Cyber Project

Election systems differ from state to state and precinct to precinct, but many still have security vulnerabilities that foreign actors — not just the Russians — can exploit. The U.S. government must act to improve security and assure Americans that their votes count.

Election Security The Senate Armed Services Subcommittee on Cybersecurity held a hearing on the Defense Department’s role in ensuring the U.S. election process is secure from foreign influence. Much of the discussion focused on Russian meddling, which took place in the 2016 presidential election and was expected to continue in future U.S. elections as well as those around the world. Committee members and witnesses agreed that the issue would continue to get worse and that there must be a solution that includes both the government and the private sector, while understanding that each has different interests in terms of national security and profit, respectively. 

Dr. Michael Sulmeyer, Mr. Christopher Painter, and Mr. John Miller testified to the House Committee on Foreign Affairs. 

On Dec. 21, all eyes were on the Republican bill to cut taxes. Yet a bipartisan group of six senators also had their eyes on the far less sexy (but still important!) topic of election hacking. They quietly introduced a bill called the Secure Elections Act that, if passed, would be a good down payment on improving the confidence we can have in the integrity of our elections. This short, stocking-stuffer size review will: review some of the core questions around election security, assess the bill’s provisions to improve information sharing, its grant program, and its bug bounty, and conclude with some tough realism about additional work that needs to be undertaken to protect our elections.

The military not only plans for operations, it also plans to plan. Yet there is no current plan or process in place to integrate cyber initiatives into campaign planning. The US government must determine how to integrate offensive and defensive cybercapabilities into campaign planning in order to leverage these capabilities and pair them with the military’s broad array of tools.

The administration should be given relatively high marks for the document’s cybersecurity components—especially for recognizing the breadth of the threat and that it’s going to take more than the help desk to fix it. Admittedly, that’s a pretty low bar. But National Security Strategy documents are not known as documents where big policy innovation occurs. Instead, the best you can usually do is articulate the broad contours of the main threats to national security coupled with some rough themes about what the government will do to make things better. Here, the administration does not isolate “the cyber” to the sidelines; instead, by talking about cyber issues throughout the document, the administration shows an understanding that cyberspace is a critical part to practically every aspect of national security.

How many times have you had to watch your company’s latest cybersecurity training video? An entire industry now exists to train us humans to be smarter in how we operate computers, and yet the number of cybersecurity incidents continues to rise. Are the hackers always one step ahead? Are we impossible to train? Or are we being taught the wrong lessons?

In July, the Belfer Center launched a new, bipartisan initiative called the Defending Digital Democracy Project  (D3P). Led by Belfer Center Co-Director Eric Rosenbach, along with the former campaign managers for Hillary Clinton and Mitt Romney, the project aims to identify and recommend strategies, tools, and technology to protect democratic processes and systems from cyber and information attacks.

North Korea’s 3,000 to 6,000 hackers and the 10 to 20 percent of its military budget going toward online operations mean the country’s cyberthreat to the United States stands only behind that of China, Russia and Iran. If the current tensions continue to escalate, could the United States or North Korea use their cyber-capabilities as a “force multiplier” to conventional military systems?

Recent years have seen growing concern over the use of cyber attacks in wartime, but little evidence that these new tools of coercion can change battlefield events. We present the first quantitative analysis of the relationship between cyber activities and physical violence during war. Using new event data from the armed conflict in Ukraine—and additional data from Syria’s civil war—we analyze the dynamics of cyber attacks and find that such activities have had little or no impact on fighting.