Thwarting foreign interference in elections to protect democracy is extremely challenging due to the insidious nature of the perpetrators and their attacks. It’s not unlike an act of war that demands a coordinated international response, with more emphasis shifting to cyber and offensive strategies, according to an expert panel.
Tackling cyber threats is a team sport, said Sean Roche, a former director for digital innovation at the Central Intelligence Agency in Washington, D.C.
“At what point do we consider this an attack that would be in the same parlance of a conventional attack?” he asked, adding that “I think that will help frame the discussion.”
Roche was a panellist at “Access Denied: The Art of Fighting Back Foreign Electoral Interference,” a web event co-hosted by the Conference of Defence Associations Institute (CDAI) and the EU delegation to Canada on Oct. 29.
There was broad agreement that countries can’t be complacent and limit their response to just defending themselves. They need to go on the offensive but can also minimize damage to themselves with greater awareness and understanding of the issues.
Defence analysts often refer to the threats coming from so-called hybrid actors—parties that generate diverse threats, including conventional military threats as well non-military threats, such as cyberattacks, economic pressure, and disinformation campaigns. Those hybrid threats could come from both state and non-state parties.
Hybrid actors don’t act in the open, which makes attributing crimes to them difficult. Their attacks are below the threshold that would require a response of conventional force, and are sometimes even below the threshold of recognition, said panellist Johann Schmidt, a director at the European Center of Excellence for Countering Hybrid Threats in Helsinki, Finland.
“As long as a hybrid actor is able to put some kind of fog around his activities, it’s already a part of the success, because it’s at least delaying or hampering the decision-making process of the victim, but also of the international arena and alliances,” he said.
Roche said that “we need to have robust sharing with our partners, it has to move at speed.”
Schmidt noted that NATO’s Article V, which discusses collective defence—the principle that says an attack against one member is an attack against all members—“is as relevant as it ever was.” It was invoked for the first time in NATO’s history after the 9/11 attacks against the United States.
Digital networks are essentially battlefields, and cyber can’t be thought of in isolation from diplomatic and military conflict, said moderator Richard Fadden. Fadden is a former director of the Canadian Security Intelligence Service (CSIS) and national security adviser to prime ministers Stephen Harper and Justin Trudeau.
While China and Russia are predominantly singled out as the primary state-sponsored cyber criminals in the world, how the authorities fight back can raise legal and ethical considerations.
Fadden said it’s important not to just respond with a like-for-like cyberattack.
“We can’t get into a world where we are violating norms, because then we are not the democracies that we are trying to defend,” he said.
Heli Tiirmaa-Klaar, Estonia’s ambassador for cyber diplomacy, said at the webinar that, to be most effective, countries must jointly use sanctions against the perpetrators. Sanctions could involve freezing assets, adding perpetrators to non-entry lists, or banning entities from doing business.
Unless a large number of countries apply them, sanctions are ineffective, Fadden added.
Schmidt said countries can’t be like the boxer who only defends but never attacks. Without scoring points, he will lose in the long run.
That’s one of three key recommendations from a 2019 CDAI report on Canada’s cybersecurity.
It said Canada should adopt practices from Australia’s “mature cybersecurity policies” on how to go on the offence instead of just playing defence against cyber threats. Australia has picked up many examples from Israel, and Canada can do the same, according to the report.
The report also recommended that Canada build a talent pool of cybersecurity personnel and develop closer collaboration between the public and private sectors.
“The government would greatly benefit from the knowledge and expertise of the private sector, while also supporting homegrown Canadian firms,” the report said.
Election Threat and Beyond
One of the goals of cyberattacks targeting elections is to manipulate the public discourse, particularly on social media.
The Canadian Centre for Cyber Security’s 2019 update on cyber threats to the country’s democratic process stated that because Canada is a G7 and NATO member, its choices are of interest to other states. Foreign adversaries want to influence Canada’s election outcomes as well as its policy choices, relationships with allies, and global reputation.
“Our assessment continues to judge that foreign influence campaigns are almost certainly ongoing and not limited to key political events like elections,” said Communications Security Establishment (CSE) spokesman Evan Koronewski in an email to The Epoch Times.
“Canada’s media ecosystem is closely intertwined with that of the United States and other allies, which means that when their populations are targeted, Canadians become exposed to online influence as a type of collateral damage.”
Leaders, academics, and business people need to understand hybrid threats in order to be resilient against disinformation campaigns, Tiirmaa-Klaar said. As a case in point, she cited improved awareness in the Baltic states that rendered Russian propaganda ineffective.
Election interference is but one target for cyberattacks, and it’s not limited to the national level—provinces and municipalities are potentially vulnerable, and that can have a significant effect on national life, Fadden said.
To assess and respond to foreign threats, the federal government has created a Security and Intelligence Threats to Elections (SITE) task force, composed of CSE, CSIS, RCMP, Global Affairs Canada officials.
The CSE reported that in 2018 half of all advanced democracies holding national elections had their democratic process targeted by cyber threats. Voters are the most common targets, and the CSE has said that Canada is continuously subjected to hacking attempts. Cyber criminals can also interfere with voter databases.
Roche pointed out that U.S. legacy computer systems are particularly vulnerable to hacking.
“As for election systems, we’re not in the cloud. The cloud on its weakest day is more secure than anything on a client-server system,” said Roche. “Our love of legacy in the United States, our nostalgia for legacy, is a weakness, because of cyber.”
These systems can’t be kept secure, unlike a cloud environment, Roche said.
On Nov. 3, the U.S. election day, acting Department of Homeland Security secretary Chad Wolf said he’d seen no evidence of foreign interference involving changing vote tallies.
But a silver lining of the pandemic is that it’s forcing development and adoption of newer technologies at a faster pace, Roche added.
“COVID isn’t the next shock event, it’s actually driving the elements we wanted. It’s eliminating complacency and driving elements to get to be much faster,” he said.
The CSE has said that because Canada’s federal electoral process is largely paper-based, it’s strong and secure.