US elections are under threat from cyberattacks — and so are yours
When we talk about the integrity of elections, we tend to think about voter registration, transparency of donations, or the secrecy of our ballots.
But on both sides of the Atlantic, the most disturbing new threat is the specter of cyberattacks against our campaign infrastructure.
Whether in the wake of the U.K.s EU referendum in June 2016, the U.S. presidential election that November, or the 2017 British general election, newspapers have been filled with endless speculation about foreign governments attempting to influence the outcome of elections.
Unfortunately, much of the debate on the topic has become a partisan political tool used by both sides to make accusations against each other — creating chaos, just as cyberattacks are intended to do.
What is deadly serious is the prospect of a malicious actor — who could be a foreign government, domestic extremist group or a single individual — acting to degrade the integrity of elections in the U.K.
As Mitt Romneys campaign manager in 2012, I experienced cyberattacks firsthand when China tried to infiltrate our servers.
In my country, the USA, technological advances of the last 20 years have led to a commensurate increase in the digital threat. When I first became involved in presidential campaigns in 2000, this never really crossed our minds.
As Mitt Romneys campaign manager in 2012, I experienced cyberattacks firsthand when China tried to infiltrate our servers, forcing us to spend precious campaign resources on improved cybersecurity. Every cent we spent on protection could have been used addressing voters concerns, and that meant even unsuccessful cyberattacks ultimately weakened our campaign.
The threat hasnt gone away, and its why I signed up as a co-leader of the Defending Digital Democracy project. The initiative is sponsored by the Belfer Center at Harvard University and co-led by Eric Rosenbach, former chief of staff to President Barack Obamas last Secretary of Defense Ash Carter. The initiative brings together experts in politics, national security and tech to develop strategies and technology to protect campaigns from cyberattacks.
Working also with Robby Mook, Hillary Clintons 2016 campaign manager, we have been trying to send a message that cyberattacks are a bipartisan problem requiring cross-party solutions. Mook and I dont agree on much politically, but one thing we are in lockstep on is that only U.S. voters should decide U.S. elections.
Matt Rhoades was campaign manager for Mitt Romney, pictured, in 2012 | George Frey/Getty Images
And the more that I follow events in British politics, the more Ive come to recognize similar vulnerabilities on your side of the Atlantic.
Just recently, British intelligence leaders warned of foreign threats to undermine democracies via cyberattack. Moreover, the head of the National Cyber Security Centre has already warned a major cyberattack is a matter of “when, not if,” and has briefed the major political parties in Britain to that effect.
We all need to be more aware of the nature of the threat, and the need to work constructively across the political divide to mitigate it.
Im sharing my experience of the challenge we face in the United States not to argue about what might have happened in previous elections, but to encourage folks in both of our countries to come together with forward-looking solutions.
In the U.S., campaign organizations dont have the technology or the expertise to defend against even unsophisticated cyberattackers. Political parties in the U.K. might have some resources centrally, but a general election with thousands of candidates contesting 650 constituencies presents a huge number of vulnerabilities for a determined attacker to strike at.
The next attempt to undermine British democracy through cyberattacks might not even come from a hostile foreign power.
Campaigns and political parties need to be alert to these sorts of threats, and ensure that their cybersecurity processes are taken seriously.
It could come from an extreme domestic group or individual who just wants to create chaos. The resources, training and tools required to do so are readily available online.
Campaigns and political parties need to be alert to these sorts of threats, and ensure that their cybersecurity processes are taken seriously. Learning from the experiences weve had in the USA would be a very sensible first step to take.
Outside the parties, there is also a policy discussion that needs to take place about what more the government and leaders in the tech world can do together to ensure the security of future campaigns.
Its pretty clear, even to an outsider like me, that Jeremy Corbyn and Theresa May have very little in common politically. But Im sure both would agree that the outcome of the next general election should be decided by the British voters, not by foreign hackers.
Matt Rhoades was Mitt Romneys 2012 presidential campaign manager and founded America Rising, Definers Public Affairs, and U.K. Policy Group.