Juliette N. Kayyem is an author and host of the WGBH podcast Security Mom. She serves as a national security analyst for CNN and is a weekly guest on Boston Public Radio. She is the Belfer Lecturer in International Security at the John F.
• Dacre Stoker (Dacre Calder Stoker is a Canadian-American author, sportsman and filmmaker.)
• Gary Taubes (Gary Taubes is the American author of Nobel Dreams, Bad Science: The Short Life and Weird Times o...)
• Jon Taffer (Jon Taffer is a film producer.)» All Author Interviews
Is Russia deliberately trying to influence the US presidential election? What are the consequences of cyber leaks, today and after Election Day? What is a “SCIF,” anyway? I’m here to answer your questions about national security during US elections past and present.
My story for CNN today: http://www.cnn.com/2016/11/04/opinions/election-day-voting-threat-kayyem/index.html
My podcast: https://itunes.apple.com/us/podcast/the-scif/id1172929681?mt=2
Thanks for all the great questions, everyone... This was fun!
Be sure to read the CNN piece and tune in to The SCIF podcast.
Computers have been around during previous elections and in other countries too. Has election day hacking happened before?
Certainly abroad it has, mostly by Russia against the former Republics. And there have been issues around capacity (i.e. the system couldn't sustain data, etc). But nothing like what we have seen v/v Russia and election related issues today. More than a few states have had their systems infiltrated but what we know publicly is that no data was manipulated.
What is the scariest thing you have found in your research?
I think it's the scariest because it's the easiest: some manipulation of voting registration rolls. That process is pretty basic, and data/names/etc are often just on wordperfect documents shared from one precinct to another. The systems are not very secure and anything could happen. If someone things they are registered but not on the list, then its a provisional ballot. enough of those and we will be wishing for Bush v. Gore. Alternatively, the "best" use of cyber disruption is if a group used social media to claim that there was some bomb or attack (active shooter, etc.) near a significant polling precinct so everyone stayed away.
Can the president make a new rule or law without it being 'checked' or verified? Also, can they launch an attack without others authorizing them to do so?
do you mean a cyber attack? If yes, a president may not need prior authorization if its part of a defending an imminent attack. You are probably seeing things about what our response to Russia could be. I can't say it enough: if we could just get our partisan heads out of the way, the fact that Russia has been consistently disrupting a campaign/election process should have us all pretty concerned and mad.
What's your favorite baseball team?
Aren't we all Cubs fans right now?
Why isn't vetting of the software used on these machines more stringent?
Great question. So, voting is not a critical infrastructure and therefore there have been no national standards, no requirement of what must be a baseline of security. So our federal system means it would be hard for a country to entirely change an election for president (without being caught!), but it also means that there are vulnerabilities at the most local level. Those elections matter too!! I'm hoping this "trial run" might get us to elevate electoral processes to a national standards level, as we do with nuclear facilities or other critical infrastructure.
How long have you been doing this job, and what made you get into it?
So, I'm sort of sad about this question and was avoiding it. Janet Reno, of all people, was the instigator. I was a civil rights attorney at the Department of Justice when she was AG. She wanted to have more oversight over the counterterrorism cases and asked some of us to get involved (this was pre-9/11, so it was a small docket). And so I did. I didn't think I would stay in the field this long, but then 9/11 happened. She was a remarkable woman. Absolutely loved her.
Ok, follow up questions. Why are national security experts so focused on Russia currently? Granted Putin is raucous but it seems that China has been much more active in cyber espinoge and physical spying within the U.S. in recent years. Is anyone considering an action from the left when we're all looking right?
Yes there is concern, but China is much more strategic in terms of long term efforts with US than Russia is right now. Putin is playing tactical mayhem; Chinese leadership -- under its own internal stress -- is taking the longer view.
Samantha Bee recently did a piece on government-paid Russian internet trolls, whose entire job is to try to skew public opinion on the election in the US. Do you think this sort of thing will become more common? Is it something you'd consider to be a security risk (undermining democracy), or just an annoyance?
I saw that segment. I think at this stage more an annoyance than not. The "media" (I put that in quotes as its not monolithic) will have to get more sophisticated about judgment calls regarding real issues and purposeful noise. One of the benefits of having so many different ways for people to access information is that it would be hard ot have a linear "narrative" take hold easily, especially if untrue. Russia probably knows this and I view a lot of this activity as psychological operations type stuff: mess with our heads.
We've been meddling in other countries' elections since at least the Cold War. Does concern about cyber attacks signify a significant foreign policy change that would oppose corrupting the democratic process on moral grounds? Or are we just complaining because we might be the victims instead of the perpetrators for once?
Even if I concede the first part of your statement, it would be odd for a nation not to protect its interest, and even odder if those are interests that would properly reflect the will of the people. I guess, more simply, even if our hands aren't clean I'm still -- as a voter -- pretty invested that we take this pretty seriously.
Hi Juliette! Love listening to you on with Jim and Margery.
What steps should be taken to protect our democratic process from outside influence? Are there any that voters like me can do on our own?
Unlike voter surpression or intimidation at the voting booth, this is a little more difficult. I think voters should take who they vote for for secretary of states pretty seriously. It is a serious job, protecting our election infrastructure. I hope that the federal government begins to treat protecting our election apparatus as important as protecting our nuclear facilities or bridges and invests in standard setting, resources, etc.
I've seen a range of arguments for the accuracy of attribution of cyber attacks. Tools, methods, etc. allow us to develop a profile and determine whose profile an attack fits all the way to arguments that tools and methods are reused and profiles can't be established. And that's before even getting to linking a group to a particular state.
How accurate do you personally believe our government's (or its contractors) work is in that area?
Pretty accurate, actually. At least if its in the national security arena (say compared to a state government). Even reused or regenerated profiles can be detected. i agree the hardest aspect is linking the actions of a person or individuals to a state actor; we have to be careful about that. But we are much more likely to be underinclusive than overinclusive actually because of those challegnes.
Thanks for all the great questions, everyone... This was fun! Be sure to read the CNN piece and tune in to The SCIF podcast.