The biggest concern for election security isn’t about Election Day — it’s about the day after, Department of Homeland Security Secretary Kirstjen Nielsen said.
“My biggest concern is that a foreign entity will take the opportunity after the election, or the night of the election, to attempt to sow discord through social media by suggesting that something’s not working as it should in a particular area,” Nielsen said Friday morning at a Council on Foreign Relations event in New York.
The conversation with Nielsen about comes just four days before Election Day and amid major DHS efforts to protect the US elections from foreign interference.
That includes assisting election officials in all 50 states, creating its own center to protect critical infrastructure, and attending Defcon to learn about voting machine flaws. While DHS is working to protect the machines and make sure voting officials are prepared, it’s that wave of disinformation on social media that’ll follow the election that Nielsen’s most worried about.
To address that, she’s done exercises with election officials on the most legitimate ways to report results from races. But it’s not clear how effective that will be. While Homeland Security can provide protection for machines and prep voting officials, stopping lies from spreading on social media is an entirely different beast.
This type of nation-state propaganda happened during Election Day in 2016. NBC News reported, for example, that a Russian Twitter account amplified a video of a voting machine malfunctioning, showing a vote for Hillary Clinton instead of Donald Trump.
While it was later revealed that the person behind the video was not using the machine correctly, Russia’s disinformation campaign made the video go viral through the @Ten GOP account, with more than 29,000 retweets, claiming there was voter fraud.
It took Twitter nearly a year to catch on to that fake account as part of Russia’s propaganda campaign.
Preventing election interference for the midterm elections is being addressed from every angle, from securing voting machines to protecting campaigns and voter databases from cyberattacks to curbing disinformation on social media. Just two weeks before Election Day, Facebook announced it had removed 82 pages tied to an influence campaign from Iran, which posted divisive images on political issues.
Even if a nation-state doesn’t hack into US voting machines, if it’s able to convince people that it did, it accomplishes the same goal. Part of its mission is to undermine people’s trust in democracy, and if people believe their votes were hacked, it would do that, Nielsen said.
“2016 showed us that they’re absolutely willing to attack the very essence of what makes our country a country, which is the sacredness of our elections,” she said.
To deal with disinformation campaigns, DHS has to rely on help from companies like Facebook, Google and Twitter. She noted that their partnerships could be better, but the tech giants have taken a much more proactive approach to handling disinformation now than in 2016.
That includes developing artificial intelligence tools to stop trolls from proliferating on their social networks.
‘The most secure election we’ve ever had’
On a potential cyberattack during Election Day, Nielsen is less concerned. She told the audience that “this is going to be the most secure election we’ve ever had,” noting that there’s no indication that hackers have attempted to attack election infrastructure.
That’s not including known cases where hackers attempted to phish candidates, and propaganda campaigns that Google, Twitter and Facebook made public in recent months. And while the DHS has not spotted any attempts to hack voting machines, the vulnerabilities are still present.
Before Nielsen took the stage, ProPublica released an article finding security flaws on election computer servers in Wisconsin and Kentucky.
Nielsen also noted that there are still continued attempts to attack voter databases, though there have been no successful breaches from a foreign entity so far, she said.
That’s not to say there haven’t been breaches at all. In July, thousands of US voter data was exposed by a Virginia-based political campaign and robocalling company. In August, security researchers also found an unsecured database holding voter records on over 14 million people in Texas.
But the Trump administration remains confident that this election will be safe from hackers. At a press briefing on Thursday, President Donald Trump told reporters that the election would be “perfect and safe.”
“There will be, hopefully, no meddling, no tampering, no nothing,” Trump said.
Election security: Everything you need to know about election security in the 2018 US midterm elections.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.