Ominous Influence: Foreign Cyber Threat to US Elections

The 2016 US Presidential Election is, perhaps more than any election past, being shaped in large part by outsiders. The most anti-establishment influencer though, as it turns out, doesn’t come from Vermont or an eponymously-named high-rise in New York, but from almost 5,000 miles away in Moscow.

On July 22, WikiLeaks published thousands of emails stolen from the Democratic National Committee, many of which suggest that the party apparatus was attempting to undermine Bernie Sanders’ campaign. The information released in the emails was damning enough that it forced the resignation of DNC chair Debbie Wasserman Shultz and has cast a shadow over the beginning of the Democratic National Convention.

Evidence suggests that Russian intelligence was behind the leak – aptly timed to cause chaos at a nominating convention otherwise expected to have been uneventful. Disturbing as this incident would be on its own, it’s only the most recent development in an emerging pattern. In June, cybersecurity experts and government officials confirmed that Russian government hackers penetrated the DNC’s network and stole opposition research data on Donald Trump. The FBI is now investigating the breaches.

Domestic politics and the Kremlin’s underlying strategic aims notwithstanding, this entire episode is an extremely troubling watershed in a larger pattern of nefarious Russian activity in the cyber sphere. The status quo has graduated from government-sponsored hackers conducting criminal – albeit routine – cyberattacks, to a nation-state with interests directly in conflict with our own actively manipulating the US political process in cyberspace. Russia’s actions have reached a dangerous threshold.

Wishful thinking is no longer an acceptable cybersecurity practice. To meet the growing and apparent threat from state actors such as Russia looking to steal intellectual property, collect economic intelligence, or even undermine our democratic institutions, we must start taking cybersecurity seriously and treat it as it ought to be treated: as a matter of national security.

For one, high-level encryption for data at rest and in transit should be standard for any enterprise in 2016. There are commercially-available secure messaging platforms that are scalable and user-friendly that offer end-to-end encryption and the peace of mind that what is communicated between two parties stays between those two parties. Unless your communication is encrypted, assume someone is listening or reading in.

Second, there needs to be a complete overhaul of how employees in this country are trained to use their computers and safeguard their credentials. It takes one malicious file from a spear phishing email downloaded by a secretary to bring down an entire organization’s network. Nowadays, an unattended package or any suspicious activity at an airport cannot go four minutes without being reported. It shouldn’t take a cyber-9/11 for that level of vigilance to take root in our workplaces and on our computers.

Lastly, the US needs to fully utilize its unrivaled advantage in technology and innovation to track and defeat nation-state threats. American companies are making great strides in artificial intelligence and machine learning capabilities that perform continuously refined small-pattern analysis on data from known exploits to help identify, track, and preempt the activity of black hat hackers. This next-level cybersecurity capability needs to become standard – like antivirus or firewall software – because the wider the network of threat-tracking platforms, the more effective the technology.

The American people have bemoaned their representatives in Washington and are calling for an outsider to shake things up. Unless we get serious about cybersecurity, however, the outsider that will have the biggest influence isn’t a candidate and won’t have the American peoples’ best interest at heart – in fact, he won’t even be an American.