Experts Insights From the Fal.Con 2020 Election Protection Panel

Frame From Video Of The 3 Panelists

This eye-opening discussion exposes the real threats targeting global election processes and, more broadly, democracies around the world. Shawn Henry, CrowdStrike Chief Security Officer and President of CrowdStrike Services, is joined by two top international experts: National Counterintelligence Executive (NCIX) and Director, National Counterintelligence and Security Center (NCSC) William Evanina, and Sir Robert Wainwright, Partner at Deloitte and former Europol Executive Director. 

Watch a short video of the panel discussion.

Watch a video of the panel discussion in its entirety.

The following is a transcript of the entire panel discussion:

Shawn Henry

Hi, and welcome to the Fal.Con 2020 election protection discussion. I’m Shawn Henry. I’m the president of CrowdStrike Services and the Chief Security Officer of CrowdStrike. I have an amazing couple of gentlemen here to talk about the elections around the world, not just the upcoming U.S. election, but what we’re seeing globally as it relates to global democracy. First, with me is Sir Robert Wainwright. Rob’s a partner at Deloitte and a former executive director at Europol, where he spent more than nine years. But he also has a distinguished career in the government service: He worked as an international director at SACA [Serious Organised Crime Agency] for three years, he was in the Ministry of Defense for 10 years and was deployed to The Hague at Europol for three years. So he’s got a lot of international experience and really can add a great perspective on this issue from the global side of the house.

And also with us is William Evanina. Bill is currently the director of the [U.S.] National Counterintelligence and Security Center in the Office of the Director of National Intelligence (DNI). He also has a distinguished career in law enforcement in the intelligence services. Bill has spent more than 20 years in the FBI and was also for some time at the CIA. He’s got great experience on counterintelligence and national security.

We’re going to talk about this issue and what it means to us. I think nations have been engaged in espionage for more than a thousand years. Historically, disinformation campaigns were more about what was happening on the battlefield and altering outcomes back when armies were targeting each other. Today, there’s been some dramatic changes with the advent of the internet and the amount of information that’s being pushed to networks, where we’ve seen elections being influenced by outside foreign governments and disinformation campaigns that are targeted to soe discord, confusion, chaos and mistrust — and most of all division.

President Lincoln said a house divided against itself cannot stand. I think that’s exactly what our adversaries want here in America and arguably around the world. We’ve seen a lot of divisiveness in recent times that is creating some concerns for folks specifically as it surrounds the election. Consider Russia’s objectives, their interest in undermining democracy and restoring what they see as Russia in its rightful place in the world order. We’ve seen attacks globally — in the UK, Finland, France, Germany and in Estonia — and it seems that some of these attacks have gone unpunished. I think that it’s really important in order to deter these governments from impacting democracies, there’s got to be some type of response, discussions, certain policies, strategies, etc. What you’re going to hear from our distinguished guests is about other nation-states putting their influence operations together with campaigns to try and impact what voters think and ultimately how they feel.

And at its core, the foreign influence operation is really the ultimate hack, not just of democracy, but of people’s beliefs — what they think and why they think it. And with the ubiquity of social media, things like Facebook, Instagram, Twitter and many others, foreign countries have really rewritten the playbook on foreign influence. And now election interference is essentially using ordinary people to spread false information through social media. 

An item that might appear on an obscure Twitter feed can move up the media food chain and get picked up by multiple news outlets, whether it’s legitimate or not, and given legitimacy because of where it’s viewed. A big part of global election misinformation is hack and leak operations as well as disruption of the electoral system, which puts into question the trustworthiness of the election infrastructure. Will my vote count? Will your vote count? Can we be sure that the election is secure and valid?

We are going to get into this discussion, but it is not a political discussion. It’s about the integrity of free and fair elections, regardless of who or what you want to vote for. Elections are really the foundation of democracy and this is a national security issue. Anyone who knows me knows that.

National security is not a partisan issue. Bill, you recently went public with intelligence that China and Iran are trying to covertly influence America’s 2020 election. Can you describe how that not only alters but expands the potential landscape of election influence operations and what challenges are facing the intelligence community?

Bill Evanina

First of all, thanks for the opportunity to be here with you and share with CrowdStrike, your amazing platform here at Fal.Con 2020, representing the U.S. government. I think your premise is spot on. When we look at where we are globally, the proliferation is in hyper-speed on social media. Adversaries of any country, in our case the U.S., China and Iran, have learned from the Russian successes, not only here in the U.S. in 2016, but around Europe and near abroad1. This influence operation disinformation is nothing new for the Russian Federation and for Vladimir Putin — they’ve been using it here and near abroad for decades.

