European security and U.S.-Russian policy. From 2011 to 2017, Mr. Bergmann served in the U.S. Department of State in various positions including as a member of the secretary of state’s policy planning staff, where he focused on political military affairs and nonproliferation.

So welcome to you both today. Thank you very much for being with us. Opening remarks will be on the record and then we’ll hold our Q&A and share best practices on a not-for-attribution basis.

So Max Boot, let’s begin with you to talk a little bit about the election security recommendation that you outlined in the report that the two of you coauthored. And then we’ll turn to Max Bergmann.

BOOT: Well, thank you very much, Irina. And welcome to all of you. And let me first state the obvious, which is that election interference is very much at the top of the political agenda right now, far more so than we could have imagined when our report was published in March, given that probably like some of the rest of you I am joining this call after having just muted the impeachment hearings which are now going on, where the president is, of course, facing impeachment precisely because of the accusation that he invited foreign election interference.

And just a few weeks ago, you had a very important statement released by all of the three-letter agencies—DOJ, DOD, DHS, DNI, FBI, NSA, et cetera—about the continuing threat from foreign election interference, saying: Our adversaries want to undermine our democratic institutions, influence public sentiment, and affect government policies. Russia, China, Iran, and other foreign malicious actors all seek to interfere in the voting process or influence voter perceptions. Adversaries may try to accomplish their goals through a variety of means, including social media campaigns, directing disinformation operations, or conducting disruptive or destructive cyberattacks on state and local infrastructure.

And, again, I stress, that was just a statement from a few weeks ago. It’s been, you know, quite a long time now—more than three years—since the last election which was heavily influenced by Russian election interference. And our—the people charged with defending the United States are alerting us that the threat remains as great as ever today. So the other Max and I offered some recommendations in March, I think which still very much apply today, for how do we deal with this really massive national security threat, beginning with, first, having an unambiguous declaratory policy on election interference, making clear that we will have a robust, retaliatory response against any nation that dares to interfere in our political process.

Our second recommendation was that the U.S. should improve its defenses against election interference, which has a variety of subpoints. There has been some progress made on that front—for example, setting up the cybersecurity infrastructure security agency within the Department of Homeland Security, although we have to still see to what extent it will be effective. And there was also a positive development in September when Senator McConnell finally agreed to move an election security bill through the Senate, after having blocked it for quite a long time. And that will provide more needed funds for election security. But there still needs to be more of a—you know, we think that there needs to be more of a federal mandate to maintain paper ballots and to—and to streamline, and to have best practices in election security across the country.

There also needs to be a lot more done in terms of providing security on social media networks, which in many ways remains a losing struggle with, for example, Facebook founder Mark Zuckerberg saying that Facebook will refuse to police the truth or falsity of political ads, which is really just an invitation not only for domestic actors but for foreign actors to lie maliciously in order to influence the election. I think that is a, you know, very dangerous statement. And Twitter, to its credit, has now said it will not take political ads. And of course, you know, whatever happens in advertising, that’s only a small subset of the kind of influence operations that are run online, which are not billed as advertising.

So there needs to be greater regulation of that, including passing the Honest Ads Act, which has bipartisan sponsorship. So you at least have—you know, start to establish some standards of online advertising. Beyond that we also flag the need to strengthen enforcement of the Foreign Agents Registration Act, which we saw people like Paul Manafort and Rick Gates, you know, now convicted felons in part because they were operating so far outside the law. But there was a 2016 audit by the Department of Justice Inspector General that shows, you know, that lax enforcement of FARA is very much the norm and very few people are held to account for violations.

We also need to do much more to work with our allies to cooperate on stymying foreign election interference. And that doesn’t mean, you know, what Attorney General Barr is now doing with having appointed a U.S. attorney to basically probe the investigation of Russian election interference in 2016, and basically trying to pressure our allies into casting aspersions on our own Justice Department and FBI. That’s a major step backward and will make our allies much less trusting of the United States, because what they see is that we are subsuming the quest for security and truth beyond—subsuming it all to, you know, the president’s political imperatives.

And the final element of our recommendations was to say that we need to impose significant costs on countries that meddle in our elections. And there is bipartisan legislation in Congress that would do just that, with triggering automatic sanctions on countries like Russia that are caught interfering. But again, those have not really gone anywhere. And you know, I think at the end of the day it’s just very hard to make progress on this front when the president of the United States himself said this summer that he would not necessarily turn away foreign election interference. And, of course, then he actively solicited foreign election interference. And I—you know, I’m quite concerned about what message that sends about the security of our elections.

And, you know, the reality is that President Trump will almost certainly be impeached in the House, but he’s almost certainly not going to be convicted in the Senate. And so is that going to be seen as a green light for further election interference? I don’t know. But I think that is a—that is a real danger. And I do think that the 2020 election and beyond are imperiled. And this should not be, you know, a partisan issue because if you have a Republican president inviting election interference today, in the future you’re going to have a Democratic president doing the same thing. We need to draw a clear bipartisan red line and make clear that that kind of behavior, which is already illegal, is also unethical and immoral, and cannot be allowed if you’re going to continue to function as a rule of law democracy.

FASKIANOS: Thank you.

Let’s turn now to Max Bergmann. And maybe you can talk about the cybersecurity measures needed to safeguard U.S. elections.

