#Election2020 Interview: Matt Drake, Director, Cyber Intelligence, SAIC

The lengthy, controversial and at times, exhausting US Presidential election campaign 2020 has almost reached its conclusion, with voting taking place next week on Tuesday November 3. Aside from the general drama of the campaign, which has included several bruising debates and accusations of bias being levelled at social media companies, this election is especially unique in that it is taking place amid a global pandemic.

As well as an expected record number of postal ballots being cast, much more campaigning has taken place digitally, with people spending more time indoors and increasingly reliant on the internet to keep themselves informed. Unfortunately, this has potentially offered greater opportunities for state-sponsored intrusion in the election, particularly through the spread of misinformation, which was already a very pertinent topic from previous elections in the US and other nations.

To discuss how attempted nation state influence has manifested throughout the current campaign, Infosecurity spoke to Matt Drake, who is director, cyber intelligence at SAIC, an IT company providing support to government agencies. Before joining SAIC, Drake worked at the FBI for 24 years, including most recently as section chief of its cyber-division where he oversaw the FBI’s efforts against specific state-sponsored cyber-intrusions.

To what extent has the COVID-19 pandemic increased the security challenges surrounding this year’s election?

One of the most critical components in protecting our election systems is communication. Federal, state and local officials, as well as third-party vendors, social media companies and a host of other groups, need to be sharing information and intelligence in a way that is both timely, accurate and actionable. The COVID-19 pandemic certainly adds to the challenge of effective communication across the parties when individuals are working from home. While not insurmountable, care must be taken to ensure communication channels remain open and strong. Also, with workers at home, and therefore connecting to their systems remotely, it increases the attack surface for malicious actors.

In your view, which tactics used by state-sponsored actors are most effective?

There are certainly tactics that take advantages of weaknesses in our systems, but it somewhat depends on how effectiveness is measured. If their goal is simply to gain access to election systems, state-sponsored actors will most likely target those entry points which allow for access to multiple jurisdictions. If the goal is to influence the topics and issues being considered by voters, social media platforms remain an attractive target.

“The greatest improvement has been the improved communication between agencies and the owners of election systems”

Have US governmental agencies improved at recognizing and combatting these threats in recent years?

I think the greatest improvement has been the improved communication between agencies and the owners of election systems. There has been extensive communication between federal, state and local officials. One example of this is the updated FBI policy to require state officials to be notified when intrusion activity is detected on local election systems.

What technologies do you think state and federal agencies should prioritize to protect against nation state interference in future elections?

First, the technology issue goes well beyond just state and federal agencies. Local governments play a significant role, as do third-party vendors that support election efforts. That said, it will be critical that all parties focus their attention on the information and intelligence related to election systems. Intelligence released from the Department of Homeland Security, FBI and the Director of National Intelligence, as well as from state and local fusion centers, can allow system administrators to ensure they have properly patched and updated their critical systems. I’m confident the appropriate technologies are generally in place at the state and federal levels. The challenge will be ensuring the intelligence gleaned from these systems is shared in a timely and actionable manner.

Finally, do you believe the impact of nation state interference in this year’s Presidential election will be greater than in 2016?

I consider election interference to be the actual changing of votes and voting results. I have not seen any reporting to indicate there was any actually interference in 2016. There was, however, documented influence, which is the attempt to sway voters in a particular direction. This influence becomes improper when nation states do so without revealing who they are. For example, a nation state actor who pretends to be a local resident and organizes a rally on social media to support/oppose a particular candidate is improperly influencing an election. If that same actor hacks into a county system and changes 500 votes from one candidate to another, that would be interference.

I think actual interference of elections by a nation state is a distant remote possibility. Such an act would be a significant escalation of previous behavior and threaten our democratic process. Such behavior could elicit a reaction which they likely wish to avoid.

Improper influence efforts were an established concern in the 2016 election and will likely persist through the 2020 election cycle. Measuring the impact of that behavior is difficult for many reasons. How the influence is discovered and addressed, how it is covered by the media and how the general public views and responds to it will all play a role in the impact of such influence.

What’s Hot on Infosecurity Magazine?