It’s now transitioned over the ocean to the U.S. and we’re seeing it firsthand. Similar to most democratic nations around the world and because we’re democratic society, some of our biggest strengths like freedom of speech, religion and assembly are sometimes our biggest vulnerabilities because our adversaries can exploit them. What we’ve seen here in the U.S. the past year with some of the discourse, the rioting, the protests, the murders that happened to some unarmed individuals, COVID — we’ve had a lot of activity here in the U.S. that our adversaries amplify and accentuate on social media. And how does it touch the election? Well, in the COVID space, clearly the President, the Administration, has clearly put the impetus of the COVID [crisis] on the government of China. So there’s been a back and forth between China, the U.S. and the world geopolitically, and China has spent a lot of time, effort and capital in disinformation and influence efforts on COVID.

That directly impacts the presidential election. They might not come out and say it, but their bashing of the present administration regarding COVID has a direct correlation to the election. What we’ve seen is the old Russian model of directly impacting the presidential election. We’ve now seen China and Iran take one step further and elongate that linear path of information disinformation. Sometimes we call it “information laundering.” It’s very, very complicated and the American public — and I would proffer the public in the democratic nations around the world — really don’t understand what disinformation and influence looks and feels like when they see it. So, I think social media and the ability to promulgate information expediently on the web is going to be a big vulnerability for democracies going forward.

Shawn Henry

Yes, when you talk about social media, the platform, the ubiquity of it and the access, the ability to turn messages into an echo chamber and continue to repeat them over and over again — people start to hear and believe certain things. It’s very interesting.

Rob, Bill mentioned internationally, and he talked about Europe. I made some comments in my opening remarks because I think it’s pretty extensive. We know that disinformation campaigns are part of the foreign adversary playbook for election interference. What have you seen in Europe and more importantly, what can we in the United States learn from what we’ve seen in Europe and some of the strategies to combat those issues?

Sir Robert Wainwright

Let me just echo Bill’s point and say what a pleasure it is to be with both of you today. It is a fantastically important issue and you’re right, Shawn, that of course the U.S. election is in the spotlight at the moment, but this is a problem around the world. In Europe — let’s take the UK as the example that you mentioned in the introduction. A very important report by the Intelligence and Security Committee of the British Parliament published just a couple of months ago in the summer of this year — a report into the possible impacts of Russia — especially in affecting elections, including what was a seismic referendum that we had in the United Kingdom around Brexit that preceded the last general election. Actually, there was no real evidence that came from that [report] that there was a direct maligned influence on the outcome of Brexit, so the jury is still out on that.

But there was a lot of concern that the intelligence agency in the United Kingdom shared with the British Parliament in that inquiry around the activities of Russia and indeed other actors, as Bill was explaining. And [there was] concern also about what was clearly being seen around Europe, in France, in the Netherlands and other countries as well. I mean, you both picked up on an important point of language here. I think it’s important that your viewers understand that on a social media platform, there’s a lot of talk about disinformation campaigns and the spreading of false narratives with the intention to mislead people. There’s a lot of activity clearly going on, but this is much more than that. There is a side to this that is even more dangerous and insidious. 

I think you mentioned, in the introduction, the influence operations by maligned foreign actors. And this is also something the British Parliament looked at, not just disinformation campaigns, but cyberattacks on election infrastructure — possibly illicit funding operations — as part of the election cycle. One takeaway from the UK and other countries — that you’re already aware of in the U.S. — is that this is far beyond just spreading propaganda on social media.

In the end, the UK assessment was that the integrity of it [the election] was largely sound because it’s still based on paper-based voting, frankly, and counting. So there were sort of inbuilt protections from the slightly arcane nature in which the British electoral process works. Some concerns may be around the software used for counting of votes, and that was definitely played out in the Netherlands during its national elections in 2017, where there was a real concern identified about the reliability of software used on the counting machines. And here the real issue wasn’t just the software itself, but the way it was integrated into a very old legacy IT platform — old IT capability. You’ll know, Shawn, from your work in CrowdStrike, what a fundamental challenge that is to so many governments and businesses. When you’re trying to get off legacy IT platforms, the cyber risks and cyber vulnerabilities are going to be very high.

I guess the lesson here is you’ve got to invest in your infrastructure — your IT infrastructure — if you want to have free and fair and sound elections. We know this is as important as it gets, so get your investment right and make sure that we’re learning the lessons of how to deal with cybersecurity.