BERGMANN: Sure. Well, thank you, Irina, for arranging this. Thank you all for joining. Thank you, Max.

I think Max gave a very sort of good overview of the paper. Let me just make, I think, a few top line points and then talk about some of the kind of the—where cybersecurity and the intelligence side of the house kind of intersect here.

I think it’s important for you all to know that you’re on the geopolitical front lines. The 2020 election is going to be a major target for foreign actors. And it’s not simply Russia. There are—and it’s not simply, I would argue, not a partisan issue. That you have tremendous interest by countries all over the world in the outcome of an American election, particularly an American presidential election. And so actors from Russia, to China, to Gulf states, to Iran all have maybe similar interests, maybe diverging interests, but may see—have an interest in intervening in this election.

I think it’s important to realize why election security—why elections and why our election systems are such a target is, in part, particularly for autocratic states like Russia and China, there is an emerging consensus in Washington that, you know, if you look at the president of the United States’ National Security Strategy, the one that was submitted in the first year of his administration by H.R. McMaster, the former national security advisor, notes that there’s a growing geopolitical competition between autocratic states and democratic states. And this is—I think there’s broad bipartisan agreement on this. And there’s particular interest, I think, on the part of the Kremlin to disparage democratic systems, to show that autocratic strongman systems are sort of the way to go, while there’s all these flaws and problems with democratic systems.

And so causing havoc with a U.S. democratic election or sowing chaos is potentially a major geopolitical goal. And that makes many of you critical actors in sort of defending our democracy from a potential attack. Maybe I’ll just quickly—you know, in 2016 I was in the Obama administration. And we were completely caught off guard from this sort of asymmetric response from Russia, which largely came in response to U.S. and European sanctions. I think there’s a tendency on the part of many outside of government to view the U.S. intelligence community as all-knowing, in that maybe that—you know, the intel community will know what’s happening when we ourselves do not.

That, frankly, I think is not the case. Especially in 2016 our election was often focused elsewhere in terms of intelligence resources and assets. I think the Department of Homeland Security in 2016 also had a sort of faulty presumption over how election interference would occur. They looked at the U.S. election system and said: Well, we all operate in many different systems, so we are not going to be—so it’s going to be very hard for a foreign actor to manipulate the votes, because they would have to manipulate all these different systems. But in fact, we know that it’s pretty easy to target a U.S. election system in that the U.S. election, where if you know where the swing states are, where are the most important counties, where are the most important precincts. And then, you know, depending on the different types of election systems that are used, and how to target that.

And then what we later discovered, not at the time but after the fact—and this was in the National Security Agency document that was leaked by the woman named Reality Winner, who’s currently in federal prison—that revealed that the Russians, what they effectively did, was they—using simple malware targeted a U.S. election vendor, spoofed their email address—so basically sent email as if they were from this election security company to local election officials, with a document saying: Please open this document and update your software in your election systems. And this was done just a week before the 2016 elections. And we know some election officials did it.

So we still, I think, don’t quite have a handle on what actually happened in 2016 in terms of a potential cyber intrusion. In 2018, I think we’ve—the United States has largely patted itself on the back, but there was tremendous concern about the 2018 election. There were indictments by the Department of Justice leading up to the 2018 election. There was also a U.S. cyberattack against the Internet Research Agency that occurred on Election Day to send a message to Russia—this is their troll farm—not to do it.

But then just recently in the indictments of these two individuals, Lev Parnas and Igor Fruman associated with Rudy Giuliani, we have then discovered that there was massive amounts of foreign money—of Russian money, of Ukrainian money—coming into the 2018 election, into Super PACs associated with the president, as well as a number of other state and local election officials, as well—state and local elected officials, as well as the governor of Florida, and a number of other congressmen. So I think money in politics is another angle where it’s something to watch out for.

So maybe to close there, I think there has been—I think the big difference between going into 2020 and 2016 is that there is now greater awareness amongst the public that this is a major problem. In 2016, if you were to contact a reporter and say: Oh my God, I think we may have been hacked by a foreign actor, there wouldn’t have registered that this was an actual thing, that foreign interference in our elections was a real problem. Today, that’s not the case. So I think we’ve made progress in our collective awareness. However, I still don’t see a lot of—I’m not comforted by the federal response. The establishment of CISA at the Department of Homeland Security is a big step, however I think there’s still a lack of coordination. It’s a new agency. Who’s responsible for informing whom? And I think there’s still a big disconnect between the intelligence community as well—and state and local officials.

And I think given what we’re seeing in the impeachment hearing with professional career officials being potentially targeted politically, there’s a real chilling effect on speaking out or raising questions when it comes to election security. So I think my advice to you, to sort of close, is if you see something or if you have concerns, raise those concerns, be as loud and vocal in doing so as possible. So maybe I’ll leave it at that.

FASKIANOS: Well, thank you, Max Boot and Max Bergmann, very much for your analysis today, and to all of you for your questions, for your comments, and for sharing what you’re doing and your experiences in your municipalities.

Obviously, the work that you’re doing is so important and we hope that we can be a resource to you and help in the work that you’re doing.

You can follow Max Boot on Twitter at @MaxBoot and Max Bergmann at @MaxBergmann. So that’s pretty easy.

Again, please do let us know how we can support the important work you are doing. You can email us stateandlocal@cfr.org and I look forward to continuing the conversation with you.

Most Recent