I'd like to highlight a couple notable election-related alerts from @CISAgov & @FBI this week, put in context some recent news, & frame my main areas of concern for threats to the 2022 election (NB: it's not just "Midterms", as there are statewide elections).

1st, this alert from Monday reinforces prior govt position no cyber activity has prevented voting, affected counting, affected integrity of voter info. It goes further, stating that it's *unlikely* cyber itself would disrupt/prevent an election. cisa.gov/sites/default/…

That's a stronger line than I've seen before, though I've long held this view. Mainly b/c the layered controls in place & the overall resilience of the voting process (hooray for paper!) to spot/stop/prevent. Moreover, affecting the vote at scale undetected is nearly impossible.

Bottom line: it's hard to do at scale undetected & the consequences would be massive - technically attacking our election systems & changing/attempting to change outcomes would = an "is this war?" discussion. Note that in 2016 the Russians were not in a position to affect votes.

But that doesn't mean we're out of the woods just yet, b/c as we've seen before, foreign & domestic actors both seize on the fear/uncertainty of a technical attack to cause an overreaction, undermining confidence/seed doubt in the legitimacy of elections, aka a "Perception Hack."

Which takes us to this second alert from Thursday, specifically calling out foreign actors amplifying reports of real or alleged cyber activity against election infrastructure, all intended to undermine confidence in our elections.
cisa.gov/sites/default/…

It's worth highlighting that these alerts call out foreign actors, not domestic. But these techniques have obviously been used by domestic actors in the wake of 2020 and continue through today.

Case in point: this week's news an election technology firm allegedly hosted some sort of election-related data in China, which led the StopTheStealers to fall into a frothy rage that all their hopes and dreams have been realized & the former president will be restored to the WH.

But as I've said before, if you don't understand how anything works, everything looks like some sort of conspiracy (theory). In reality, elections have evolved over the last few decades & like every other business, technology is use to improve efficiency, access, and accuracy.

But thru that evolution, election officials - who are natural risk managers - have evolved controls to ensure software/hardware aren't single points of failure. So if a bad thing happens, it's not fatal to the process. Elections are perfect, but controls are there to limit risk

In the case of the tech firm, given the services they offer, it seems the data may have been poll worker information. Not voter reg, not access to casting, counting, or managing election results. Maybe a contract violation & claimed data theft, but not an election security risk.

And yet this situation is getting foisted up as the holy grail evidence of the stolen election, never mind the utter lack of connection to anything related to the secure conduct of an election. An overreaction and attempt to Perception Hack. We'll leave motives alone for now.

So, consistent with the CISA/FBI alerts, my great concerns with the 22 election center on:
1) continued efforts to delegitimize 2020 election
2) continued threats against poll workers
3) radicalized poll workers as insider threats
4) foreign actors exploiting domestic narratives

Here's how it plays out: Innocuous thing happens, the usual suspects say "told ya so", bad actors foreign/domestic boost claims democracy is being stolen & civil war is nigh, threats against election workers spike, someone carries thru & a worker is hurt or worse.

Not a great situation and unfortunately, too few leaders are leading right now by calling out this BS that is so clearly undercutting confidence, all the while giving our adversaries the B roll at home to say "see, democracy is a mess" & at the same time stoking the fires here.

So how do we counter? First, we need more election officials like @stephen_richer - the most transparent election official around. His constant briefings and community engagement removes opportunity space for disinfo spreaders by shining light throughout the process.

Second, voters should look to those election officials for authoritative information on what's happening in an election, not an influencer, the commentariat, or your aunt's cousin's brother. I know it might be asking a lot, but be more discerning. #TrustedInfo2022

Third, community and business leaders regardless of political party should support & encourage election officials and condemn threats to workers. State and local law enforcement should aggressively investigate and prosecute those that make threats.

Fourth, and this is the biggest stretch, political leaders should loudly reject those in their party that trade on stolen election claims. I don't care if it was 2016, 2020, or the primary this year, the election wasn't rigged. You lost because not enough voters believed in you.

None of these are going to fix what's wrong with today's political discourse - but it's a start and we need leaders to start leading, whether in our politics, business, or communities. If we want to continue as a democracy, we have to start acting like it. /FIN

ERRATA: Even with my snazzy Twitter Blue I’m not able to edit an above tweet. I meant to say “Elections *aren’t* perfect” UGH.