Just one more point I’d like to make, the European Union itself, which as you know is a collection of 28 member states in Europe, also passed an important resolution about a year ago, in October 2019, aimed at really covering, helping to protect what we knew would happen in this year of 2020: Around 50 regional national and European elections are coming up during this calendar year. That resolution, again on the back of its research and findings by the European Parliament, identified a significant increase in the number of disinformation cases in 2019 — around a thousand in total across the EU. And that’s a doubling, more than a doubling, from the year before. There’s a big action plan promulgated out of that for all the countries in Europe, around the role of social media and technology, making sure they’re more closely collaborating with governments, and the need for a coordinated response across Europe. 

Your point again that this is more than just touching one country, and of course this important point about making sure that we have enhanced security here, but that it doesn’t come at the cost of privacy. It definitely shouldn’t come at the cost of deterring people from actually voting, so it’s a tricky balance to get right. My last point, I just want to echo the point that Bill made, he talked also about the complexity of the threat and that people don’t really understand what’s going on here. Even between the cycle of the U.S. elections of 2016 and 2020, the complexity of the threat has definitely moved on and we really need to up our game as a result.

Shawn Henry

The concept, when I think about 50 elections coming up in 2020 across the EU and the challenges around that to secure and to validate those processes in the current environment, is just staggering — it’s overwhelming. It really highlights the need for this discussion, which is about democracy writ large, as opposed to one particular election.

Bill, back to the coming election in the U.S., there’s been a lot of talk about the electoral system in the United States — that it’s sufficiently decentralized and that attempts to change a significant number of votes that might actually impact an election is incredibly difficult. When the 2016 election was reviewed by the Senate Intel committee, they concluded that Russian hackers had actually probed all 50 electoral systems looking for vulnerabilities. What types of vulnerabilities are there in those systems, and could that possibly change the outcome? In other words, because of the way our system is set up with the electoral college, you don’t necessarily have to change a wide band of votes — maybe focus on a crucial county or a swing state to change the outcome. What are the concerns there and what might we see going forward?

Bill Evanina

That’s a great question and packed a lot of hypotheticals that we look at every day. We, the U.S. government, have had an unprecedented collaborative mindset the last couple of years, with the intelligence community working in partnership with the FBI, DHS [Department of Homeland Security], CISA [Cybersecurity and Infrastructure Security Agency] and all 50 states’ secretaries of state and election officials. We brought in all 50 secretaries of state four times, along with their vendors for election infrastructure. We gave classified briefings of not only the intent of our adversaries but their capabilities, so they [secretaries of state] can understand what those vulnerabilities are in their systems. And let’s be honest, we have over 6,600 election systems in the U.S. None of them are connected and none of them are a bastion of IT awesomeness. The good thing is they’re not connected to the internet, and right now, somewhere around 92% of American votes will have a paper backup, so we’ve made substantial strides. The work that CISA has done with the state and locals has been amazing, not only to gain confidence, but then understand what those vulnerabilities are and the speed at which we, in the intelligence community, take classified information — what we see overseas  and the intent of the Russians, Chinese and Iranians to do “X.” The speed at which we take that [information], wash it thoroughly and get it to the DHS who can then get it to local officials is amazing — and we do it really well.

But not every election infrastructure and local municipality is the same, and they’re not treated the same. Some hire organizations like yourself [CrowdStrike] to help prevent and protect on the cyber side, some don’t, and some have money allocated, some don’t. So it’s very desperate as to what we see from a vulnerability [standpoint].

Strategically, what we saw in 2016 — you referenced the 50 states and snooping around — we’re still seeing that, but the problem is now we’re seeing it from multiple countries, not just Russia. Everyone sees this as a vulnerability, and often what we mistake for election infrastructure isn’t such, it’s a county’s infrastructure. What our adversaries know, as well as what we know, is these infrastructures — which we call election infrastructure — are usually a county infrastructure tied to the rest of the county. You need to potentially only have a ransomware [attack] on a city or a town that’s not tied to election infrastructure, but it will definitely have an impact, so redundancy and resiliency are key phrases that are really important. I think CISA has done a good job in the last couple of years, ensuring that our local election officials understand the criticality of redundancy and resiliency. If you have an outage — and we game-planned all this — starting on election day and moving forward is where we believe the most chaos will be. 

To your premise, if we have four or five counties across America in battleground states that don’t have power or there’s a ransomware attack on a library or in City Hall, and people can’t vote, or they can’t count the votes — we will overcome that because the system of elections is pretty redundant and resilient, and it’s enduring.

