Perfecting the “Perfect Weapon”: Stepping Up the U.S. Cybersecurity Game
An event summary for the October 13, 2020 event, "The Perfect Weapon: David Sanger Discusses Upcoming HBO Documentary."
“In the new thinking of the US Cyber Command and the NSA... the concept now is: you don't wait to be attacked; you go into adversary networks and you work on these things before you get attacked because after you get attacked is too late,” said David Sanger, National Security Correspondent and Senior Writer at The New York Times and former Distinguished Fellow at The Wilson Center, in a virtual event discussing his book-turned-documentary last week. During his time as a fellow at The Wilson Center, Sanger authored “The Perfect Weapon,” which gives an insider account of how cyberweapons changed the course of geopolitics more than any other means of attack after the detonation of the atomic bomb. This book has since been turned into an HBO documentary, released on October 16. Before its official release, audience members were able to tune in for a sneak peek and Q&A of selected clips from the documentary -- providing narrative accounts and commentary on several historic events including the 2014 Sony Pictures hack, the 2016 US Presidential Election interference, and the chaos that was the 2020 Iowa Caucus.
Safeguarding Election Security
With the 2020 Presidential Election just one week away, a recurring topic throughout the event was the looming threat of outside interference with US electoral infrastructure. The concern? The US response -- or lack of response -- to past cyberattacks has lowered the threshold of risk for actors looking to destabilize our democracy and compromise US electoral systems.
In the lead-up to Election Day, there are two kinds of hacks which the US must work to protect against, each requiring different approaches. The first is the “hacking of infrastructure,” as Sanger called it, which pertains to voting systems, voter registration databases, IT infrastructure and systems used to manage elections (to count, audit, certify, and validate results), infrastructure storage facilities, and polling locations. These are the physical means which enable secure, accessible, and fair elections for the American people and, more broadly, the well-being of our democracy.
A positive of an incredibly vibrant and diverse American voting ecosystem is how different, often dated, and disconnected from the Internet each of the 50 states’ voting systems are, which makes it difficult for foreign actors to hack voting machines. “It would be a whole lot easier to go hack the registration systems, to hack the e-poll books so that when you go in to vote in California, they say, ‘Wait a minute, we show you listed in Washington, D.C..’ Or after you send in your absentee ballot, have them say that you voted already even though you hadn't sent in an absentee ballot,” said Sanger. The more public-facing US voter registration systems are often the bigger concern for national security experts because encountering problems with registration logistics may prevent and dissuade voters from voting at all.
In order to effectively deter such influence operations, the US needs to send a clear message to outside actors, communicating that there will be consequences for attempts to delegitimize US elections. The trick to raising the price for interfering with election security, said Sanger, is to “do it in a smart enough way that you don't simply get yourself onto a chain of escalation that you're never going to get off.” Effective deterrence will require the US to shift away from a cyber strategy “wrapped in secrecy,” as Sanger called it, to a strategy which clearly communicates the US’ highly specific detection capabilities to our competitors.
The Hacking of Minds
The second (and often more dangerous) kind of hack that Sanger alluded to was the “hacking of minds” -- otherwise known as a “perception hack.” This pertains to intentional campaigns by foreign influence actors -- namely the Russians -- to diminish the trust of the American public in their own electoral infrastructure. “A perception hack,” said Sanger, “means you don't have to hack into every [state’s] registration system… You just have to get into a few of them and create enough chaos.”
We were able to see the magnitude of devastation the “perception hack” caused in the Iowa Primary Caucus. The delay and inconsistencies in the results caused mass confusion and chaos, tarnishing the confidence of voters around the country in the American electoral system. Although the fiasco can now be attributed to a lack of preparation and test-flying a new system on Iowa Caucus Day, the immediate thought by a majority of voters -- and echoed by Democratic candidates -- was that Iowa’s electoral systems had been hacked. Due to setbacks caused by COVID-19 and the influx of mail-in ballots, American voters have already been warned that the result of the election might not be known for days -- even weeks -- after polls close on November 3rd. It is critical that Americans are not dissuaded by these circumstances and exercise their right to vote.
“The issue,” Sanger said, “is not as much affecting the election as affecting people's confidence that their ballot will be counted.” For instance, while some states like California and even the District of Columbia track mail-in ballots, other states like New York have no online way of tracking mail-in ballots. “My view is if Amazon can tell you when you order a pair of socks when it’s left the warehouse and when it's on a truck and when it was dropped at your door, how hard can this be with the fundamental instrument of a democracy,” Sanger continued, “It's inexcusable that we can't crack every ballot every step of the way while still keeping who you voted for a secret.”
Countering Influence Operations in 2020 and Beyond
In response to growing concerns about foreign election interference, popular social media platforms such as Facebook, Twitter, and Reddit have taken measures to raise awareness and counteract disinformation efforts by foreign actors, but those actions alone will not be enough. “[The Russians] are not going to play the same playbook again because Facebook will see them coming and take stuff down… They've been moving to US servers instead of the Internet Research Agency because they know the NSA and Cyber Command and other intelligence agencies can't legally operate in the United States,” said Sanger. Foreign actors have also updated their handbooks on influence operations since 2016 to succeed in 2020.
Instead of creating and populating social media platforms with fake personas like they did in the previous election cycle, foreign actors are now employing bot farms to identify and exploit American ideological tensions and divisions. According to Sanger, by planting polarizing ideas “into the minds of real Americans with real first amendment rights,” foreign actors have essentially used the American people as disinformation-sowing vessels to carry out their mission by proxy. These messages are then reamplified by foreign actors to reach larger audiences on both sides and create even deeper divisions within American society.
Spreading doubt and division is key to the playbook, but the public is also tasked with parsing through disinformation -- which is not a universal skillset. “The key to all of this is questioning what the source is,” Sanger continued, “and making people understand there’s a difference between what you read in Breitbart News versus something that comes out of a deep, real reporting standard.” It has never been more critical to be able to distinguish what the source of information is, what was involved in gathering it, and how to test the information. Nonetheless, the inherent difficulty, Sanger mentioned, is that when people are given the choice to pick between real information and salacious (yet false) information, they often misidentify the truthful source. It is going to be up to the media, Sanger said, “to figure out what a perception hack is -- what’s just an innocent mistake, what's a bureaucratic snafu, what's the Russians meddling in a couple of places but not enough to make a difference, and then how to go deal with the inevitable conspiracy charges that will come out?”
About the Author
Science and Technology Innovation Program
The Science and Technology Innovation Program (STIP) brings foresight to the frontier. Our experts explore emerging technologies through vital conversations, making science policy accessible to everyone. Read more
Digital Futures Project
Less and less of life, war and business takes place offline. More and more, policy is transacted in a space poorly understood by traditional legal and political authorities. The Digital Futures Project is a map to constraints and opportunities generated by the innovations around the corner - a resource for policymakers navigating a world they didn’t build. Read more