By James Stavridis | Bloomberg
THE US is now just a year from
the 2020 presidential election. In 2016, we saw foreign interests influence the
outcome of a presidential race when Russian hackers infiltrated the computer
networks of officials in both parties, and then selectively disseminated the
e-mails of Democrats. Is the nation in better shape to counter such threats
this time around?
It doesn’t look like it.
For example, Microsoft recently
reported an attack by Iranian hackers on the e-mails of current and former US
government officials, journalists covering political campaigns, and accounts
associated with a presidential campaign. There is reason to believe that the
attack, which consisted of more than 2,700 attempts on targeted e-mail
accounts, was backed by the Iranian government.
According to security researchers
and intelligence officials, hackers from Russia and North Korea have also begun
targeting organizations that work closely with 2020 presidential candidates.
Foreign enemies continue to see
US elections as an opportunity to subvert the will of the American people and
exert control over our governance at the highest level. This most recent
Iranian attack is a reminder that both political organizations and private
enterprises face significant cybersecurity risks.
Unfortunately, the legacy
electoral systems most voters and organizations rely on do not offer sufficient
protection in the modern digital landscape. When facing nation-state
adversaries with billions in funding and information resources to rival the US
National Security Agency, Americans have to think beyond the popular two-factor
authentication protocols. We need to protect not only the voting systems
themselves, but the e-mail, file-sharing and other communication systems of
ancillary campaign groups, local officials and plenty more.
What can we do to defend
ourselves better? In my military and cyber experience, the operating principle
is that the sophisticated attacker will eventually find a way through any
perimeter defense. As supreme allied commander of Nato in the late 2000s, I
pushed to strengthen the alliance’s nascent Cyber Defense Center in Tallinn,
Estonia—but saw firsthand how easily Russian hackers penetrated our digital
Protections must be designed so
that even if the attacker succeeds in getting to the target, the target remains
safe. To do so, we need to think in terms of four core principles for secure
communication systems that will be resilient to the inevitable breach.
First, systems must employ
end-to-end encryption. (Disclosure: I serve on the board of an
information-security firm, Preveil Llc.) If we assume that attackers will be
able to exploit vulnerabilities in server software or the defense mechanisms
that guard it, then the only way to keep information secure is to make sure that
it’s never exposed, even while on the server. With end-to-end encryption, data
is only accessible to the sender and the recipient—it isn’t accessible en route
to the server or on the server. Even if the server is compromised, the data is
not. Think of this as the difference between working in an Ebola environment in
a body suit, which will eventually weaken at the seams, and being vaccinated
against the disease. The perimeter defense is far from worthless, but the
vaccine—the internal protection—is vastly better.
A second concern is the
vulnerability of anything in the system that becomes a juicy target. While
end-to-end encryption eliminates the server as a single entity that can be
compromised, if the system has administrators with global access, a high-yield
single target for attackers remains. To solve this problem, access to large
amounts of sensitive user data should be granted only after being approved by
several trusted individuals. Similar to the systems used for nuclear-launch
codes, encryption cryptography can break up individual user keys into fragments
that are distributed among multiple people. Therefore, administrative access to
users’ accounts is achieved only when all key shards are present, so there is
no single administrator who attackers can compromise to gain access.
Third, it’s time to do away with
passwords. According to the report of the 2019 Verizon data breach
investigations, 80 percent of hacking-related breaches involve compromised and
weak credentials. Rather than depending on fallible passwords, secure
communication systems should now grant account access using a private
encryption key. A 256-bit encryption key has a lot of different possible
combinations of characters—nearly 10 to the 78th power, the same as the number
of atoms in the universe—and is not crackable with existing computational
power. Because the key is stored only on the user’s physical device, remote
access isn’t possible.
Finally, it is important to
protect the most sensitive communications from socially engineered phishing and
spoofing attacks. Traditional digital communications provide an opening for
impostors to trick users into clicking on dangerous links or leaking
information. When only known users are able to communicate with each other
about an organization’s most confidential information, that risk of “lookalike”
accounts is eliminated. The strongest security systems don’t depend on users to
be perfect, or to always exercise good judgment. They make sure that data is
safe even when humans are flawed. Getting at this “insider threat” is crucial.
Security is a serious matter for
organizations of all types, not just political parties during an election
season. Organizations should rethink their security preparedness with a deeper
understanding of the adversaries’ capabilities. They need to make the shift to
secure systems modeled around these four core principles—including adopting
ready-to-use encrypted communications systems for e-mail and file-sharing.
Between now and November 3, 2020,
there should be few higher priorities than improving security to stop hackers
and foreign powers from threatening American democracy itself.