Last Thursday the FBI announced a new internal policy that is aimed at helping the 8,000 election agencies throughout the U.S. by reporting so-called cyber intrusions, which could affect the country’s election infrastructure, down the pipeline so to speak. We’ve seen how outside influences can impact the democratic process of our elections, and all the help that can be lent is welcomed in my opinion. With every week that I consider what part or parts of information security and privacy topics to delve into for your sake, and mine of course, I see November coming sooner and closer. Therefore, I have to actively balance my interest in how this most important quadrennial event will play out this year, furthering what we learned about 2016, as against the incalculable other cybersecurity issues. This week, the election won.
Because the FBI sits within the organization of the Department of Justice, whose current list of priorities may be topped with concerns of national security and organized criminal endeavors, it is natural that the law enforcement community of the FBI will be taking a more active role than ever in the upcoming election. Without the integrity of an election how secure can the nation be? And, again as we learned not long ago and continue to learn to this day, these crimes against America and our democratic processes are generally perpetrated by organized criminals, be they state-sponsored or disruptions by private groups. Much as the media likes coloring a hacker as the basement-dwelling, Red Bull-swilling antisocial loner, most scholars agree that well over 90% of information security crimes are founded in organized efforts. Maybe it’s not La Cosa Nostra and the organized crime of TCM movies, but it’s clearly well-organized nonetheless.
So, just like its being best suited to fight the Mafia, the FBI is suited to fight against the modern day organized crime syndicates. Something within the announcement dawned on me that, pleasantly, was unlike the FBI-Mafia tropes of gone by TV and film: Collaboration. This is a new, critically important key to fighting cyber criminals. Creating effective channels of communication and leaving the LEO ego at the door will help. Here, the FBI is playing a new strategy, or at least one that isn’t as well practiced as the more insular times when federal, state, and local law enforcement angled for exclusive control. You’ve watched the cop movie scene play out many times. The local sheriff’s deputy responds to a citizen’s call, arrives on the scene, then watches as the suited up federal agents come soon after and claim as theirs the whole case.
Of the thousands of local election officials across the country, whom among them bears the technological and security expertise to even identify when a cyber threat is actively affecting their district’s election? Meanwhile, the FBI’s resources and training include such powerhouse facilities as its span of Regional Computer Forensics Laboratories, such as the one in Louisville, where some of the most sophisticated forensics technologies are used to fight cybercrime, from financial crimes to the public corruption implicated in election crimes. This, despite the truism that elections are typically controlled by local officials. Again, this newfound cooperation will be a boon.
In order to respect the locals, the FBI’s new policy mandates that the Bureau notify the chief state election official, or another local official, when the FBI discovers threats to the infrastructure. Then, it will be the local official’s duty to respond. In the more urgent cases, or those where an attack is currently underway, my hope is that the authorities continue their collaboration. In other words, if the FBI reports an ongoing threat and then heads back to the office, my sense is that way too many state or local officials will be defenseless, or at the minimum less effective than keeping the wealth of computer crime fighting knowledge that is the FBI nearby. Another duty of the local election official will be to determine whether to inform us, the public, about the attack or threats. The FBI will not be publishing that intelligence, again unless the most unusual case presents itself.
It seems that most at the state and local level are welcoming of the capacity and savvy, federal as it may be. The National Association of Secretaries of States was “pleased to see information sharing increase” in the face of looming election crises that may evolve in the cyberspace area. Secretary Lundergan Grimes is no holdout when it comes to collaborating with federal officials to protect the 2020 elections. Her Election Integrity Task Force involves the FBI, Homeland Security, Kentucky’s State Police and National Guard, and a number of similar partners.
The sophistication and gravity of cyberattacks that can actually infiltrate the relatively secured election infrastructure in the U.S. does not develop on the shoulders of one mala fide hacker. No, it can only be developed with extreme levels of funding and organization. Therefore, it is a natural defense to bolster the local and state elections agencies across America with the even more funded and organized agents who make up the FBI. There’s no way that 8,000 dedicated yet untrained election officials can fight cybercrime. Sadly, there’s no way that given any amount of defense and technological acumen we could honestly feel 100% secure in the upcoming election. But, like any other risk management process, the best that we can do is to continually build up defenses, become educated, and act with professionalism and dedication. That, I presume, is all being heightened with this new FBI policy.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at email@example.com.