At a glance.
- Foreign disinformation campaigns underachieve.
- Rumor control.
- Don't overestimate the opposition.
Notes on election disinformation: foreign campaigns apparently underachieved.
“It looks like any other Election Day, even any other Tuesday,” a senior CISA official said Tuesday at a virtual press briefing we attended.
Senior officials at the US Cybersecurity and Infrastructure Security Agency (that is, CISA) on Tuesday tentatively attributed the relative lack of foreign adversaries' action against US elections to "deterrence by denial," but they also credited US Cyber Command's "hunt forward" operations with having made a significant contribution to election security. The Washington Post quotes the Cyber Command head and Director NSA, General Paul Nakasone, as confirming that his organizations took unspecified action against Iranian actors after the threatening email campaign that tried to fly a false Proud Boys flag was determined to emanate from Tehran. CNN reports that "hunt forward" operations extended to Russia and China as well.
For two years before Tuesday’s voting, US Cyber Command deployed “the whole spectrum of offensive and defensive measures” against threat actors in Moscow, Tehran, and Beijing, CNN reports. The New York Times says Cybercom sent squads to Europe, Asia, and the Middle East to investigate tactics, techniques, and procedures. Deputy Commander Lieutenant General Charles Moore explained, “We want to find the bad guys in red space, in their own operating environment. We want to take down the archer rather than dodge the arrows.”
Cyber Command will continue its efforts indefinitely. General Moore calls election defense a “persistent and ongoing campaign.” And Fort Meade can be expected to remain engaged.
Returning to CISA, the Homeland Security agency executed a long-prepared national effort to secure the vote. CISA has for some time expressed the view that public engagement through the media and directly online make an important contribution to cybersecurity. Through Election Day CISA held a series of six online media briefings, the first at 9:30 AM Eastern time, the last at 11:30 PM Eastern time, providing updates on election security and the perspective their virtual situational awareness room provided. The good news, repeated throughout the day, is that no major cybersecurity threats surfaced during the voting.
Notes from CISA's Rumor Control.
Since spectacular claims of spectacular wickedness are, maybe, to be expected in the post-election phase, it’s worth a quick review of CISA’s Rumor Control page to see what the agency thinks are rumors most likely to surface.
- Here’s a rumor: “If results as reported on election night change over the ensuing days or weeks, the process is hacked or compromised, so I can’t trust the results.”
- Here’s the reality: “Election results reporting may occur more slowly than prior years. This does not indicate there is any problem with the counting process or results. Official results are not certified until all validly cast ballots have been counted, including ballots that are counted after election night.” This is why the process of counting votes is likely to take days. Certifying them will take longer.
- Another rumor: “Provisional ballots are only counted if there’s a close race.” The truth is that “provisional ballots are counted in every election regardless of result margins.”
- And here’s a rumor: “Witnessing election officials marking ballots means that fraudulent voting is taking place.” No, says CISA. Here’s the reality: “In some circumstances, election officials are permitted to ‘duplicate’ or otherwise further mark cast ballots to ensure they can be properly counted.” CISA goes on to explain that “Some ballots cannot be read by a ballot scanner due to issues such as damage or misprinting. Some jurisdictions hand count such ballots, while others create duplicate ballots so they can be read by a ballot scanner. Some jurisdictions permit election officials to enhance markings on ballots that are too faint to scan following a process to adjudicate the voter’s intent based on state law. In jurisdictions where duplication of unscannable ballots is permitted, election officials duplicate the ballot precisely to ensure all the voter’s choices are transferred correctly to the new ballot. Both the original and duplicate ballot are labeled and logged so that the two ballots can be tracked and audited. Many jurisdictions require bipartisan teams of two or four personnel to complete this process and verify that votes are accurately transferred to duplicated ballots. The process is often open to public observation.”
- This hasn’t happened much, if at all, but there’s a rumor in circulation to the effect that “If the election night reporting webpage is defaced or displays incorrect results, the integrity of the election is compromised.” Again, not so. The truth is that a defaced webpage has nothing to do with either counting votes or certifying official results.
- And, finally, “if election night reporting sites experience an outage,” then some people think that “vote counts will be lost or manipulated.” Not at all--if we can take away anything from Tuesday's commentary at CISA, it’s that election night results aren’t official. And reports by news media are, if possible, even less official.
Where is CISA getting its rumors and replies? They developed them during the exercises they ran before the election to explore and prepare for the kinds of problems the agency might encounter before, during, and after the voting. It’s another illustration of the value exercises and wargaming can hold for cybersecurity.
Don't overestimate the opposition.
Is there a downside to seeing too much foreign interference in these US elections you may have heard about? Yes, various experts tell the Washington Post. The recent failed attempt by Iran to impersonate the Proud Boys in an evident attempt to discredit the campaign of President Trump by communicating threats to Democrat and other voters was an example of how tactics that seemed to have effect in 2016 have fallen flat in 2020. “My biggest concern is that we give a foreign adversary more credit than they’re actually due,” US Cyber Command’s election security lead Brigadier General Joe Hartman told the Post. He thinks that social media platforms in particular have grown more adept at recognizing, exposing, and taking down coordinated inauthenticity. “Their platforms have been exposed,” General Hartman said, adding, “Social media companies have taken down their personas — in most cases their personas have gained very little traction.”