Democracy’s Challenge: Secure Elections Worldwide
LAS VEGAS — The U.S. presidential election is less than three months away, and many cybersecurity experts are bracing for a deluge of deceit.
During a Black Hat 2024 keynote panel Wednesday morning, international leaders outlined how they are approaching election security risks — namely, cyber threats, nation-states, and the rapid spread of misinformation thought generative AI — to ensure 2024 is no anomaly, but an inflection point.
“Elections are complicated,” Jen Easterly, director of Cybersecurity and Infrastructure Security Agency, said in the hourlong session. “I can guarantee that things will go wrong. The good news is, these types of events are disruptive but they won’t invalidate the votes cast.”
Easterly has repeatedly warned of the “complex, dynamic” threat posed by nation-state adversaries such as Russia, China, Iran and others that may only get worse. Her advocacy of a whole of society defense — partnerships with other government agencies and private companies — has gained traction as a top defensive priority.
Easterly was joined by Han de Vries, chief operating officer for European Union Agency for Cybersecurity, and Felicity Oswald, chief executive of the National Cyber Security Centre, on Wednesday’s panel.
This year, a record-breaking number of countries with more than two billion people will hold elections, from the U.S. and India to France and Venezuela. And in the process, cybersecurity officials face the monumental task of safeguarding voters from being misled or having their ballots tainted by deep fakes, phishing attacks and assorted malware intended to deceive minds as well as disrupt technologies that are tightly interconnected globally.
Elections offer “high-leverage moments” for digital intruders to exploit the views of voters and influence their decisions, said Intel 471 Chief Intelligence Officer Michael DeBolt. He suggested the ferocity and timing of more sophisticated attacks could multiply as the U.S. presidential campaign nears its final weeks in October and early November.
Meanwhile, genAI represents the latest technology incarnation that could confound voters, warns Chuck Herrin, field chief technology officer for API security at F5. “My greatest concern is we are in an unstoppable race condition,” he said here. “If the U.S. doesn’t do it, China will. If Microsoft and Google don’t do it, Meta will.”
“There is so much opportunity to do microtargeting to feed a deceptive narrative,” he added. “People are just not discerning, which leads to voter suppression and intimidation.”
The misuse of technology to spread election misinformation has been “massively enhanced,” Leo Scott, chief innovation officer of DataTribe, said in an interview. “We are at a cusp: The ability of bad actors to present and disseminate bad information has really ramped up, and that reduces trust in the system.”
So far, the election season has avoided a cataclysmic episode, although there have been pockets of discord — a fake robocall from President Joe Biden discouraging voters to participate in a primary, as well as a deepfake campaign ad from Vice President Kamala Harris using a manipulated version of her voice that Elon Musk circulated that was viewed more than 150 million times.
Some deepfakes were unleashed to actually benefit a candidate, as they did when an Indian politician had their deceased father vouch for them from the dead.
There is also the real possibility that candidates unhappy with their crowd size can Photoshop video and images to give the appearance of a sold-out gathering, says Audra Streetman, a security strategist at Splunk, which is now part of Cisco Systems Inc.
“Deepfakes are being used to bash opponents and elevate a candidate,” said Streetman, who cited a Splunk-led survey of more than 1,600 security executives globally who are split on GenAI’s influence.
Indeed, a third of those surveyed said their organizations lack an AI policy, as many speed jump on GenAI integration as quickly as possible to maintain a competitive edge.
“We adopt technology before we secure it,” Herrin said.
Ultimately, disruption on all fronts — be it genAI-stoked misinformation, flat-out false social media feeds, and phishing — threatens to create “zero trust” in electorates, sowing societal division, according to Andrew Borene, executive director of international markets and global security at Flashpoint.
Nonetheless, he remains “super optimistic” because of the efforts of Easterly and others.