How the US Can Prevent the Next ‘Cyber 9/11’

Calling the past month a tumultuous one for United States digital policy might be an understatement. Between remote working and learning, Netflix binging, and doomscrolling, internet usage has swelled during the pandemic. The Trump administration, meanwhile, continues its campaign against Chinese telecom Huawei and has touted banning TikTok in the United States.

On top of that, General Paul Nakasone, head of US Cyber Command and director of the National Security Agency, said last month, “We’re going to act when we see adversaries attempting to interfere in our elections.” President Trump publicly confirmed a reported US Cyber Command operation in 2018 to knock Russia’s Internet Research Agency offline during the midterms. And Democratic representatives have requested an FBI briefing on foreign influence operations aimed at the 2020 election.

Still, rising from all these digital threats is the potential for better policy and outcomes. “You see cyber now come from the world of the techies into the world of geopolitics,” says Sue Gordon, who most recently served as principal deputy director of national intelligence, the second-highest-ranking intelligence official in the US, before resigning in August 2019. In response to these threats, the government, private sector, and civil society are getting “much more mature about the kinds of tools we use against them.”

In an interview with WIRED, Gordon—who has also served in senior roles at the Central Intelligence Agency and as deputy director of the National Geospatial-Intelligence Agency—talked cybersecurity, digital threats to democracy, and whole-of-society responses to those risks.

As the November election approaches, as Russian state media spread lies about the coronavirus, and as social media platforms keep removing user accounts from state-linked information operations, the Russian government’s digital threats to electoral processes were top of mind.

In Gordon’s view, there are two main reasons why the US remains so focused on Russia “as such a dangerous, capable adversary.” The first is clear evidence that Russian actors in 2016 perpetrated both interference operations, like hacking into voting machines, and influence campaigns, that is “influencing people’s will to vote, how people vote, whether people vote, whether they think their vote matters.” For just a smattering of evidence of both influence and interference, look no further than the Senate Select Committee on Intelligence’s five reports on Russian campaigns in the 2016 US election—on election infrastructure attacks, use of social media, the US government response, the US intelligence community’s assessment, and US counterintelligence efforts (yet to be publicly released).

Second, whereas other countries “are relatively newer about using all the instruments available to them,” Russian intelligence services are “fully formed, very mature.” But she stresses that the Russian government is not the sole conductor of influence operations. Indeed, on July 24, the director of the National Counterintelligence and Security Center warned of China, Russia, and Iran expanding influence efforts aimed at the US’ November election.

Today, Gordon says, “We are more prepared, the United States and the whole stack of people that have to be interested in this, than we were in 2016.” There is more ongoing effort to protect election machines, and the federal government is working more with localities that administer elections. “That doesn’t mean it’s perfect,” though; “there’s always more you can do.”

Election security experts have spent years arguing for a list of changes, with only some success. Senate Republicans continue blocking legislation that would provide federal election security funding and address the abysmal state of electronic voting technology security: Many electronic voting machines are still vulnerable, as are many voter registration databases. In May, the Department of Homeland Security sent a private memo to state officials, obtained by The Wall Street Journal, recommending paper ballots over electronic ones, as the latter “are high-risk even with controls in place.” Foreign operations meanwhile continue.