Cyber Scene #49 - Major League Strikes: Election Replays
Cyber Scene #49 -
Major League Strikes: Election Replays
As October 2020 draws to a close, memories of 2016 may make a return appearance as the U.S. scurries to vote under a pandemic. Despite divisions, present and past, two Republican- and Democrat-appointed DNIs agree that Russia, and likely Iran, tinkered with the cyber stream of information and hacked voting databases in 2016. Mainstream press maintains that these two countries and possibly China are at it again. Examining what cyber delivers, finding truth is at the heart of this contention, which spills into U.S. Congressional hearings for Big Tech firms on how to handle misinformation. All three branches of the U.S. Government are involved.
The U.S. Justice Department has been busy: as reported by New York Times (NYT) Michael S. Schmidt and Nicole Perlroth on 19 October, the Justice Department unsealed charges against six Russian GRU (military intelligence) officers for attacks on the French presidential election, Ukraine's electric grid and the 2018 Winter Olympics in Seoul, South Korea. These six hail from the same unit suspected of the distribution of stolen Democratic emails and other U.S. election meddling in 2016. The current U.S. Assistant Attorney General for National Security, John C. Demers, stated: "No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite."
The present Director of National Intelligence, John Ratcliffe, and FBI Director Christopher Wray, went further: they held a press conference on 19 October during which DNI Ratcliffe defended the integrity of the U.S. voting system and cautioned voters to dismiss misinformation that may come their way. The DNI went on to say that the US Intelligence Community has been working on these threats, and that the Department of Homeland Security and the FBI have taken action on them. According to NYT Julian Barnes, Nicole Perlroth and David Sanger, unnamed intelligence officials who had been briefed on the findings agreed with DNI Ratcliffe's summary, but distinguished Iran as a minor league baseball player while Russians were major leaguers.
The former DNI during the 2016 elections, James Clapper (2010-2016), was joined on CNN by the present administration's former FBI deputy director Andrew McCabe. They agree with DNI Ratcliffe on the threat, but believe Russia is far more worrisome than Iran.
Former DNI Clapper had also discussed at length, on C-SPAN on 17 September 2020, Russia's long history of interfering in elections, but noted that 2016 brought a new Russian aggressiveness, a multi-pronged interference, and an increasingly high technical approach. He feels that social media was the worst exploitation, reaching 132,000 Facebook users alone. He was joined on this latter C-SPAN emission, hosted by the Annenberg Center for Ethics and Rule of Law at the University of Pennsylvania, by Ms. Kathleen Hall Jamieson, U. Penn Public Policy Director and author of "Cyberwar" which examined the 2016 election in depth. She maintains that hacked content particularly had a clear impact, and influenced the 2016 election. The fact that voter registration records in at least 39 states had been hacked in 2016 but appeared unused at that time by Russia raised questions about future use in the 2020 election.
Facebook, Twitter, and Google's YouTube, for their part, are very much at bat; they should not anticipate any softball questioning from Congress. These three arms of Big Tech are together reviewing QAnon postings to "prohibit content that targets an individual or group with conspiracy theories that have been used to justify real-world violence," as reported on 15 October by Elizabeth Dwoskin and Isaac Stanley-Becker. The three companies do not have strictly aligned approaches, however, as YouTube would allow for QAnon postings that do not target individuals or groups protected by hate speech policy.
These calls are difficult at best, and Congress is stepping behind the plate as the umpire. The Senate Judiciary Committee is prepared to enforce the appearance of Facebook and Twitter CEOs to testify regarding the suppression of an inflammatory and undocumented recent press article. The CEO of Google had already been scheduled for other reasons (see the 10 October Economist's "Regulating big tech: Ex-antics" regarding Google's anti-trust testimony and 1 August's Economist's "How to cope with middle age" and "Google grows up" for broader background details).
