This is another commentary in a series developed by the 2020 Elections Project of the Center for a New American Security and the University of Pennsylvania’s Center for Ethics and the Rule of the Law and Annenberg Public Policy Center. The project culminates in a September 17, 2020, virtual symposium on foreign interference and election integrity. To read more about the symposium and register, go here.
There is a growing and gathering danger shadowing American democracy and our system of elections. It is that malicious foreign actors have demonstrated the motivation and capability to significantly disrupt the 2020 election cycle, thus undermining public confidence in the fairness and accuracy of election results. The challenge for us as a nation is that it is not the federal government that runs our election system, but that responsibility resides with the 50 states. Thus it’s up to each of the 50 states to defend itself against aggressive nation-states. Fortunately there are states with strategies to meet and defeat this challenge; Connecticut is among them.
The threat we face is real. Authoritarian regimes have tested tactics against American election systems that they can deploy to undermine confidence in the integrity of the 2020 elections. First, they continue cyber activities intended to gain access to confidential campaign information and infiltrate U.S. election networks. Second, the same information intervention campaigns used by these powers to inflame existing divisions and discord in the American electorate can also be weaponized to spread disinformation about the election process itself. Since their probing actions in the 2016 election cycle, these regimes have increased their capabilities to disrupt our election process and continue to demonstrate their intentions to discredit American democracy.
In Connecticut, the only way a state of 3.5 million people could defend itself from the aggressive acts of major powers targeting its election system was to build an unprecedented partnership, marshal its forces, and then create and execute a plan of action with a sense of urgency. Secretary of the State Denise Merrill convened a Connecticut Elections Cybersecurity Task Force, which included local, state, and federal officials involved in law enforcement, cybersecurity, and election administration. The result was a strengthening of information sharing and the development of a plan to protect state and local election systems from cyberattack. Merrill began an ongoing dialogue with the Connecticut congressional delegation to discuss these plans and to determine which federal resources could be used to advance the effort.
Federal funds to help states upgrade their election systems had long been available in theory but unobtainable in practice. In the aftermath of the controversy related to election administration in the 2000 presidential election, Congress passed the Help America Vote Act to provide the resources necessary for states to modernize their election systems. Yet for nearly 20 years, over $400 million in federal funds authorized to help state election administration were never appropriated. The reports of the U.S. intelligence community after the 2016 election regarding the threat to America’s election infrastructure caused Congress to act with unprecedented speed in approving federal assistance for election security in the form of grants to states via the Help America Votes Act. It was only through this assistance that Connecticut has been able to turn its plan to defend itself from nation-state aggressors into a reality.
Secretary of the State Merrill’s plan to protect the integrity of Connecticut’s elections from foreign interference has three main lines of operation.
First is the protection of state and local election systems from cyberattack and intrusion. Connecticut, like many other states, has a highly decentralized election administration system. It has 169 autonomous municipalities with their own independently elected election officials, all with important responsibilities and few resources. Computer equipment and software are often dated, and as a consequence networks are at risk. To measure the condition of municipal cyber defenses, the Connecticut National Guard, at the direction of the secretary of the state, is performing an assessment of the cybersecurity posture of each town as it relates to the cybersecurity of the town’s election infrastructure.
Connecticut is also upgrading town network connections to state-hosted election systems, deploying virtual desktop infrastructure for ongoing security upgrades, and providing matching grants to municipalities that commit to investing in replacement workstations that improve cybersecurity.
Second, the state is investing in training and personnel dedicated to protecting election infrastructure from cyberattack and intrusion. Connecticut’s elections are run at an operational level by the registrars of voters, town clerks, and moderators found in each of its 169 municipalities. Training in cybersecurity awareness and best practices is being provided by the secretary of the state’s office, with support from the chief information officer for the state, to all of these local election officials. Those officials now have to use two-factor authentication to access Connecticut’s centralized voter registration, a system that in 2016 was subject to Russian scanning operations. The Office of the Secretary of the State provides ongoing training classes, instructing local officials on best practices in the secure operation of election reporting and voter registration systems, and has made cybersecurity part of the certification process for all new registrars of voters. The Office of the Secretary of the State has also hired an additional IT specialist to focus on cybersecurity and added five election support officers to partner with local election officials in implementing cybersecurity measures.
