Cyber Policy Leadership Institute’s Fourth Session Examines the Intersection of Election Security, Misinformation, and Cybersecurity
The fourth session of the Cyber Policy Leadership Institute (CPLI) addressed the critical topic of election security and cybersecurity, with insights from Kemba Walden, president of the Paladin Global Institute, who shared her experience spanning election security, law, and government service.
Fellows learned that election security’s critical infrastructure designation allows federal agencies like CISA to provide technical assistance to states. Election infrastructure includes physical components like voting locations and storage facilities, digital components, and the people involved in administering. Walden stressed that a loss of confidence in any piece of this infrastructure can have a major impact on democracy.
Fellows and experts discussed accountability mechanisms and funding for election security, with Walden emphasizing that while technology is important, people and the policies are essential to protect our systems. She noted that bad actors often take the path of least resistance, underscoring the need for robust cybersecurity policies to close gaps and lift the burden of risk, especially for the least resourced.
Crowdstrike’s Karen Kaya, Drew Bagley, and Rob Sheldon shared the history of the cybersecurity and disinformation campaigns during the 2016 and 2020 elections. Karen discussed the concept of "winning without fighting," where adversaries aim to weaken the US through means other than direct battlefield confrontation, such as cybersecurity attacks, disinformation campaigns, and election meddling. These tactics fall under the "gray zone" and seek to divide the nation from within.
Drew shared his experience with Crowdstrike during the 2016 election, where they were called in to investigate a suspected Russian infiltration of the DNC infrastructure months before the WikiLeaks publication. They discovered that a Russian hacking group infiltrated the DNC to sow doubt in the election. Although no voting machines were directly impacted, the exposure of the DNC's information was enough to sow doubt in the electoral process.
Rob noted that adversaries’ objectives have changed over time, and the current information environment is much worse compared to 2016. Nicole Tisdale of Advocacy Blueprints emphasized the importance of being aware of potential "hack and leak" campaigns leading up to elections, as some leaked information may be factual but lacking context, which can exacerbate existing trust issues between communities of color and the government.
The session highlighted the complex, multifaceted nature of election security and cybersecurity. Protecting our democratic processes requires a holistic approach that addresses technological vulnerabilities, human factors, and the challenging information landscape. Ongoing collaboration between government, industry, and the cybersecurity community will be essential to safeguard the integrity of our elections.
CPLI is a joint venture between CrowdStrike, Advocacy Blueprints, and POPVOX Foundation that seeks to address the lack of diversity in cybersecurity policy. The program consists of four sessions that provide a comprehensive and engaging learning experience for CPLI Fellows. Through a combination of presentations, interactive roundtable discussions, mentoring sessions, and internship preparation activities, the program equips participants with a deep understanding of cybersecurity, public policy, and racial equity and inclusion. To learn more about the previous sessions and explore the program in greater detail, visit popvox.org/cpli.
