The United States Needs a Red Team to Protect the Election

Adversaries are trying to undermine U.S. democracy. Hackers and regular citizens must identify weaknesses and make the system resilient in the face of cyberthreats.

By , a columnist for Foreign Policy and a fellow at the American Enterprise Institute.
An election worker feeds ballots into a voting machine during an accuracy test at the Miami-Dade Election Department headquarters on Oct. 14 in Doral, Florida.
An election worker feeds ballots into a voting machine during an accuracy test at the Miami-Dade Election Department headquarters on Oct. 14 in Doral, Florida. Joe Raedle/Getty Images

“What if a foreign adversary hacks our secretary of states’ websites and changes the vote totals?” U.S. National Security Advisor Robert O’Brien asked earlier this month. Sure, the United States has never been hit by this sort of election interference before. But the art of keeping a country safe is the art of anticipating what the enemy might do next. As both Russia’s Vladimir Putin and China’s Xi Jinping have demonstrated, America’s rivals are innovative. Americans, with an election around the corner and at risk in known and unknown ways, need to do their part to keep the country safe—by thinking like the enemy. That means volunteering to fight cyberintruders and preparing for an Election Day that could feature power cuts and GPS jamming.

O’Brien is far from alone in fretting about the harm assorted adversaries can cause U.S. democracy by interfering in this most fraught of elections. Last month, FBI Director Christopher Wray told U.S. lawmakers that Russia was generating a “steady drumbeat of misinformation” aimed at discrediting Democratic presidential nominee Joe Biden and the election itself, and in August William Evanina, the director of the National Counterintelligence and Security Center, warned that Russia, China, and Iran were all trying to interfere with the election—China mostly to denigrate Trump, Russia to denigrate Biden, and Iran to discredit the elections altogether. Facebook has already removed a few accounts used to spread Russian fake news.

But now the public is acquainted with disinformation and interference with election infrastructure, and wary of it. In a January NPR poll, 41 percent of Americans said the United States was not prepared to keep the November elections safe and secure. But what if America’s rivals don’t focus on their old tools in this election? Recorded Future, a cybersecurity firm that has received funding from both Google Ventures and the CIA’s investment arm, In-Q-Tel, noted last month that there have been no “observable Russian state-sponsored hack-and-leak operations” this year.

In November 2019, however, Russian operatives hacked Burisma, the Ukrainian firm with which the Democratic nominee’s son Hunter Biden is associated. Then, on Wednesday, the New York Post—a U.S. tabloid—published an exposé of Hunter’s alleged contacts with Burisma that the paper said was based on emails found on a laptop belonging to Hunter that had been dropped off for repair in a Delaware shop and apparently shared with Trump confidant Rudy Giuliani. The details and indeed the veracity of the story remain murky and Twitter and Facebook have already restricted its distribution on their platforms.

Constant fake news and election-infrastructure hacking may, in fact, just be the white noise that numbs people’s attention. “Attack [the enemy] where he is unprepared, appear where you are not expected,” advised Sun Tzu in The Art of War. Though the Chinese war manual was published in the 5th century BC, generations of Western and Asian leaders alike have been devouring Sun Tzu’s wisdom ever since. Putin seems a devoted disciple of Sun Tzu, or perhaps he’s just a clever strategist. When the West responded to Russia’s annexation of Crimea and hybrid war in eastern Ukraine by increasing the Baltic states’ defense against similar attacks, Putin instead took the action to Syria.

That means U.S. officials need to think like Putin, Xi, or North Korea’s Kim Jong Un. Or why not think like Venezuelan leader Nicolás Maduro, who no doubt would like to sabotage the elections of a country he’d argue has tried to sabotage his government? And they need to consider what would achieve the most damage on Election Day. There are a number of terrifying scenarios.

If the power grid in large swaths of the United States goes down on Election Day, people will focus all their attention on trying to figure out what’s wrong and how to get power back; the act of voting will become an afterthought. Russian hackers have been probing energy utilities’ information technology systems, and, according to the cybersecurity firm Claroty, more than 70 percent of the control system vulnerabilities disclosed in the first half of 2020 can be exploited remotely.

Indeed, why not mess with GPS systems across the country? During NATO’s 2018 Trident Juncture exercise in Norway, Russian troops jammed GPS, which affected not just NATO troops but Norwegian airliners as well. Pilots had to navigate manually. “Jamming isn’t very difficult,” Mark Dickinson, the president of the Space Data Association, an international organization of satellite operators, told me after Russia’s jamming during Trident Juncture. “While spacecraft are usually well protected, with jamming you can disrupt nearby commercial GPS signals.”

