Oregon’s top election leaders filled the Salem Convention Center for a symposium focused on election security.
Experts at a February 5 symposium — from the Federal Bureau of Investigation, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency, Oregon’s Department of Justice, Facebook and more — covered a variety of perspectives.
But they all identified one overarching concern: the spread of election misinformation and disinformation that’s meant to sow discord.
“I’m a lawyer by training,” said Oregon Elections Director Steve Trout. “I never thought I was going to become an expert about these things. But the biggest threat to our election is misinformation and disinformation campaigns. And that’s a lot harder to prevent but it is something that we all need to be able to do.”
The 4-day symposium, hosted by the State Elections Office and state and federal agencies, comes as communities across the country enter an active and, at times, heated primary season.
In 2017 — after Russian interference in the previous year’s election — the Department of Homeland Security designated elections systems as critical infrastructure. That’s the same characterization given to the nation’s dams, energy resources, transportation systems and other vital infrastructure, speakers shared.
The move allows local communities to request, and receive, a full scope of cyber security assistance from the Department of Homeland Security.
Oregon also has a dedicated team that consists of State Elections Division, the U.S. Cybersecurity and Infrastructure Security Agency, Oregon’s Office of Emergency Management, Oregon’s Chief Information Officer-Cyber Security Services, the Oregon National Guard and FBI. And every Oregon county is part of the Center for Internet Security’s Elections Infrastructure Information Sharing and Analysis Center team, an alliance of public and private-sector partners working to combat cyber threats.
Oregon’s vote-by-mail system affords even more protections. Every ballot leaves a paper trail as it moves from being cast to counted. Unique identifiers delineate every ballot return envelope, and each county’s ballot counting system is never connected to the internet.
Even with all of those coordinated efforts and resources, “Every one of us individually as informed voters are the best defense,” said Oregon Secretary of State Beverly Clarno. Make sure you have strong passwords, be careful which links you click on, and don’t be fooled by misinformation and don’t spread it.”
Three main ways malicious actors can interfere in elections are:
Covert funding and
Social media disinformation/misinformation and 3rd party misinformation, said FBI Special Agent Matt Yeager.
The vast majority of cyber attacks are facilitated by unwitting Americans who click on a link they should not have, Yeager said.
But deceptive tactics also range from economic coercion, bribery and blackmail to the covert placement of articles in the media, social media disinformation and everything in between.
Phishing campaigns lure victims by impersonating a legitimate person or business to reveal personal, sensitive or confidential information. Vishing campaigns use a similar tactic but utilize voice manipulation through internet telephone service. Deepfake videos, which use artificial intelligence to manipulate video and audio clips of people, are another new tactic.
The litany of ways to manipulate people go on and on, speakers shared. At the forefront is disinformation and misinformation campaigns that are ultimately aimed at sowing discord.
“Falsehoods spread faster, deeper and more broadly than the truth — especially when the falsehood is political,” said Samantha Korta, a cyber security advisor for Deloitte’s Risk and Financial Advisory practice.
According to a Massachusetts Institute of Technology study, Korta said, bad, incorrect information spreads six times faster than good, correct information and information spreads via the media or academic journals, opinion blogs, reddit, YouTube, social networks and even search engine optimization.
“It’s really interesting to think that you don’t have to physically hack an election, you just have to convince people that you have,” Korta said.
Speakers implored election leaders, candidates and community members alike to be wary of suspicious links, strengthen their passwords, fact-check information and rely only on trusted official sites, such as county and state websites, for credible election information.
“Ask yourself, ‘Who is sharing this information? Would they have an agenda?,’” said Korta. “Before you repost something, be sure you know the primary source of information where it came from.”
“It’s up to all of us to demonstrate excellent, personal cyber hygiene,” said Yeager.