Hacking the Election and Other Worries that Keep Intel Chiefs Up at Night
Hackers are penetrating U.S. government, industry and personal accounts daily with little risk, while America’s inexorable march toward increased connectivity of cars, homes, buildings and other infrastructure foretells a potent mix of opportunity and cyber vulnerability.
Against that backdrop, U.S. national security and intelligence leaders gathered in August to discuss concerns and developments at the Intelligence and National Security Summit, an annual Washington gathering lead by the Intelligence and National Security Alliance in conjunction with the Armed Forces Communications and Electronics Association (AFCEA).
Attendees discussed the vulnerability of the U.S. election system, concerns about the lack of a meaningful deterrent to discourage persistent international hacking threats and the debate over encryption and privacy that has pitted the national security establishment against Apple and other technology giants.
Worries about the digital security of next month’s U.S. elections tops the list with fewer than 40 days before Election Day. Russian hackers have broken into U.S. election databases and hacked Democratic National Committee computers, but FBI Director James Comey says the clunky U.S. election system makes a tough target for tampering.
“We have, in a way, a wonderful resilience because [the election system] is incredibly disparate and dispersed” over 50 states and thousands of other jurisdictions, he said. The number and variety of voting machines and the multiplicity of ballot counting procedures make the system “clunky as heck,” Comey said. But “there’s a blessing in that” – it’s difficult to hack.
The voting system “is not exactly a swift part of the Internet of Things,” Comey said. A hacker “looking to crawl down a fiber optic cable” to alter the vote count is likely to find instead “a woman named Sally and a guy named Joe” who open up the voting machine at the local precinct and pull out the paper ballots and count the vote by hand.
Still, hackers don’t have to get inside the whole system. In a close election, hacking even a single battleground county in a closely contested election could throw a state – and all its electoral votes – to one candidate or the other. Politico Magazine reported in August that hacking the election – and stealing victory Nov. 8 – “would be child’s play.” The article detailed how a Princeton professor bought a voting machine, pried out read-only memory chips from its circuit board and installed new firmware designed to alter results – all in just seven minutes.
In a flash warning, the FBI warned states to be on the lookout for attempts to infiltrate their systems or undermine voter security or confidence. The warning detailed efforts to break into state election systems in June, July and August, including the use of sophisticated penetration testing and data exfiltration from the system. Such a hack might not directly affect vote counts, but could enable outsiders to insert illegitimate voters into the system.
Who’s behind those hacks remains unclear. But Director of National Intelligence James Clapper says foreign actors constantly probe U.S. government systems.
“The Russians hack our systems all the time – not just government, but corporate and personal systems,” he said. So do the Chinese, other nations and non-state actors, he said. “The point is cyber will continue to be a huge problem for the next administration.”
Tony Cothron, vice president for customer requirements at General Dynamics Information Technology, said these threats affect all sectors of society. “The technology in use in personal lives, our businesses and our government today is incredibly complex,” he said. “If we are going to keep our country and families safe, we really have to pay attention to the details of how we are developing, operating and securing any information technology.
“We like to think that information technology is a commodity,” he added, “but I think most people will agree that security is not something we can afford to buy based only on the cheapest price.”
DNI Clapper also cited three other worries:
- The United States will be in a “perpetual state of suppression for some time to come.”
- Russia and China “have embarked on very aggressive space capabilities and counter-space capabilities” that could challenge American dominance in that domain.
- Climate change. As population centers compete for ever diminishing food and water resources, climate change will become “the underpinning” for future national security challenges.
Moving back to technology, Clapper said advances in artificial intelligence and self-driving cars “have the potential to revolutionize our lives for the better,” while also opening up new vulnerabilities.
Adm. Michael Rogers, chief of U.S. Cyber Command and director of the National Security Agency, said one of the major challenges is the lack of an effective deterrent to cyber attacks. “Many have come to the conclusion that there is not a significant price to pay” for cyber attacks against the United States, he said.
Dialogue with China has helped establish “a broad cyber framework” for what is acceptable and what is not in cyber activity, Rogers said. But the matter of deterrence remains unresolved. Cyber attacks persist, in part, because the United States has not yet developed severe enough consequences to deter cyber spying, theft or destruction.
“I don’t think any of us are comfortable with the current situation,” Rogers said.
Encryption or not?
Domestically, the continued battle over encryption continues to be a struggle, with law enforcement still butting heads with technology firms.
The FBI’s Comey has pressed U.S. tech firms for more than a year to provide special access to encrypted hardware and communications, arguing their failure to provide that access effectively strengthens and emboldens criminal activities using commercial digital technologies. He says he’s in favor of encryption – with limits.
“I love strong encryption,” Comey said. “I love end-to-end encryption. I don’t want anybody looking at my stuff: my bank information, my health care information….
“But I also care deeply about public safety, and those two things are crashing into each other. Absolute privacy has never been a feature of American life,” he continued. “The bargain the founders stuck was that your stuff is private unless the people of the United States need to see it.” When law enforcement officials demonstrate probable cause and obtain warrants, he added,information should be accessible.
For now, however, “we’re going to a place where huge swaths of life are absolutely private – and maybe that’s okay, but there are significant costs to that from a public safety perspective,” Comey said. “I want the American people to either say that’s a great idea, we want absolute privacy, or we need to figure out what to do about that to reconcile to optimize these two values.”