The security of democracy can be better protected if there is trust from the public and improved collaboration between public/private sectors and governments.
Speaking on a virtual roundtable, Shawn Henry, Crowdstrike CISO and president of Crowdstrike Services, said this is a political and cybersecurity issue. Henry began by claiming that foreign interference in an election is the “ultimate hack, not just of democracy, but of peoples beliefs, what they think and why they think it.” This leads to questions about whether the election is secure and valid, and whether casted votes do count, calling it “a national security issue.”
William Evanina, director of the National Counterintelligence and Security Center (NCSC), said foreign interference is not new, but in the past year it has travelled across to the US and “we’ve seen our adversaries amplify and accentuate over social media.” He also said too many western governments do not understand what disinformation looks and feels like, so the opportunities presented by social media present a vulnerability.
Commenting, Sir Rob Wainwright, senior partner at Deloitte, said disinformation is “a problem around the world” as social media has the opportunity to “spread false narratives, but there is a side to this that is even more dangerous and insidious.” Wainwright also cited cyber-attacks as part of a campaign of disinformation, as this “is about more than just spreading propaganda.”
Wainwright explained the complexity and cycle of the threat between 2016 and 2020 elections and said “we need to up our game as a result.” Evanina said time had been spent over the past few years driving partnerships with government agencies and industry “so the local CISO understands the intent and the adversary, and how they can be compromised.”
Asked by Henry what role a collaboration between public and private sector can play in this situation, Wainwright said there is a role in society to get this right, particularly for social media, and those companies are working more intensively than four years ago. “The big point is that this is not about what role governments can play on one side and private sector companies on the other, it is very much about the collaboration and getting that public-private partnership in the right space so it is all hands on deck in a uniform way,” he added.
Wainwright said the collective responsibility should be about getting the hygiene right, about common standards across the election infrastructure, as well as knowing where the threats are coming from and what the intelligence looks like.
Evanina agreed that public-private partnerships has never been more important. “We have to be willing and able to partner, and that partnership starts not only with intelligence sharing, but we have to find a happy medium where we can provide due diligence on sharing information at the same time, some privacy protections and privacy sanctions after a company is victimized,” he said. “Being a victim is not something that can carry penalties, we have to find a happy medium.”
Wainwright concluded by citing the importance of this issue, particularly in embedding confidence in the public, saying regardless of if you work for a social media company, in intelligence or in government “you need to see everything through that lens to get it right and prioritize it in a collective and successful way.”
Evanina said as a democracy, we need to provide free and open elections, so the public has confidence in the voting systems. “If we cannot ensure that, we have a lot more problems than we think we do.”