But what we can’t overcome is the influence operations that come after that, the ability of our adversaries to exacerbate that and make it a big deal, which is why we need to partner with our cable companies or news media, or newsprint media, and say, “Listen, let’s calm down. Let’s slow down. Let’s look at the facts before we jump to conclusions that we have interference from a nation-state threat actor.” Let’s not jump to that [conclusion], because as you know and people who worked in the cyber world know, if we have an attack — a cyber outage, a power outage or a ransomware attack — the expediency with which we’ll get attribution is not going to be in an hour. We have to have a way, in a democratic society, to overcome that, and then worry about the investigation later. At the same time, have everyone remain calm and still have confidence in the rest of the electoral process on that [election] day or moving forward. 

What’s important to know, for the viewers around the world, is that we’ve spent a lot of time and effort here in the U.S., in the last couple of years, driving these partnerships from the intelligence community, through DHS and all the way down to the local level for this particular reason, so that the local CISO [chief information security officer] in County X understands not only the capability, but the intent of an adversary and how their election system can be mitigated and it can also be compromised. Look back at 2018, we had an issue in Atlanta where there was a ransomware attack on the city [that] had nothing to do with election infrastructure, yet it did at the same time.

The last point I’ll make — and Rob talked about this — as you know, some of this is historical. We look at our adversaries and what have they done? Specifically, what has Russia done in Europe in the last decade on elections? There are 50 [elections] coming up in Europe, so what are the capabilities? What is China doing in Hong Kong and Taiwan? We need to look at that history to be able to juxtapose what’s in the realm of possibility here. I’ll give you one example: In 2014, the Russian intelligence services were very creative. They didn’t interfere in the Ukrainian election, but they interfered with the results, which went from the local officials to the cable news network, because it’s internet-facing. So I guess my cautionary tale to democracies everywhere is you need at all costs to protect anything that faces the internet, because that is our number-one, most vulnerable aspect of where adversaries will continue to drive their chaos.

Shawn Henry

I appreciate that entire response and I would hope that it would give a lot of viewers confidence. Certainly, the risk is there, we see that, but the ability to game-play is one of the things we talk about all the time. I talk to CEOs and boards about tabletop exercises and working through a potential scenario so that you can respond. When it does happen, you’re not trying to cobble together a response, but you’ve actually thought about this and you know who to talk to and how to do it. The point you made about a disruptive attack in an environment where there’s already confusion and concern [because of] challenges with an election, whether it be foreign influence or internal infrastructure, or concerns about a couple of counties where there’s ransomware or denial of service — that concern is being amplified by the media, which is like pouring fuel on a fire to get people concerned. I think your thought process, how you would communicate with the public, work with CISA and perhaps DHS and other agencies to put in a level of calm and give people that sense of confidence that this will be resolved and it’s not widespread, but it’s limited and it’s being addressed, is so important for people to hear. And I really appreciate you going through the process that you’ve used in the DNI to prepare for that.

Rob, let’s take this a step further — everything that Bill said — and then bring it to the international realm. I think detecting election [interference] and the appearance [of it] often relies on foreign intelligence. In 2016, there are reports about other nations that have provided intel to the U.S. intelligence community about what was happening in the 2016 election.

During my time in the FBI, we worked incredibly close with our foreign counterparts, particularly in Europe, on alliances in the cybersecurity space. In fact, that’s where I first met you in the mid-2000s. It’s resulted in the U.S. and their allies having trust and confidence in each other, because we all recognized what an attack on one democracy means to others, because we are a global democracy. Certainly, we have components, but together, I think we fundamentally agree with some basic principles. Now with some of the global tension — can you describe a little bit the current collaboration between members of international intelligence communities in warning and staving off attacks on elections, both among themselves in Europe — you described these 50 elections coming up — as well as with the United States?

Sir Robert Wainwright

Yes, I think we can be reassured, and maybe not all the viewers will understand just how deep-rooted our level of intelligence collaboration is on national security issues. Bill talked about how important it is within the U.S. to have much closer collaboration at the federal and state levels and of course, internationally as well. At the same time, the U.S. has been extending its intelligence links for many years, probably with its closest partner in the intelligence world, the United Kingdom, but also across Europe. With the NATO countries within Europe, this club of intelligence agencies is actually intensifying their cooperation, as well as the sort of institutionally significant developments in the EU like Europol itself, an agency that was formed exactly for this — to promote much more effective cooperation within Europe on important national issues. I think a lot of that has been intensified in recent years, really on the back of this sort of terrorism agenda — following 9/11 and a wave of terrible attacks in Europe over the last few years that’s intensified the need for a much closer national security collaboration.

