For all the concern that Russian hackers sought to exploit US political divides, they have done quite the opposite in at least one instance. Their interference in the 2016 election has united two prominent political rivals who – as partisan as they have been – care even more about safeguarding American elections.
Campaign manager Robby Mook poured heart and soul into trying to get Hillary Clinton elected. Matt Rhoades, who managed Mitt Romney’s 2012 presidential campaign, went on to establish one of the most prominent groups working against Mrs. Clinton – the political action committee America Rising.
They couldn’t be a more unusual pair – yet both of their campaigns were hacked. Determined to prevent such attacks in the future, they joined former Pentagon cyber czar Eric Rosenbach last summer in launching the Defending Digital Democracy (DDD) project – a bold move, considering how politically radioactive the topic was at the time. The initiative is run out of Harvard Kennedy School’s Belfer Center for Science and International Affairs, which has brought together everyone from Google managers to Marines to politicos to shore up state electoral systems against cyberattacks.
“I didn’t think I’d be here today partnering with Robby Mook,” says Mr. Rhoades, sitting with Mr. Mook after helping to kick off a DDD cyberattack simulation in Cambridge, Mass.
“Matt has been making my life hard for awhile,” says Mook, laughing. “You guys were a huge thorn in my side.”
A central concern surrounding Russian interference was that by agitating existing divisions in America, it would undermine the country’s capacity to identify and unite against foreign threats. Mook’s and Rhoades’s partnership, and the involvement of more than three dozen states from across the political spectrum in the DDD project, proves it is possible to surmount such division and discord in pursuit of a higher goal: preserving the integrity of America’s electoral system, and the public’s trust in it.
“There’s a lot that Matt and I don’t agree on at all. We all have a partisan affiliation but when you’re in this space, that’s not evident,” says Mook. “So this has been inspiring to me, that we can get together and get things done.”
The front-line defenders
While Mook was experiencing the effects of Russian hackers, Mr. Rosenbach was watching with dismay from the Pentagon. “It was something that really shook me up,” he told the participants Tuesday in a speech kicking off the cyberattack simulation. “I just left with the feeling that I didn’t do enough, that we as an administration didn’t do enough, and that we still are very vulnerable. And so my nightmare was that ... someone like Kim Jong-un would rub his grubby little hands and say, ‘Now I’m going after the Americans.’ ”
The more than 160 participants gathered here would be the kind of folks to take the brunt of any such attacks. They come from 38 states and range from secretaries of State to county IT directors, some at the forefront of election security efforts and others still trying to wrap their heads around the challenges they face.
“You are all front-line defenders in the democratic process,” Caitlin Conley tells them. She is a commander of US Army special forces who is pursuing dual master’s degrees in business and public policy at the Massachusetts Institute of Technology and Harvard's Kennedy School of Government, respectively. “It’s not like you have all the resources in the world, both financially or through personnel, to do everything you can and want to. We understand you have real-world constraints.”
So over the past six months, she has marshaled a team of more than three dozen graduate students with backgrounds in the Air Force, Navy, Marines, Army, National Security Agency, and elsewhere to visit with state and county election officials, hear their concerns, and develop playbooks for safeguarding campaigns and elections against cybersecurity threats.
“Those are gold. You can take those back with confidence,” says Mac Warner, secretary of State for West Virginia, which has provided the guidebooks to all county clerks and to the nearly 600 candidates registered to run in the 2018 elections. The resources and credibility Harvard has provided, he adds, enables him to “go back with confidence to the people of West Virginia, knowing that I’ve been working with the best in the world.”
Since 2000, when the results of the presidential contest between Al Gore and George W. Bush came down to the Florida recount and the US Supreme Court, states have moved to digitize much or even all of their voting process. That may have largely eliminated human error, but it has opened the door wide toward exploitation by hackers.
At one of the nation’s top hacking conferences, DEFCON, in July 2017, hackers were given the opportunity to bang away at 25 pieces of voting equipment, including voting machines. By the end of the weekend, all 25 machines had been hacked – some in as little as an hour and a half. Even hackers with no experience on voting machines were successful.
“These are bored teenagers between parties,” said security technologist Bruce Schneier in a series of expert discussions before the Belfer simulation began.
Participants were then divided into four states of the Nation of Belfer, and given detailed descriptions of their electoral domain – from the number of registered voters to the number of iPads and optical scanners to how the precinct results would be relayed to the county and on to the state. States were given a budget of $7,000, counties $3,000. But what they were not told – and journalists were not allowed to observe – were the series of challenges that would be thrown their way once the simulation began.
“We have created what we think is the Armageddon or Apocalypse of Election Day,” Jen Nam, an Army intel officer turned Kennedy School graduate student, tells the State of Davis. “In the US Army, we do scenarios like this quite frequently to ... prepare us for a no-fail mission.”