As we enter into National Cybersecurity Awareness Month (NCSAM), it will be interesting to see how private industry and government officials at the federal, state, and local levels address prevalent cybersecurity issues and concerns in the U.S. The Department of Homeland Security’s theme for NCSAM 2018, “Cybersecurity is our shared responsibility and we all must work together to improve our nation’s cybersecurity,” sets the tone that security is a shared responsibility, but many of us in the security business hope that this October hits at, shall we say, the elephant and the donkey in the room.
To mark National Cybersecurity Awareness Month, social media companies must demonstrate how they are going to regain our trust in that their platforms do the most to protect our privacy and are vetted for ‘fake’ accounts, and that they are making the best effort to ensure the credibility of information they provide. Similarly, government must enlighten us on how they plan to work with private industry, citizens, and consumers to emphasize social responsibility and encourage industry to be a fair broker of privacy and the sanctity of information, and show how states are using recent funding to smartly assist in their efforts to educate their citizens and secure their systems.
We all know now that the biggest topic in October will be elections – first, because this is still very fresh in our memories and, second, because we are in the middle of an election season. What we learned from 2016 is that the issue of election security was vastly more complex and challenging than election officials securing voting machines and supporting election infrastructure, which did not result in any known impacts to the 2016 election. It was the more insidious threat from foreign information operations, specifically the concerted Russian effort to ‘hack’ domestic public opinion via social media that was the real problem. What we must focus on this month is the domain of public opinion.
As a former DHS official who was there for the 2016 elections, I am very interested in the work that governments have done in this space. The elections definitely highlighted that cybersecurity is a shared effort between the security industry, governments, private citizens, and consumers. While government and the private sector can work with political parties, candidates and their respective staff to increase the security around their sensitive information, the social media perspective presents a greater challenge, as well as how private industry and the government approach this issue, as midterms loom ahead.
The balancing act in this country comes to freedom of speech, and this is where government agencies are reluctant to act on social media content, as it potentially brings them into close proximity with constitutionally protected freedoms. Globally, it seems that there is a desire to assist consumers through regulation, but this is also a slippery slope that that could stifle innovation. It will be interesting to see the reaction from private industry in this space as well.
Social media platform providers have expressed discomfort with regulating content. However, terms of service have given them room to act. The good news is that initial observations are positive, as in the past three months Facebook, Twitter, and Microsoft have publicly identified and messaged their remediation for suspected Russian websites and taken down thousands of phony social media accounts. After 2016, there was much work to be done between the private companies and government agencies to understand how to identify, report, remediate, share actionable information, and correctly message the problems. The hope is that the work between the government and private companies raises society’s awareness and encourages citizens to evolve their understanding of the information sources available to them – what constitutes news versus opinion, fact versus analysis, trusted versus untrusted information, and, ultimately, foreign-sponsored misinformation.
Conversely, how state and local governments use NCSAM to educate and assure their citizens on the topic of voter security is also important. The obvious reason is that it is just good to know what these areas have done with the lessons learned from 2016, but also, and more importantly, to show citizens that they can trust their elected officials are doing their best to ensure a safe and fair election. It must be said that the preliminary results are positive. Congress has provided some focus and assistance to SLTT government through the fiscal year 2018 Financial Services and General Government Appropriations Bill that allocates $380 million to the Elections Assistance Commission to make payments to states for activities to improve the administration of elections for federal office, including to enhance election technology and make election security improvements.
An interesting and perhaps concerning dynamic is that each state is developing a different strategy to solve the problem, indicating that they are perceiving and approaching the problem differently. This may be due to differences in voting infrastructure among jurisdictions and differences in relative readiness. A telling sign that lessons have been learned from 2016 is watching to determine whether election officials are coordinating and sharing best and emergent practices through the EAC or the election sector coordinating council.
We have a long way to go and there will be lessons learned along the way, and I hope that NCSAM 2018 shows that we are all coming together to tackle the problem.
The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email HSTodayMag@gtscoalition.com. Our editorial guidelines can be found here.