Third, the state is building a network-centric approach to combating disinformation campaigns that have the potential of disrupting the election process. An emerging threat is that of misinformation campaigns about the election process itself. Malicious foreign actors have demonstrated across several election cycles their ability to use social media to influence the electorate. There is evidence that they could use these same tactics to promulgate false procedural information to disrupt the process of voting itself. Potential examples could include a website posing as an official voter registration tool, a false announcement of polling place closures, or an announcement that COVID-19 has been detected at various polling places.
The Office of the Secretary of the State is launching an effort to create a small and vigilant group of local election officials and voting rights activists to look for anomalies and for information regarding the election process on social media that just doesn’t look accurate. Using the MITRE Corporation’s SQUINT program, a “trusted crowd” of election officials and citizens can report suspect postings via smart phone app. The secretary of the state’s office then reviews these for any necessary response, which might entail clarifications to the voting public. The office has also hired an election information security analyst to scan social media and the dark web to identify and counter any misinformation or disinformation about Connecticut’s elections process.
Connecticut’s best defense against disinformation efforts designed to undermine the election process will be to stay alert and arm its people with the information they need in advance of Election Day. To meet that goal, the Office of the Secretary of the State has launched a public information campaign designed to explain aspects of the election process that have taken on new relevance since the advent of the COVID-19 crisis. For example, the office is explaining to Connecticut voters how the state’s Safe Polls Plan means that they can vote at their usual polling place and that all election workers will be using PPE. The campaign also explains new rules and procedures that may be unfamiliar to voters who have never before cast an absentee ballot. This is the largest public information campaign in the history of the Office of the Secretary of the State, all for the express purpose of making sure Connecticut’s citizens know all they can and leaving no room for confusion about how they can safely cast their votes in the midst of a pandemic.
We cannot expect the assault on American democracy to recede anytime soon. The most recent National Security Strategy of the United States clearly identifies our main national security challenge as coming from “great power competition” and says, “America’s competitors weaponize information to attack the values and institutions that underpin free societies… ” They do so because it is a low-cost, high-impact strategy for authoritarian major powers to destabilize America.
To overcome this potent and persistent threat and protect the integrity of our democracy from foreign interference, we need a bipartisan national strategy based on the following key points.
Authoritarian nation-states are using elements of their intelligence and military establishments, via cyber and disinformation operations, to interfere in the American system of elections. State and local election officials require the technical support and funding of the national government to defend themselves against major global powers’ efforts to interfere with their work and undermine public confidence in our democratic system of elections. Congress should consider election security as an ongoing commitment to the country to ensure an effective and uniform defense of democracy.
The decentralized nature of election administration in America means that it is imperative that thousands of local governments and tens of thousands of election officials work together and leverage resources to upgrade cyber systems, provide security training for personnel, and engage with one another to be on alert for disinformation efforts aimed at sowing confusion about the election process. Funding and technical support provided by the federal government and directed by state election officials can make these partnerships to advance security protocols at the state and local levels possible.
In the 21st century, election security requires an engaged citizenry. In the age of disinformation campaigns launched by nation-states against American states, it is more important than ever that public information campaigns take place in every state, every election cycle. The best defense against misinformation that might undermine election administration is a citizenry informed about how to register to vote, where and when to vote, and who the trusted sources are for information on election administration.
States and localities across the country are building unprecedented partnerships to overcome the unprecedented challenge presented by foreign interference in American democracy. Partisan divisions and institutional rivalries always make such partnerships an ongoing effort; protecting American democracy from foreign interference will require an enduring bipartisan consensus on this issue to sustain a long-term strategy to support those partnerships.
Scott Bates was Senior Policy Advisor for the U.S. House of Representatives Homeland Security Committee and taught at the National Defense University. He currently serves as Connecticut’s Deputy Secretary of the State.