Considered opinionElection hacking, as we understand it today, is not a cybersecurity issue

By Herb Lin

Published 8 January 2018

Many lawmakers and analysts argue that the Kremlin’s successful 2016 campaign to undermine American democracy, increase societal conflict and political polarization, and help Donald Trump win the presidency, had to do with weak cybersecurity measures – and that the way to prevent similar efforts by foreign powers to influence U.S. elections is to bolster U.S. cybersecurity. Herb Lin writes that it is not at all obvious that the success of Russian meddling in the 2016 election was primarily the result of failures in the nation’s cybersecurity posture. Rather, much more decisive in Russia’s successful meddling was the Kremlin’s sophisticated disinformation campaign on social media platforms. Even fully funded and well-implemented measures the strengthen the cybersecurity aspects pf American elections will not ameliorate the effects of Russian efforts to increase the polarization of the U.S. electorate. “For this reason, a focus on preventing the hacking of election systems is misleading and dangerous—it distracts us from the real danger to the republic today, which is the toxic nature of political discourse in an internet-enabled information environment that Russia can manipulate in entirely legal ways.”

At a Senate intelligence committee hearing in November on Social Media Influence in the 2016 U.S. Elections, Senator Dianne Feinstein (D-California) said about Russian interference in the 2016 election, “What we’re talking about is a cataclysmic change. What we’re talking about is the beginning of cyber warfare.”

From the other side of the political spectrum, former Vice President Dick Cheney said at the Economic Times’ Global Business Summit 2017 in New Delhi: “[An] aspect of Mr. Putin’s conduct is the issue that is now very much in the headlines at home, and that has to do with cyber warfare, cyberattack on the United States—the fact that he took his capabilities in the cyber area and used it to try to influence our election.”

Cheney continued: “There’s no question there was a very serious effort made by Mr. Putin and his government, his organization, to interfere in major ways with our basic fundamental democratic processes. In some quarters, that would be considered an act of war.”

Herb Lin writes in Lawfare that to address concerns about cybersecurity vulnerabilities of the U.S. electoral infrastructure, a bipartisan group of six senators introduced, on 21 December 2017, S. 2611, the “Secure Elections Act,” a bill aiming to streamline cybersecurity information-sharing between federal intelligence entities and state election agencies; provide security clearances to state election officials; and provide support for state election cybersecurity operations (see, for example, Senator Susan Collins’ press release on the bill.) The authors of this legislation, and press stories around it, characterize it as a bill to improve the cybersecurity of the U.S. election infrastructure.

Lin, however, writes that it is not that case that the Russian successful 2016 campaign to undermine American democracy, increase societal conflict and political polarization, and help Donald Trump win the presidency, had to do with what we would normally define as cybersecurity.