News - Belfer Center for Science and International Affairs, Harvard Kennedy School

Election Officials Discuss Midterm Interference and Security Plans for 2020

| Dec. 18, 2018

Harvard’s Defending Digital Democracy Project Facilitates Security Training Against Election Attacks

“It was too quiet.”

That was the sentiment expressed by a number of the 45 election officials from 23 states who gathered earlier this month in Cambridge for a Belfer Center Defending Digital Democracy (D3P) Midterm After-Action Conference to discuss problems around their November midterm elections.  Most said they experienced significant but mostly unintended misinformation – and some disinformation – along with a number of other challenges to their electoral processes, but not the extensive foreign cyber and other attacks that took place during the 2016 presidential election.

“2018 was too quiet for the Russians,” said West Virginia Secretary of State Mac Warner. “What are they up to?” Google’s Threat Analysis Group Director Shane Huntley, who spoke at the conference, agreed that his team also noticed the “somewhat freaky” silence from foreign interference around the midterms. They surmised that hostile foreign or other forces may have held back on attacks in hopes that the frontlines of election security would let down their guard for 2020.

Rolf Mowatt-Larssen, Director of the Belfer Center’s Intelligence Project, said the midterm lull was very “Russian” and something he saw during the Cold War when the Russians established a tradition of “standing down” on espionage activity during periods of intense political activity to show receptivity to negotiating reductions in conflict. “It’s possible,” Mowatt-Larssen said, “that the Russians are signaling their interest in initiating a dialogue on cyber rules of the game.” 

The conference participants emphasized that their ability to respond quickly to challenges that did take place during the midterms were in large part due to the steps states have taken since 2016 to fortify their elections.

In 2016, Warner said, “We were playing checkers while the Russians were playing 3-dimensional chess.” With the help of D3P, he said, states are now much more able to foresee and withstand complex moves by opposing players. “This was something that wouldn’t have happened without Eric Rosenbach and the Belfer Center,” Warner said. To the gathered officials, he added, “You’re part of that solution today.”

Rosenbach, founder and Director of D3P and Co-Director of the Belfer Center, welcomed the officials and underscored the hard work done by many states since 2016 to take concrete steps to better secure their elections and electoral systems against attacks. He, too, encouraged them to remain vigilant as they continue to build their defenses leading up to the 2020 elections.

At the conference, the 45 officials – including secretaries of state, state elections directors, IT operations managers, and communications coordinators – discussed steps they took before the midterms to secure their elections and issues they encountered on election day that interfered with registration, voting, and reporting results.

Missouri Secretary of State Jay Ashcroft said he appreciated the Belfer Center’s work “and the opportunity to meet with election officials from across the country to discuss the 2018 elections.” Denise Merrill, Secretary of State from Connecticut, said it was especially beneficial for her to hear from other states about steps they have taken to secure their processes not only against foreign interference but also against actions such as misinformation that hinder voting.

Many states represented at the conference said they experienced voting problems caused by mostly well-intentioned organizations that used old lists or incorrect information in their campaigns to increase voter registration or get-out-the-vote results. A major social media effort urging young voters to register used a third-party site with confusing information that resulted in a number of people showing up to vote around the country only to discover they hadn’t actually registered.

Siobhan Gorman, communications expert with the Brunswick Group and a member of D3P’s advisory council, explained the difference between “misinformation” (unintentional use of incorrect or misleading information) and “disinformation” (intentional use of incorrect or misleading information for the purpose of deceiving). She said she is seeing increasingly creative attempts at disinformation including “deep fakes” – videos digitally manipulated to show people saying or doing something they never said or did – for the purpose of deceiving voters and possibly influencing elections.

Since Rosenbach and the Belfer Center launched D3P in the summer of 2017, the bi-partisan Defending Digital Democracy team of experts from government, cyber, and communications – along with about 30 Harvard Kennedy School students – has reached out to all 50 states and actively engaged with 44. During the past year, the team traveled across the country to gather information about specific security issues states encountered. As a result, D3P developed and distributed playbooks with concrete recommendations on how to defend against malicious hacking and communications operations, has conducted a series of workshops for election officials with tabletop exercises (TTX) simulating a wide range of attempts at election interference, and offered several webinars on communications and mis/disinformation campaigns.