I’ve kind of had a concern in recent years as to that understandable focus on counterterrorism, whether or not that would push away room for a focus on an issue like election interference. That would be a concern of mine. What I’ve seen and what I’m hearing is that actually, in the last year or two, election interference has become so important, and there’s a much greater intensive effort around it as there should be. My point is that with this new focus and understanding that this is at the heart of our democratic interests, the infrastructure laid down for the last two decades to intensify that level of collaboration is there and can be exploited. You talked about how we did that and to great effect on a major takedown of cyber operations and with terrorism —plenty of successes, so it’s there now and can be used and I’m sure it is being used. 

There are still challenges, but there will always be challenges around resources and how difficult that kind of coordination piece can be across a wide landscape of different countries and different legislative legal routes that you have to take. Also, the specific challenge in Europe right now affecting the UK around Brexit — what does that mean for how closely embedded the UK will still be? That’s a live issue of course.

And don’t forget, what we’re talking about here is very close pan-European and transatlantic cooperation between agencies in Europe and the U.S. For the rest of the world, it’s a much less joined-up picture — much more patchy. And of course, this is to a certain extent affecting many other regions as well, but in our backyards, [it’s] pretty good, I think.

Shawn Henry

That’s reassuring, recognizing the importance of those relationships. I’ve seen the synergy of these international allies working together in a collaborative way and the value, and I think that you’re right talking about building on the counterterrorism model, where there was a widespread sharing of indicators of attack [IOAs] to allow people to work together to better protect their citizenry and their communities. So, I appreciate that analogy. 

Bill, let me turn to you again. You talked a little bit about ransomware and the attack on infrastructure. When we’re talking about the integrity of the actual ecosystem, separate and apart from the misinformation piece — which certainly factors into the ecosystem — but I’m talking about the actual technology. A couple of weeks ago, we saw a ransomware attack on a U.S.-based software vendor that provides election and voter data services to local counties and municipalities. And there have been other nations that have made some drastic changes to their processes. There was a recent article in Wired magazine that put forth solutions for election security from other countries. They talked about the Dutch who had discovered massive security flaws in their software system for counting ballots back in 2017, six weeks before a big election, and they had to count all votes manually. They made that determination. Of course, the Netherlands is a little smaller than the U.S., but nevertheless something they took on. 

Then in Estonia [they have] this kind of physical authentication, because the Estonians are such a highly connected technological society. I think they really do lead the world per capita in their creativity in this space. They have smart cards that citizens have to have to physically authenticate their identity for online banking, paying taxes and voting. 

From a counterintelligence perspective, there’s a story that goes back to 2017 about the hacking of the French presidential candidate, Macron, and emails being leaked just immediately prior to the election. The Macron campaign went public and said that there were fabricated comments and that they had actually put a fake email into their actual email accounts to confuse hackers — a counterintelligence play that they put together. In talking about this, I’m asking about the U.S. and the technological and election security strategies that the government can leverage to help to overcome some of the things that we’re seeing to thwart election interference. And on top of that, how can we define red lines for adversaries, so that if they take actions that are impacting our process, there will be some type of repercussions we can put in place?

Bill Evanina

Those are a lot of good points and questions, Shawn. I think you hit on a lot of key aspects that we are addressing every day now as we get within a month of this election. I’ll take them in small bits and pieces. I think you referenced the 2017 issue, but for your audience here, when you think of 2017 and the cyber world — it’s like five decades ago and the issues we had with technology and capability in 2017 are now like a Commodore 286 — it doesn’t exist anymore. What we have now, in addition to fake “anything,” is we have the concept of deep fakes, [which] is the ability for a cyber actor or a nation-state actor to provide a false email, a false voice recording or a video. This is obviously a mainstay now, so we’re worried about that as well. 

One of the difficulties for the U.S. is that we are so federated — we have over 6,600 different election systems. That’s also a good thing because at scale, no adversary, criminal or other [bad actor] can really impact that system — it’s not connected at all. Even within one state alone, those election systems are not connected at all. However, our adversaries understand that and they know they can impact a county-by-county issue in that city or that county, whether it’s ransomware or another cyberattack, or any kind of a power outage to the electrical grid. We know our adversaries have already set the pace for [those actions] over the last decade, so there’s capability there. 

