election 2016

IN-THE-NEWS: CGA's Doug Lute tells USA Today about the national security implications of protecting our election infrastructure

This piece originally appeared in USA Today, December 7, 2017

Illinois' most populous county has a plan to keep hackers out, after the state's voter registration list was breached during last year's presidential race. There's one big sticking point: the money. 

The director of elections for Illinois' Cook County and a group including Ambassador Douglas Lute will present a strategy to bolster U.S. election systems' defenses against foreign intruders on Thursday. 

That roadmap comes with a request for the federal government to fund their plan, underlining a hurdle for many municipalities as they head into the 2018 midterm and 2020 presidential elections.

While last year's general election made clear the voting system was vulnerable to hackers, and the federal government has instructed the nation's 9,000 election officials to make their voting rolls safer, many municipalities lack funding to make these changes. 

The last time there was significant federal funding for election infrastructure at the local level was the Help America Vote Act of 2002, passed in the aftermath of the controversy surrounding the 2000 president election recount. That resulted in almost $3 billion in funds for new voting equipment

"For a relatively modest investment it seems to me that we can shore up the system significantly," Noah Praetz told USA TODAY.

His five-page plan, sponsored by Cook County Clerk David Orr and being presented at the University of Chicago's Harris School of Public Policy, is part of a broader effort by an ad hoc bipartisan group working to strengthen the U.S. election system after Russian intrusions during the 2016 U.S. presidential race. It calls on the federal government to aid states, laying out a list of 20 defense tactics election officials can take to protect election integrity.

"Make no mistake, this will be a painful and expensive undertaking," it reads.

Just how expensive isn't known. The U.S. election system is highly decentralized. Each jurisdiction has different staff, equipment and funding and must deal with differing local and state regulations governing elections.

For Cook County, which is responsible only for county-wide elections as the city of Chicago holds its own elections, "it's going to cost many millions." Praetz said he couldn't be more specific because the county is in the middle of a procurement process.

Even hundreds of millions is just "a rounding error of the defense department budget," said Lute, a retired three-star general who served under both Obama and George W. Bush.

"We're buying hard defense for America to the tune of $700 billion a year. And for literally less than one-one-thousandth of that, we could make dramatic inroads to secure our election systems. Which quite frankly may be more fundamental [to our security] than the next fighter plane," he said.

Russia will be back

The problem with Russia, which denied any interference in the U.S. election, isn't going to go away, say election officials. The 2016 attacks were a classic Russian intelligence military operation.

"Initially it is rather clumsy. They probe and they make mistakes and they get found out. But they also learn very quickly. I expect that in 2018 they will be back, with a much more sophisticated and targeted approach," said Lute, most recently the former United States Permanent Representative to the North Atlantic Council, NATO’s standing political body.

2016 was a heads up

The 2016 election was a watershed in terms of awareness about foreign election meddling. No one knows the problem better than Illinois, one of two states where federal authorities say Russian hackers succeeded in infiltrating the election system.

The hackers operated undetected for three weeks, viewing the records of 90,000 voters and, according to the Illinois State Board of Elections, attempted to delete or alter some voter data.

Time is also short. Illinois also is one of two states with the earliest primaries in the county, meaning its voters will go to the polls in March.

The white paper suggests the creation of a national digital network for local election officials to quickly share information about threats and incidents. This is in contrast to 2016, when officials in 21 states only learned they'd been targeted almost a year after the fact.

Next, every local and state election official should have a security officer on staff, to deal with these issues. 

The paper then goes on to outline a standard list of the things any company would implement to protect the security of its networks, but which election officials have overall been slow to roll out because of a lack of funding, knowledge and awareness of the dangers.

The final suggestion is the idea that every election jurisdiction needs to come up with a plan about how it will recover if it is hacked. That could mean paper backups of voter registration lists, storing paper ballots or saving digital scans of ballots.

"If we detect breaches and recover from them quickly, we will survive. And so will our democracy," the paper says.  

PRESS RELEASE: Cybersecurity Experts Meet to Discuss 2016 Election Hacking

February 9, 2017 (Chicago, IL) – Yesterday, Cambridge Global Advisors (CGA) convened a timely discussion on cybersecurity and the U.S. democratic process. The event, hosted by and at the Chicago Council on Global Affairs, focused on how cybersecurity and hacking impacted the 2016 election outcome.  The full event is available for viewing online at: https://www.thechicagocouncil.org/event/hacked-democracy

Jake Braun, CEO at CGA, moderated the event and was joined by Cindy Cohn, Executive Director, Electronic Frontier Foundation; Siobhan Gorman, Director, Brunswick Group; Robert K. Knake, Whitney Shepardson Senior Fellow, Council on Foreign Relations; and Sherri Ramsay, Senior Advisor to the CEO, CyberPoint International; Cybersecurity Consultant.  Among various topics, this panel of experts addressed some of the key challenges currently facing both the government and private sectors as they fight cybersecurity breaches, privacy issues, and electorate concerns about the integrity of American elections.

The panel raised concrete things the Trump Administration, other governments, political groups and private sector interests can do to protect the nation, highlighting the need to balance national security concerns with civil liberties concerns within a democracy.  One of the issues raised included whether or not technology is a threat to democracy. With democratic nations amassing enormous cyber-surveillance powers, it becomes increasingly difficult for democratic nations and societies to balance both transparency and security in the new digital age.

“There’s no doubt that cyber-meddling by foreign actors is now at the forefront of the discussion around technology, cybersecurity and democracy,” said Jake Braun who has advised both public and private sector interested on cyber assessments and network security matters. “But where it was elections in November, it can be our energy grid or water resources in the future. Bottom line: When an outsider can cause this much damage, it’s not just on our government to foster solutions, it’s on the private sector to get involved too.”

The full event is available for viewing online at: https://www.thechicagocouncil.org/event/hacked-democracy