Now they are all to testify on 28 October regarding tech company control over hate speech and misinformation on their platforms, according to the Associated Press's Marcy Gordon’s “Facebook, Twitter CEOs ordered to testify" (23 October Herald Tribune). In fact, the Senate's Commerce, Science and Transportation Committee had already subpoenaed the three CEOs, on a bipartisan vote on another matter, and the CEOs had agreed to testify before the Committee. It should be noted that, rather than a win for Big Tech, it may end up as a shutout loss: both parties believe Big Tech is not doing its proper job regarding the management of misinformation, but they hold opposing views as to how Big Tech should do it.
How to counter these cyberthreats is indeed a challenge. Beyond politics, there is tension in the governmental and private sector interface and between and among nation states.
From the U.S., Marietje Schaake, the President of the Cyber Peace Institute and International Policy Director at the Cyber Policy Center at Stanford University writes in "Foreign Affairs" (November/December 2020) that we now have a "lawless" realm--think of a baseball brawl where the players of both teams duke it out. U.S. policymakers fear a cyber-Pearl Harbor. Some cite North Korea-based WannaCry's attack on Microsoft Windows in 150 countries including the UK's National Health Service as inching close to Pearl Harbor. Countries, even powerful ones, see the strength of the digital leaders increasing. Meanwhile, she points out, attackers see a "legal vacuum: there are few mechanisms that guarantee international cooperation and coordination in discovering and bringing to justice cyberattackers." At this time, covering all bases is all but impossible.
She notes that in democracies, the private and public sector imbalance is already dangerous but "the sale of cyberweapons to authoritarian regimes" is even worse. She argues that domestic rules don't answer, but rather "democratic countries must extend norms and rules to ensure safety in the digital world."
Drawing from U.S. Governmental expertise, two former U.S. diplomats also offer a solution. Jared Cohen, a former member of the Department of State Policy Planning Staff and Adjunct Senior Fellow at the Council on Foreign Relations; and Richard Fontaine, CEO of the Center for a New American Security, former National Security Council official, and Senator John McCain's foreign policy advisor, have co-authored in "Foreign Affairs" (November/December 2020) an article, "Uniting the Techno-Democracies" proposing a G7-like organization dubbed T-12 (technology and 12 member nations) to work out these issues among global leaders. They cite the creation of the World Bank, the International Monetary Fund, NATO, the G-20 and other useful international organizations that survive and serve still, at 50, 60, or 70 years strong and still working. They go on to dispel projected opposition to the concept and close by stating: "For too long, national approaches to technological questions have been ad hoc, poorly coordinated, and left to technology experts to sort out. But in today's competitive global environment, technology is too important to be left to the technologists."
Meanwhile, C4isrnet's Mark Pomerleau reports on progress from the Cyber Solarium Commission, a bi-partisan organization created by Congress in 2019 to develop a multi-pronged U.S. cyber strategy, which may sound familiar to Cyber Scene readers. It just published, on 19 October a whitepaper stating starkly that the U.S. lacks a supply chain strategy regarding China, and proposes that "Congress should direct the U.S. Government to develop and implement a strategy for the information and communications technology industrial base to ensure more trusted supply chains and the availability of critical information and communications technologies." They specify five strategies to build trusted supply chains, strategies drawn from past Chinese cyber activities.
Meanwhile, Wired's Garrett M. Graff reports –Cyber Command's General Paul Nakasone and his success in reining in disparate entities and training the military in cyberattacks. While never having actually interviewed the General Nakasone, Mr. Graff compiles an extensive portrait of him, highlighting his quiet reflection, his listening to and considering team inputs, and his excellent relations across the government, particularly with both of this administration's National Security Advisors and staff since being appointed in 2018. The article is extensively documented and underscores the importance of what the Commander calls "persistent engagement."
The advancement of 1) the Cyber Solarium Commission recommendations, 2) the exploration of the T-12 alliance, and 3) the further application of "persistent engagement" may together bridge the distance between nation states, strengthen private and public sector discourse, and even find commonality politically to foster cyber collaboration, both domestically and internationally.