To your point about red lines, just last week our administration told the Russian Federation very clearly and unequivocally, “Don’t do anything or there’ll be repercussions” and I think there will be with any of the three countries [Russia, China, Iran]. I’m a big believer, [because] I’m in the intelligence world, that imposing costs to adversaries and cyber actors is a big part of this: two things — Costs, with a capital C, as well as attribution and public embarrassment. I think changing the behavior of a foreign nation-state comes with imposing costs and public attribution, and I think the U.S. has gotten much better at that in the last four or five years than we were, Shawn, when you were back in the FBI. We had a lot of difficulty with the administration wanting to attribute nefarious activity of nation-state threat actors. We’ve gotten much better at that and it really puts a global stamp on China, Russia, Iran and North Korea and their nefarious activities. We need to be able to do that.

When you look at what DHS has done working with the FBI on the local level, they’ve put a suite of protection mitigation capabilities together to allow local municipalities and counties to utilize software-based mitigation and be able to say, “Hey, we have this tool available if you want it.” CIS [Center for Internet Security] has done a great job, they put their Albert2 sensors in all 50 states that are forward-leaning, so that we can identify TTPs [tactics, techniques and procedures] and malware that we’ve seen around the world. And back to Rob’s point, the sharing that we’ve seen — not only with our Five Eyes3 but with NATO — of the malware, the TTPs and the indicators of compromise [IOCs] has been daily and robust. We have to be able, as nation-states that are democratic in nature, to share what we’ve seen historically, because that’s what we’re going to [have to do] to keep up. What we all know about our adversaries, whether it be Russia, China, Iran to North Korea, is they tend to do the same thing over and over — just use the same aspects of a technology. The last point I’ll make is that the message we’ve given to every single county, and I’ve given to the presidential campaigns and at the RNC and DNC is [to] minimize the self-inflicted wounds — control the controllables. Let’s patch, patch, patch. Let’s have email passwords changed on a regular basis. Let’s get your smartphones handed back into Apple — get new smartphones. Let’s do everything from a hygiene perspective and do not click on links. Self-inflicted wounds are our biggest liability and vulnerability, and we can control that.

Shawn Henry

I appreciate this kind of back to basics. We sometimes look at this at such a broad level in the campaigns and how they’ve developed over the years, but at the end of the day, so much of this does come down to basics. By using proper hygiene and good practices, policies and procedures, you can actually eliminate an awful lot rather than shooting yourself in the foot, because you left the back door wide open and somebody walked in and took your server. So, I appreciate that last piece about back to basics and the deterrence piece as well. I think it’s so important to message what the ramifications on an attack may be in terms of deterring an adversary, because at the end of the day, governments have to influence other governments if they’re the ones that are taking action. An inability to do that means that they [adversaries] will continue to launch their attacks undeterred.

Rob, let me ask you a question. We’ve been talking a lot about governments and different government agencies, the Intel community, etc., but what we haven’t really talked about is the private sector and how the private sector can work with government agencies to protect the integrity of elections. They certainly have a role — they own a lot of the infrastructure, and they’re supporting the infrastructure. How can you take advantage of the two for stronger collaboration in order to harden the infrastructure? What’s the best way forward there?

Sir Robert Wainwright

Obviously, there’s a big role here for the private sector and clearly the large tech and social media platforms, especially. They have a role, they have a responsibility to society to get this right, and we know that the business model of social media companies is very, very powerful, and it runs on powerful algorithms that can drive their business model. Those algorithms can also maybe be used to protect the way in which harm can be exploited on those platforms. We’ve seen that on terrorism, how social media companies, in the last five years, have done a pretty good job of using the technological capabilities to identify and remove the vast majority of terrorist content online. And I know some of those companies are working at a much more intensive rate than they were in 2016, because the challenge and the threat have [continued] on. There’s a big role that they can play, turning their great minds and capabilities in a tech world to also help us protect the integrity of elections.

The big point though, Shawn, and you hinted at it in the way you asked the question, is that this is not just about what role governments can play on one side and private companies on the other. It’s very much about the collaboration and getting that public/private partnership in the right space so that it’s all hands on deck in a uniform way. 

They each bring different things to what that collaborative effort looks like, and across Europe, we’ve seen — in the Netherlands and other countries — how telcos, as well as social media platforms, the internet service providers, and other parts of business, have worked very closely with law enforcement intelligence agencies under a kind of a government-run, task-force style approach. This idea of a multi-agency, multi-sector approach is clearly the right way and it’s worked in other areas as well. As to what collectively they should be doing — it is about getting the hygiene right. It’s about making sure that we have common cybersecurity standards across our election infrastructure, as well as understanding where the threats are coming from. 

