For many students across the country, the Tuesday after Labor Day marks the first day of school. That means bright-eyed planning for the new year, fresh haircuts and debates about the merits of pumpkin spice coffee. (Officially, this editor is pumpkin spice curious.)
With that back-to-school spirit in mind, here’s a cheat sheet on staying smart on cyber issues this fall:
1) The real election threat
For the cyber world, fall means a likely deluge articles about the vulnerabilities of voting machines used in the upcoming midterm elections. But during the DEF CON conference in August, Jeanette Manfra, the Department of Homeland Security’s cyber czarina, downplayed the possibility of widespread election interference using voting machine hacks.
Voting machines are physically secure because there are thousands of jurisdictions across the country with different systems, she said. “It’s actually really, really difficult to manipulate the actual vote count itself,” Manfra said.
The assistant secretary said that the government was more concerned about Americans losing confidence in the voting process. Manfra said that atop Homeland Security’s concerns is the possibility that hackers will change the voter registration lists or delete the data outright, sowing chaos into the election process. She also raised the possibility that the provisional election results announced on election night might be hacked, and different from the final certified tally.
The takeaway: Keep an eye on government officials talking about voter registration hacks and remember to keep the election machine hacks into context.
2) Follow the White House’s cyber strategy
A White House official told Fifth Domain in August that President Trump changed the rules that allow America to operate in cyberspace. Senior U.S. officials tell us that the policy, known as PPD 20, was modified in part to give the Defense Department more authority to attack in cyberspace. But it remains to be seen if this new authority will help.
“Attempting deterrence using a single domain is rarely effective,” Peter Cooper, a nonresident senior fellow at the Atlantic Council, previously told Fifth Domain. “This is especially true in the cyber domain, where capability is normally classified, making it difficult for a state to signal to its capabilities. Attempting to deter with only the cyber domain is like shouting from behind a locked door.”
The takeaway: Watch for attacks attributed to the U.S., and keep an eye on greater attribution of hacks or election interference from America’s closest allies.
3) Understand how the intelligence community is investing in cyber
Analysis by Fifth Domain shows that intelligence agencies and the Pentagon are relying on artificial intelligence in their future projects. We combed through the new challenges and programs announced this year by the Intelligence Advanced Research Projects Activity, and found that more than half involve machine learning and predictive analytics.
Stacey Dixon, the newly appointed head of IARPA, said in a podcast the agency has invested in predictive analytics programs which “forecast that someone is going to be attacked through cyber means.”
The Army also said in an agency announcement that it is testing cyberspace deception capabilities that can automatically provide early warning and false information to impede cyberattacks.
The takeaway: AI will appear in a lot of marketing materials.
One of our favorite recent reads was the book How America Lost Its Secrets, by the journalist Edward Jay Epstein. The November 2017 book is a skeptical account of the story of Edward Snowden, and suggests that the NSA leaker was a stooge of the Russian or Chinese governments, either willingly or unwillingly. Although the book contains a flurry of anonymous sources and is heavy on implications, it has been widely praised by former intelligence officials.
It should be read in conjunction of this subtly scathing profile of Glenn Greenwald by Ian Parker in The New Yorker. The accounts should be watched with the sympathetic, yet skillfully produced documentaries by Laura Poitras Citizen Four, which details Snowden’s decision to go public, and Risk, the complicated story of Julian Assange, (who may or may not need to find new housing soon.)
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.