This is the 2018 Billion-Dollar question.  

Most experts believe that Russia through the GRU, the intelligence arm of Russia's armed forces, and/or the FSB, the Federal Security Service of the Russian Federation will continue to interfere in U.S. elections on some level(s).  Others are raising concerns about China and even Iran. There are many prognostications, but before commenting on any one theory, let’s review the multiple paths a malicious actor, say Russia (or any of the “axis of evil” for that matter) could use to compromise the 2018 American Midterms and upcoming elections in Europe. 

The Brennan Report on Election Security was one of the first studies to identify the existence of three avenues to attack elections.  In a series of OSET Institute Blog articles, a year ago this past summer, Sr. Elections Technology Policy Analyst Sergio Valente (on leave this fall in Jordan) reviewed the Brennan Report and dove deeper.  We encourage you to read his related posts available here, here and here.

We ultimately crystallized and cataloged this in our Critical Democracy Infrastructure Briefing produced a year ago, where we categorized three types of attacks.  Briefly, here are the election threat levels in ascending order of severity:

  1. Type-I: Defamation (de-legitimizing elections). This is using weaponized content or generating false content to undermine voters’ confidence in the election by creating the idea that there is a compromise of the election (i.e., processes or platform) through disinformation.

  2. Type-II: Disruption (negatively impacting voter turn out or other disruptions to process). This includes efforts to disrupt the orderly process of an election, typically either at the point of voter check-in (poll books), or during the process of polling place activities (power outage), or in the latter and critical stage of reporting out result. Disruption attacks can be accompanied by Type-I attacks, and in some circumstances a Type-I attack may achieve the desired effects of a Type-II attack. But notably Type-II attacks can include digital intrusions or disruptions, which are closer to Type-III attacks.

  3. Type-III: Subversion (direct manipulation of the devices, machinery or systems). This is the most dangerous and insidious type of attack; a category of which we have not yet produced verifiable evidence has happened, but for which there is sound intelligence and awareness of its potential and risk (as we’ve demonstrated in the past.)  This type of attack utilizes digital weapons to infect, disable, or otherwise disrupt the actual digital machinery of voting administration (in the worst case without immediate detection).  The classic case and the one most concerning is the potential altering of vote tallies and tabulation.  Despite good cyber security theater it makes, in fact, Type-III (subversion) attacks will unlikely occur effectively at the ballot casting device but rather target tabulation and tally equipment.

According to Dan Coats, the Director of National Intelligence,  “Russia is trying to spread propaganda on hot-button issues using social media.” He called Russia’s efforts “persistent and pervasive.”  “Moscow’s strategy,” he said, “is to exacerbate sociopolitical divisions.” There are ongoing Type-I threats.  “We continue to see a pervasive messaging campaign by Russia to try to weaken and divide the United States,” Mr. Coats explained while at the White House on August 2nd, 2018.

On August 3rd, FBI Director Christopher Wray stated that intelligence agencies have not yet seen the “same kinds of efforts to specifically target election infrastructure” that the Kremlin engaged in during 2016, for example hacking voter registration databases; such would be largely Type-II attacks. Instead, GRU efforts have focused on “malign influence operations,” which Wray called “information warfare,” again a Type-I attack threat.  The objective of most foreign interference is leveraging social media and other digital sources for scattering propaganda. As of August 21, 2018, Facebook had shut down 32 pages and accounts suspected of having ties to Russia.

Meanwhile, what do our European allies think about Russian interference in upcoming elections?

Anders Fogh Rasmussen, former NATO Secretary-General and current Commissioner of Transatlantic Commission on Election Integrity (“TCEI”) does not doubt that Russia has a stake in European elections occurring in late 2018 through 2019.  "I have no doubt Moscow will deploy the full playbook of measures to spread confusion and fear: cyber-attacks, assassinations, disinformation, conventional attacks in Eastern Ukraine. We cannot allow this to happen," he said.  

Victor Pinchuk, the creator of the Victor Pinchuk Foundation, one of three organizations behind the Ukraine Elections Task Force, said that the next generation of meddling and disinformation technologies could dramatically harm the next generation of democracy and even Ukrainian statehood. "Moreover, if we do not prevent it, what might happen in Ukraine in 2019, may also be repeated across the West in 2020," Pinchuk said.  Both Rasmussen and Pinchuk prognosticate that Russian election meddling will happen at each threat level.

Our View

Based on our own research, experience, and sources, how do we believe foreign adversaries (primarily the Kremlin) will attempt to interfere in the 2018 U.S. midterm elections?