Those two critical areas — making sure cybersecurity standards are high across the board and enforced that way, and making sure that we’re aware of what the threat is and what the intelligence looks like — are the two areas around which we can see great collaboration between governments and the private sector.

Shawn Henry

Yes, it’s a whole-of-society response in addition to the government and the private sector individual citizens. It’s about coming together in unison and recognizing the risk and taking those actions. I appreciate those comments. 

Bill, I wanted to ask you, just kind of building on Rob’s point about the private sector: There’s been a lot of discussion about social media platforms in the U.S. We’ve seen CEOs of major companies being brought before Congress to talk about their platforms and how their platforms are being exploited and really used to influence people. What are your thoughts there, building on that public/private partnership piece, on the responsibility of those social media platforms, and what the future might look like going forward?

Bill Evanina

This is a really important question and it’s complicated. I’m going to speak a little bit from my role as head of counterintelligence and security, but mostly I’m going to speak as an American citizen and member of a democracy, because I think this really cuts across multiple fabrics of our democratic ecosystem. I’ll preface it by saying, I believe personally, not in my role here, that the expeditious nature with which government partners with the private sector will be a key ingredient to maintaining democracies around the world.

How we are situated in the global economy with the manifestation of social media and the attacks we’ve seen from nefarious countries on our democratic values and processes means the government and the public/private partnership has never been more important than it is right now. A couple of key aspects of that — when it comes to not just elections but in general. When you look at the value sets here, and we put this out in our counterintelligence, intelligence strategy back in January, we really did a paradigm shift to say, “We’re no longer going to talk about who’s doing what to the U.S., Great Britain and Australia — we’re not about what they are doing.” Our five pillars of the strategy are critical infrastructure — specifically telecommunications, energy, financial systems — supply chain, malign foreign influence, cyber and economic security. 

Those things are not owned by governments, they’re owned by the private sector and the constituents of the countries. We have to be really conscious of what our adversaries are trying to do. So, let’s talk about social media companies and managed service providers. I mean, how many times a week do we have to look in the paper and see DOJ, or around the world, the Brits, having issues with adversaries penetrating managed service providers? It’s becoming commonplace and we have to find a mitigation strategy that works not only for the managed service providers, but provides a prophylactic against any kind of regulatory oversight.

I think this is where Congress, and the Parliament in the UK and across the democracies, have to find a happy medium to not only protect big companies and tech companies and managed service providers, but at the same time have some solutions and a policy. Right now, the U.S. government has no policy on this issue. We’re calling all the leaders in front of Congress to scold them for what they’re doing and not doing, but there are no guidelines. The technology for which we have platforms in social media has well exceeded any government’s ability to regulate. And again, in a democracy, we want to minimize the word “regulate.” I would proffer that we have to find a way to be able to help protect private sector companies against nefarious actors, and at the same time provide some guardrails for regulatory issues to give them some rules to go by.

And one metaphor I’ll use is the Equifax breach. Over a couple of years, you look at what happened with Equifax. I consider that one of the greatest successes, from the Ministry of State Security and PLA [People’s Liberation Army] out of China, we’ve seen in a long time. People say, “Well, wait a minute, that was a hack, that was a theft of PII.” No, it was more than that. They came away with proprietary data and state secrets from Equifax with respect to their algorithms and their business rules for connecting to major banking institutions. That is a counterintelligence activity. And when the CEO says publicly, “I’m not sure what my company could have done differently to defend against a nation-state intelligence service,” we have to acknowledge what’s happening right now around the globe — our nation-state actors are using intelligence services to attack private sector companies.

We have to be willing and able to partner. And that partnership starts not only with intelligence sharing on steroids, but we have to find a happy medium where we can provide due diligence with sharing information and at the same time [provide] some privacy protection and protection from [regulations] that [impose] sanctions after a company becomes victimized. Being a victim cannot be something that’s going to carry penalties, we have to find a happy medium. And this election cycle, as we partner with Facebook, YouTube, Twitter and all the social media companies, has really exacerbated their concern and desire to help be a solution in protecting our democracy. But they also have to somehow be protected down the road when their constituents, which are global, might complain. It’s a very complicated situation, but I think government needs to speed up and catch up to technology in this space.

Shawn Henry

Yes, I couldn’t agree more. I think about the one comment that you made about how you have young men and women in the private sector who are literally doing hand-to-hand combat on keyboards with trained military professionals, military soldiers and foreign intelligence officers who have unbelievable resources. They’ve got motivation and they’ve got unlimited budgets in many cases and their capabilities are strong. I think that the government learning from the private sector and this whole piece about collaboration is so important in terms of protecting the infrastructure.