Defense against midterm interference and preparing for 2020

Conference participants credited their work with D3P for helping them prepare for and defend against numerous types of interference with their election processes and results. These steps included adding a paper trail to voting whenever possible; using two-factor authentication for passwords; limiting who can have passwords for downloading or uploading information; learning how to detect phishing attempts; carefully vetting voting machine and other vendors; being prepared to quickly distribute clear information to precincts and/or media when needed on election day; testing equipment prior to election day; and having a list of resources on hand for a range of situations that might arise.

A number of states designated individuals to monitor social media for misinformation or disinformation and several developed flow charts for election day use: “If this happens, do this.” One state asked election officials to change passwords for better security and did a dry run before the election to make sure everything worked. We did this, she said, “because of training we’d done with D3P; this didn’t come out of the blue.”

Following D3P workshops earlier this year, 15 states conducted their own trainings for other officials in their states; one held 50 different training sessions. They reported that they used many of the D3P training “injects” (simulated attacks, disinformation, machine malfunctions, and other types of interference) that they experienced in their earlier D3P training.

West Virginia’s Secretary of State Warner said when power went out and some voting machines went down in his state on election day, his team treated it like another D3P training “inject” and knew who to call because they had their resource list at hand.

Training local election officials

The conference participants agreed that a major goal and challenge for every state is to share what they’ve learned from D3P with the many town clerks and officials in small communities throughout their states. It’s a challenge because local communities have very limited resources and often have to choose “between fixing potholes and replacing voting machines.”

The states need to help town clerks and others on the local level “understand their role in security and what the consequences will be if they don’t do it well,” one official said. “It’s a different environment now that this is critical infrastructure,” he added. “We can’t do things the way we’ve done them for 100 years.”

Several attendees urged D3P to help states corral all available resources so they can help locals operationalize this information. Town clerks and other local voting officials are at “the heart” of the electoral process, one official said. “If we can get to the locals, we can lift this really high.”

Jared Dearing, Executive Director of the State Board of Elections in Kentucky, said local communities are a vital part of election security also because town and city budgets are public information and can provide hostile actors with a “roadmap” of “the weakest link in the system” for targeting attacks. Another potential vulnerability, he said, is that many state voting lists are available to anyone, at costs ranging from $35 to $2000.

Also, Dearing said, a major goal for all states “is protecting not just our physical election systems, but the reputation of our election processes.” Sowing distrust of electoral processes – and results – among Americans is a major goal of the Russians and other hostile forces, he said. “Election officials must do all we can to establish themselves – to voters and the media – as trusted sources.” D3P’s work, he said, helps states build that trust. “I love what D3P does,” Dearing said, “it’s uplifting and not tearing down.”

In the conference wrap-up, election officials said that in addition to continuing to build defenses against cyber and mis/disinformation attacks, states need to improve voter education and media education. Kristie Winslow, Communications Coordinator for Idaho’s Secretary of State, suggested that a significant amount of misinformation and even disinformation could be prevented by providing residents with a “voter bill of rights” in each state that clearly advises residents how and where to register and to vote.

Stuart Fuller, Voter Services Manager from Montana, and Judd Choate, State Elections Director for Colorado, added that it’s important to realize that a strong and secure voting system needs informed election officials, voters, and media. They encouraged states to build relationships with their local media and suggested D3P might consider offering training sessions for journalists similar to those it offers to election officials so that they, too, are more aware of the various ways malicious or uninformed information campaigns can corrupt elections and sow distrust in the electoral process.

 

For more information on this publication: Please contact the Belfer Communications Office
For Academic Citation: Wilke, Sharon. “Election Officials Discuss Midterm Interference and Security Plans for 2020 .” News, Belfer Center for Science and International Affairs, Harvard Kennedy School, December 18, 2018.

The Author