Such jamming could hit your smartphone. This year, many Americans will have to drive to new polling places, possibly quite far from their homes. Imagine the effect on the election if GPS were jammed and voters wouldn’t find their way to the polling place. GPS jammers are so cheap even Maduro’s Venezuela could afford them.

Or imagine what would happen if the internet went down on Election Day, even for just an hour. Stalled electronic voting machines would only be the beginning. Traffic lights would go down, and banks, airports, power companies, and government agencies would not be able to operate. (This is almost precisely what happened to Ukraine during a Russian cyberattack in 2017.) Earlier this week, an apparently accidentally severed fiber-optic cable prevented Virginia residents from registering to vote.

Estonia, a determinedly high-tech nation that in 2005 became the world’s first country to hold nationwide elections over the internet, knows what harm hostile governments can do by targeting the internet. Two years later the country was struck by a massive cyberattack subsequently traced to Russia that brought down government agencies, banks, and news outlets and that in some cases went on for several weeks. Today the country has not only more secure IT systems but also a cyber-defense league, where IT experts volunteer their time to keep the country safe.

The United States could learn from Estonia: It’s possible to maintain a vibrant democracy even when adversaries try to harm it, but that involves lots of citizens doing their part. That part can also involve ordinary citizens identifying and reporting trolls, as Lithuania’s self-appointed “elves” do. Or ordinary citizens finding out in advance where to drive to cast their vote, in case GPS doesn’t work on the day.

National Guard forces supplemented by cyber-defense units, Estonian-style, would make the United States more resilient. For this election it’s too late, but if America is going to protect itself against innovative adversaries it needs more cyber-defenders than those currently employed by the government. “The internet is built in such a way that it’s virtually impossible to control anything centrally,” Recorded Future’s co-founder and CTO, Staffan Truve, told me. “And because the internet is so decentralized, hunting would-be election interferers is a bit like whack-a-mole.”

Currently, firms that could make a difference often decide not to. When Recorded Future recently identified IT infrastructure that was being used in disinformation campaigns, the IT provider opted not to shut the perpetrators down. “They prefer to protect the perpetrators’ identity over protecting the public,” Truve concluded. Microsoft has had more success. This week it announced that it had disrupted a massive hacking operation that could have indirectly affected U.S. election infrastructure. The software giant took down the servers behind a vast malware network known as Trickbot—but was only able to do so after gaining permission from a federal court to disable the IP addresses associated with Trickbot’s servers.

But there’s hope. “California is full of bright people,” Truve said. “The tech sector could do a lot more to help keep elections secure. If Google wanted to live up to its old motto of ‘Don’t be evil’ [since 2015: ‘Do the right thing’] it could devote significant resources toward election security. Google has the most information and the most compute power.” The brightest tech minds of California and other states could act in the spirit of the U.S. Cyber Command’s “defend forward” strategy, where U.S. cyberwarriors take the fight to would-be attackers, often by signaling to them that they personally will suffer consequences if they attack.

Losing one’s right to visit Western countries or own property there, or facing criminal prosecution if venturing abroad is a significant price to pay for a freelance hacker and indeed for government officials. I call this the “horse head in the bed” strategy after the scene in The Godfather, and, because it can be done without any offensive elements (which are the prerogative of a country’s government), it seems a perfect mission for volunteer cyber-defenders.

Those bright people in California and beyond, along with the rest of us, should imagine how America’s adversaries could cause the most harm. If there’s internet chaos on Election Day, make sure you have cash and a radio at home; in case of a traffic meltdown because the traffic lights aren’t working, resolve to be gentle with your fellow drivers, or vote early. Plan for potential internet outages by bringing a book to the polling place – casting your vote may involve a considerable wait. If you’re a cyber-expert, set Election Day aside to chase would-be interferers in the name of democracy, and don’t chase in the usual places. What if a string of schools or care homes were brought down by cyberattacks and scores of people sat out the election?

It’s not certain that Russia, China, or any other country will attack American grids, GPS, or internet providers on Election Day. In fact, it’s unlikely they’ll do so. But keeping the country safe means jointly preparing even for unlikely scenarios. Armed forces don’t prepare for wars because such wars are just around the corner. They’re not. But by being prepared, the military signals to adversaries that there’s no point trying to attack. Citizens should signal that, too, in their own areas of responsibility. At the moment Americans can’t seem to agree on many issues, but keeping their elections safe should be among them.

Elisabeth Braw is a columnist for Foreign Policy  and a fellow at the American Enterprise Institute, where she focuses on defense against emerging national security challenges, such as hybrid and gray-zone threats. She is also a member of the U.K. National Preparedness Commission. Twitter: @elisabethbraw