In the Line of Fire: Safeguarding America’s Election Security

pdf icon - download pdf

Laura Hughes

EXECUTIVE SUMMARY

The U.S. Electoral System and democracy continue to be under attack by foreign adversaries and political extremists who intend to manipulate U.S. elections. Despite the diligent work of election stakeholders, vulnerabilities within the current system continue to provide adversaries a vehicle to disrupt U.S. elections. The recent 2016 and 2020 U.S. presidential elections saw foreign adversaries attempt to gain access to election infrastructure, initiate disinformation campaigns, and saw high-ranking U.S. officials challenge mail-in voting’s validity. While the electoral system attacks did not alter the election’s outcome, they succeeded in creating doubt in the system’s integrity. Election officials and homeland security stakeholders must continue to search for alternative methods to help strengthen the system’s resiliency.

This thesis analyzes the current electoral process from start to finish to gain perspective on the current system’s resiliency. Specifically, it examines the process of mail-in voting to include voter identification procedures, the chain of custody, and security protocols. The thesis focuses on how election officials and stakeholders can strengthen the system and prevent future vulnerabilities caused by recent changes. While the current linear method used by election officials effectively solves the problem at hand, it fails to recognize how the solution can inadvertently cause additional vulnerabilities in other system components. Which leads to the question: How can red teaming and systems thinking be applied to reinforce the integrity of the U.S. electoral system? This thesis explores the potential use of systems thinking to evaluate the system and use a red teaming method to test the system. This project draws on data from academic literature, legislative testimony, and government reports, and examines the rapid implementation of mail-in voting in the 2020 U.S. elections as a case study.

The thesis compares how the U.S. Secret Service methodology is akin to systems thinking and has successfully ensured the safety of the world’s highest leaders. The Secret Service and the Department of Defense have tested protocols in place through the method of red teaming.[1] The complexity of the U.S. electoral system makes it a perfect candidate for systems thinking. Systems thinking provides a framework to analyze how altering one element of the system can have a lasting effect on the system as a whole.[2] The method examines three components within the system: the elements, the interconnections, and the purpose.[3] An examination of the electoral system affords election officials the ability to identify the pitfalls or advantages of future changes to the system before implementation. By mapping out the mail-in voting process, officials would have recognized that relaxing security and chain of custody protocols, last-minute changes to election laws, and poor communication could lead the public to question the system’s integrity.

Red teaming challenges an organization’s assumptions by imagining a system from an adversary’s perspective, thinking outside the box, and perpetuating an attack on the system to identify vulnerabilities.[4] To understand the threat, U.S. election officials must understand the enemy’s culture and skillset and how they factor into planning an attack. The Cybersecurity and Infrastructure Security Agency already recognizes its effectiveness in securing electronic voting infrastructure. Following the 2016 election, the creation of tabletop exercises helped state and local election officials mitigate an attack on their voting systems.[5] The tabletop exercises could help test the durability of security protocols for all designated election critical infrastructure. While the agency made great strides in securing electronic infrastructure, the focus must shift to ensuring critical physical infrastructure has sufficient security protocols. Election officials and government agencies have been one step behind this nation’s adversaries in identifying vulnerabilities within the U.S. electoral system. Red teaming may be the answer to solving this problem.

Over the last decade, foreign adversaries and high-ranking elected officials have tested the U.S. electoral system and exposed vulnerabilities within the system that need addressing to preserve its integrity. The recent implementation of universal mail-in voting provided the perfect case study to test the application of systems thinking and red teaming. Therefore, based on the case study findings, this thesis recommends two proposals for inserting after-action reports in which systems thinking methodologies are utilized for the final analysis and the use of vulnerability probes to test the resiliency of election infrastructure. The recommendations can identify current and future vulnerabilities within the electoral system and provide the opportunity to test solutions before implementation. The proposals will require buy-in from election stakeholders and additional funding to obtain the personnel qualified to perform the task. While election officials must consider the challenges to implementing the recommendations, they must also consider the importance of maintaining a secure and resilient electoral system.

 

 

[1] Micah Zenko, Red Team: How to Succeed By Thinking Like The Enemy (New York: Basic Books, 2015), 116.

[2] Donella H. Meadows, Thinking in Systems: A Primer (White River Junction, VT: Chelsea Green Publishing, 2008), 17.

[3] Meadows, 11.

[4] University of Foreign Military and Cultural Studies et al., The Red Team Handbook, v. 9 (Fort Leavenworth, KS: University of Foreign Military and Cultural Studies, 2018), 69–72, https://usacac.army.mil/sites/default/files/documents/ufmcs/The_Red_Team_Handbook.pdf.

[5] Vijay D’Souza and Rebecca Gambler, Election Security: DHS Plans Are Urgently Needed to Address Identified Challenges before the 2020 Elections, GAO-20-267 (Washington, DC: Government Accountability Office, 2020), 16–17, https://www.gao.gov/assets/710/704314.pdf.

No Comments

Post a Comment