The latest read from Alex Stamos bears an appropriately grim title.
From "It’s Too Late to Protect the 2018 Elections. But Here’s How the U.S. Can Prepare for 2020," at Lawfare:
In short, if the United States continues down this path, it risks allowing its elections to become the World Cup of information warfare, in which U.S. adversaries and allies battle to impose their various interests on the American electorate.
Enemies aiming to discredit American-style democracy, rather than promote a specific candidate, will not have to wait for election dynamics like those of 2016, when two historically unpopular nominees fought over a precariously balanced electoral map. Direct attacks against the U.S. election system itself—as opposed to influence operations aimed at voters—were clearly a consideration of U.S. adversaries: There are multiple reports of the widely diffuse U.S. election infrastructure being mapped out and experimentally exploited by Russian groups in 2016. While swinging a national vote in a system run by thousands of local authorities would be highly difficult, an adversary wouldn’t need to definitively change votes to be successful in election meddling. Eliminating individuals from voting rolls, tampering with unofficial vote tallies or visibly modifying election web sites could introduce uncertainty and chaos without affecting the final vote. The combination of offensive cyber techniques with a disinformation campaign would enable a hostile nation or group to create an aura of confusion and illegitimacy around an election that could lead to half of the American populace forever considering that election to be stolen.
While it is much too late to effectively rehabilitate election security for the 2018 midterms, there are four straightforward steps the United States can take to prepare for potential attacks in 2020.
Alex Stamos is an adjunct professor at Stanford University’s Freeman Spogli Institute of Public Policy, a fellow at the Center for International Security and Cooperation, and a visiting scholar at the Hoover Institution.
Until recently, he was the chief security officer of Facebook.