Rob, let me give you an opportunity to make some final comments here. I feel like we could talk for hours about this with the two of you, but we’ve got a limited time. Let me turn to you for some final comments and thoughts.

Sir Robert Wainwright

I just want to end, Shawn, where you started. This is about as important as it gets for any democracy. It’s the most important public issue and it comes down to such fundamental things like how we can embed or protect levels of trust and public confidence in the main pillar of running a democracy.

I mention that because when you see it through that lens and we all should see that, whether or not you are a CEO of a social media platform, a political leader or an intelligence chief — when you see it in the same way through that lens, you should know that you have to throw everything at this to get it right. Prioritize it in the way that we have done, in a collective way, in a successful way, [as] a threat from terrorism for many years.

That’s throwing the full range of government and business capabilities out in a concerted way, at a national and international level. I mention that because it requires leadership within all those sectors — it is that important and we’re going to get it right. Now, put your money where your mouth is and follow up on that by investing in the right kind of collaboration and the technological tools we need to get this right, so that we can protect democracy from what is clearly a much more dangerous threat today than we’ve seen in the past.

Shawn Henry 

I appreciate the word “leadership,” because in so many of the experiences that I’ve had in my professional life where there’s been great success, it’s been because of strong leadership, and where there’s been failure, it’s been because of a lack of leadership. Now more than ever, the leadership by so many people to step up and recognize the risk is so critically important. Bill, let me give you an opportunity to make some final comments or thoughts.

Bill Evanina

First of all, to Rob’s last point … I think we have to do a better job of educating our voters and the populace in our democratic countries [about] why the threat to democracy through the elections is an existential threat. A terrorism threat is a kinetic thing — it’s something that comes and it goes — people get hurt, they die, it’s horrific. But the threat to a democratic country and an institution’s morals and values is long-lasting and we need to have protections in place to make it [protection] enduring.

We have not succeeded, across our democratic countries, in explaining to our populace how important and how fragile our democracy is. The core fundamental basis of that fragility is free and open elections. We have to be able — at the core basis of a democracy — to provide protected, free and open elections, and have the members of our populace have confidence in the voting systems and processes so they go out and vote. If we cannot as democratic societies ensure that, we have a lot more problems than we think we do.

It behooves all of us collectively, the government and the leadership, because I do agree with Rob, we’ve got to have leaders. We also have to have collective want and understanding that our democracy is a fragile thing, and it starts and stops with the ability to [select] our officials who lead us. And if we can do anything to prevent that [threat to democracy], not only here in the U.S. in three and a half weeks, but in Europe in the elections, the most important thing we can do is vote. If you look at 2016 here in the United States, just over 60% of eligible voters voted. Just imagine the democracy [we would have] if we get to 80% or 90%, how different we will look as a nation and as democratic nations around the globe. Voting is the ultimate mitigation to any threat we have from influence, disinformation or threats to our democratic values and institutions.

Shawn Henry

That’s a great way for us to conclude. I appreciate your comments about the fragility of democracy. I think democracy is too important. The right to vote for sure, but then those elected officials who help to keep basic human rights free — things like freedom of speech and freedom of religion and freedom of the press, the concepts that this country was built on and democracies around the world have been built on. I think there have been too many sacrifices made to keep this country free, to keep democracy, and there’ve been too many lives lost around the world protecting democracy, people that all three of us know who’ve died in defense of our respective nations and made the ultimate sacrifice. That’s why I take this seriously, and I know both of you take it seriously. I hope that our audience has learned something.

This has been a fascinating discussion by two gentlemen who are true experts in this space and are patriots for democracy. Having worked with both of them, I have tremendous respect and appreciation for what you both have done, your passion and your enthusiasm and your commitment to freedom and democracy. I want to thank you both for your service to your governments, for your service to democracy globally, and for your continued efforts to help raise awareness and to keep us all safe. So thank you both. Thank you to our audience, and get out and vote!

 1.The term “near abroad” is used by the Russian Federation to refer to the fourteen Soviet successor states other than Russia. 

2. Albert is a cost-effective intrusion detection system (IDS) that uses open-source software combined with the expertise of the CIS 24×7 security 0perations center (SOC) to provide enhanced monitoring capabilities and notifications of malicious activity.

 3. Five Eyes (FVEY) is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. These countries are parties to the multilateral UKUSA Agreement, a treaty for joint cooperation in signals intelligence.

Additional Resources

CrowdStrike Falcon Free Trial

Try CrowdStrike Free for 15 Days Get Started with A Free Trial