Of course, Russia continues to taunt the U.S. with Type-I attacks using disinformation, fake news, and instigation of social warfare on Facebook and other media sites. We believe those attacks will only increase as we approach the midterm elections in less than 50 days.  Russia knows that U.S. intelligence agencies are expending an enormous amount of resources to thwart these threats—and it’s a “whac-a-mole” exercise, so these attacks will continue. 

There is some question whether and to what extent there will be Type-II attacks. Our sense is the window for those may have passed, at least to the extent of voter registration systems (not that we believe those were ever necessarily an intended target, but that’s another story, for another time). There does remain the possibility of attempts to hack election results sites (another potentially successful disruption maneuver), but let’s be very clear on that point: election results web sites are never the official results of record, but rather a postulate reporting for public convenience. The official tabulation records and tabulators are not on-line; as far as we can tell (and hope), nearly ever.

[Note: There is a rabbit-hole topic about remote access software for maintenance and service purposes that have been known to be installed or enabled on the machinery containing election management software including tabulation. Given the amount of public awareness about that fiasco, our fingers are crossed that such ingress has been closed.]

So, this leaves the insidious Type-III attacks; that is, subversive direct manipulation of election results, and that’s hopefully another story we can disregard this year.  Why?  

First, this is thankfully not a Presidential election year. There is no federal election result to certify by mid December in Congress.  While not ideal, a State can run without a Senator, Congressman or a Governor in relative (if not lame-duck) order until the ultimate determination of an election result by recount or legal contest. Recall the 8-month battle that was the Franken-Coleman 2008 Senate race in MN? More on that in a moment. But the stakes are not as lofty in the midterm elections, so foreign adversaries can afford to save their dry powder for this one, and try to lull our citizens and perhaps our intelligence agencies into thinking the GRU has backed away, and especially from attempting any Type-III attacks.  Meanwhile, however, success for them might well be casting a half dozen House seat races into outcome chaos, vis-à-vis the Coleman-Franken debacle of 2008 I mentioned above. That’s where we suspect the action will be, and that could be easily initiated by domestic actors (e.g., political parties challenging results) as much as it could be from foreign initiated Type-I attacks to cause chaos from alleged issues over too-close-to-call races.

So, what is likely to happen then?

We believe our foreign adversaries (again, in particular the Kremlin), are in for the very long game.  They’re planning and playing with a very strategic, patient, and long-range view.  On their timetable, the 2020 Presidential Election is just around the corner, and (at worst) for the midterms they’re intending to continue poking and prodding through Type-I attacks (perhaps acquiescing that Congressional control is about to change with little that can be done other than, as mentioned earlier, helping push questionable results into chaos).  Otherwise, they’re monitoring and preparing in the misguided belief they can successfully subvert our election and manipulate our government when the stakes are high enough in 2020.  However, their success is predicated on U.S. election technology infrastructure remaining in its current status quo.

I say “misguided” because we believe that between now and 2020 two things absolutely must happen:

  1. The status quo of current configurations of voting systems must be a] completely rid of remote access capability; b] fortified with paper ballots of record; and c] tabulation and tally devices must somehow become truly hardened; and

  2. It must become clear to the world that there is a refactoring of the infrastructure underway to be far more higher integrity, driven by a new critical infrastructure mindset in terms of security-centric engineering—down to hardware attestation.

The first is imperative and mandatory; the second is equally imperative, and we hope more than an aspiration.

Returning to our outlook, at the very worst, we believe foreign intervention and disruption attempts on our vital sovereign act of public elections, will be focused on the extent to which they can disrupt and cause chaos, bringing uncertainty to the outcome of several House and Senate races—enough sufficient to at least delay any sense of outcome and which party is in control for the second half of this Administration’s tenure.  Imagine a half dozen races thrown into a Franken-Coleman state of uncertainty; we sense that would be the worst-case scenario for this midterm.

From the U.S. enemies’ point of view, they may not have to expend great effort to derail an election. With a little luck they can continue to sow seeds of mistrust and distrust in our vital democratic processes; using age-old propaganda tactics fortified by social media in the digital age for the destruction of the political middle, rewarding partisanship and punishing compromise and consensus; pushing people to their extreme edges of partisanship. That’s how to implode a democracy.

So, while manipulating results is unlikely (but the prospect of a Type-III attack remains ared elephant in the room”), and successful disruption (Type-II) attacks are also probably unlikely, the manipulative propaganda campaigns of Type-I attacks armed with weaponized digital content are likely to persist, and we believe may (at worst) throw results into some chaos—for a while.

Your comments encouraged!

Christine M. Santoro, Esq.
Secretary & Chief Legal Officer
OSET Institute, Inc.