The US presidential election is under attack

The history of voting in the United States is synonymous with struggle — people fighting for their deserved right to vote. Post-American Revolution, instead of being governed by a foreign power, white male landowners in the U.S. were able to choose their own leaders as the result of a literal war. It was not until after another war, the American Civil War, in which African Americans were granted the right to vote, and the civil rights movement led to further protections against disenfranchisement. And while it did not require a war for women to be granted voting rights, it took almost 80 years of fighting for equal rights before they too could vote.

This centuries-long struggle for voting rights is currently being challenged. A bipartisan report conducted by the Senate Intelligence Committee after the 2016 presidential election determined that the “Russian government directed extensive activity… against U.S. election infrastructure at the state and local level.”  This meddling, which continues to the present day, threatens the very right that so many groups have fought for, yet little is being done to prevent a repeat attack — or worse — in this year’s election.  

As the 2020 U.S. presidential election draws near, the success of a nation state in influencing the previous election suggests that they are likely to try and replicate their efforts, as well as encourage some copycats who possess their own agendas. The foundation of our democracy is under attack, and worse yet, those responsible for combatting these threats are choosing to remain idle.

Those who do not learn history are doomed to repeat it

During the 2016 presidential election, I served as the Director for Cyber Incident Response at the U.S. National Security Council at the White House. Part of this role involved monitoring for foreign intrusions in cyber space, and as a result of the spike in activity we saw around the election, we developed three pillars for election security. These pillars remain applicable today and should be the basis of how to protect the upcoming election.

The first pillar is accessibility. Long before the actual election takes place, there exists a serious threat to people’s access to vote — in other words, their ability to actually cast their vote and have it counted. 

The second pillar is integrity. Citizens need to vote with the assurance that their vote will be received and tallied accurately, whether they vote at a polling place or by mail. This was a consideration four years ago, before the COVID-19 pandemic, but it is especially important today, with an expected increase in mail-in ballots. 

The final pillar is reportability. This aspect of the election process is critical to a secure and trustworthy outcome. As we’ve seen in past elections, East Coast voting results impact turnout on the West Coast — the impact of reportability is immediate — and the variety of methods used to report/record votes creates opportunity for disruption.  

Misinformation and disinformation campaigns

Similar to threats in the reportability pillar, increasingly prevalent misinformation and disinformation campaigns are designed to create panic and discord. In April, we saw cyber actors spread misinformation and exploit the COVID-19 pandemic, and we are seeing it again now with the upcoming election. 

Confusion is perhaps the biggest issue in this election cycle. Nation states, political parties, and social networking sites are all involved in spreading false information, and the outcome is that no one knows what to believe — what is real or is not — and what can be done to find the facts.  

The unprecedented level of one-sided information to advance a specific, and not always accurate, narrative is undercutting the foundation of our democracy. However, these threats can be successfully combatted through a collective response that includes performing due diligence before any information is consumed or shared.

Politicization of cybersecurity

The current state of the U.S. government has the potential to become a bigger issue than what could occur on Election Day. Despite a bipartisan report showcasing successful election meddling by a foreign nation in 2016, and that these attacks have not ceased, elected officials across Congress and the executive branch are choosing to look the other way to protect their personal position and reelection opportunity. This inaction puts the basis of U.S. democracy in jeopardy.

Election security has been politicized, but it is not a political issue: It is an issue of national security.

We are facing a known threat, which is greater during this cycle because Russia is not the only attacker, yet adequate resources are not being used to protect our democracy. Politicization prevents action, which is what is needed to ensure a fair election.

A call to action

Improvements to election security have been made since 2016, and we are in significantly better shape today than we were then. But if you only defend against what has already happened, you will always be underprepared, which is especially true when it comes to cybersecurity. 

Malicious actors are consistently finding new vulnerabilities and access points to exploit, giving them a seemingly perpetual upper hand.

Securing the 2020 presidential election — and our democracy — requires a proactive and innovative mindset that leaves politics out of the equation and rather focuses on the three pillars developed in 2016. Otherwise, we teeter on the edge of giving power to outside forces, instead of it remaining with the people who fought so tirelessly for this right.

Anthony J. Ferrante is the Global Head of Cybersecurity at FTI Consulting, and previously served as Director for Cyber Incident Response at the U.S. National Security Council at the White House. The views expressed herein are those of the author and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals. FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.