Commentary: It’s Time for a Cyber Secret Service
From the recent Justice Department indictment of 13 Russians for allegedly meddling in the 2016 U.S. presidential election to the bipartisan Secure Elections Act currently before the Senate, a consensus is emerging on the need to use all elements of American national power to secure our electoral system and infrastructure against digital attacks.
These steps are welcome, but they ignore the central targets in any electoral competition: the candidates themselves.
Presidential candidates receive Secret Service protection after meeting criteria set by the secretary of homeland security and an advisory committee comprised of the leaders of both chambers of Congress. This protection, codified after the assassination of Robert F. Kennedy in 1968, is provided not only for the candidates’ safety, but also to preserve the integrity of the U.S. political system.
As is true with most policies predating the digital era, however, Secret Service protection only extends to the physical world; candidates and their campaigns are responsible for securing themselves in the digital realm. With the 2020 presidential campaign season approaching, the U.S. should establish a Cyber Secret Service to protect the platforms of future national candidates from digital attack or manipulation.
Threats to American elections did not start with the Russian operations in 2016. The threat is bipartisan, involves multiple state and non-state actors, and has occurred for at least a decade with only limited response by the U.S. In 2008, the Secret Service and FBI warned the campaigns of both Barack Obama and John McCain that Chinese hackers were seeking to gain information on and influence their political positions, but the campaigns did nothing material to stop the attacks. In 2012, President Obama and Republican presidential candidate Mitt Romney received similar warnings, with Romney’s fundraising efforts hindered by persistent attacks on his campaign websites. Cyberattacks again played a prominent role in the 2016 election, after state-sponsored hackers leaked thousands of Democratic National Committee documents and correspondence to WikiLeaks.
It seems likely that, in the absence of meaningful policy changes, attacks in 2020 election cycle will be even more sophisticated and widespread.
Targeted attacks by states or state-affiliated actors will always succeed against entities like political campaigns. Campaigns are ad hoc in nature because of their relatively short-lived usefulness; open by design because of their need to interact with diverse constituencies; and typically staffed with inexperienced, and often temporary, workers. They will never be able to protect themselves against committed nation-state adversaries.
A properly designed Cyber Secret Service would allow campaigns to focus on their work while increasing Americans’ confidence in the stability of the electoral system. Such a service could focus on securing at least three key areas: internal communications; social media and other external communications; and databases of sensitive information.
Communications are the lifeblood of a campaign. But while the advent of the Internet has improved campaigns’ ability to conduct essential outreach, it has also brought with it the danger of cyber attacks. Internally, a Cyber Secret Service could facilitate the use of military-grade encrypted communication between the candidate and campaign staff. Externally, it could coordinate with social media platforms to validate accounts and other sites to verify the origin and authenticity (but not, of course, the veracity) of official statements.
In addition, the mounds of data campaigns collect to track and manage their engagements are similarly valuable and dangerous. The service would be able to cross-check donor, newsletter, event registration, social media follower, and other contact lists against existing threat databases, while also ensuring the protection of the vast amounts of personal data involved. Some of these tools already exist and are used by the Secret Service, but the increased importance of the digital threat to campaigns warrants a more comprehensive and strategic focus.
Collaboration among multiple federal agencies would likely be required. The Secret Service’s decades of experience in candidate protection make it a logical place to start. The mission would also benefit from engagement by the FBI and National Security Agency to give the team the legal and technical tools to deter, prevent, and respond quickly to digital attacks. Given that the Department of Homeland Security has already designated the electoral system as critical infrastructure, an added benefit of NSA involvement would be to ensure that the service has some deterrent capability. If a foreign power attacks a candidate digitally, the U.S. reserves the right to respond using every element of national power, as if the attack is physical in nature.
Technology and social norms always evolve more rapidly than do policy and law. Recent events show that our electoral system is no different from our banking system, utility grid, corporate intellectual property, or military plans—a target of great value to nation-state competitors and adversaries. Protecting the integrity of American elections will require many changes, and extending the kinds of protection associated with the Secret Service into the digital domain should be one of them.
Nate Fick is the CEO of Endgame.