The London Center IT Challenge: Prove the 2020 Elections Were "The Most Secure Ever"
(photo credit: Unseen History)
With the SolarWinds cyber fiasco currently undergoing damage assessment, (and in the wake of a nearly endless list of data thefts from various US Government data bases, as well as studies detailing vulnerabilities of virtually every major US infrastructure to cyber attacks, as well as most government agencies) it highlights an even bigger problem – how can anyone who understands the cyber world claim that any electronic system, particularly if connected to the internet, is “safe” or “secure”?
With its unique blend of personnel with experience in military affairs, global strategies, Information Technology and even cyber warfare, we at the London Center for Policy Research are issuing a public challenge to the Department of Homeland Security, the Federal Elections Commission, and the several state election commissions: tell us, simply and concisely, in plain English, how any expert can claim that our elections were not hacked, that in the words of the then Director of the US Cybersecurity and Infrastructure Security Agency, Christopher Krebs, testifying to Congress, the 2020 election was “the most secure in American history”? If Director Krebs was sincere in his statement, it would appear a terrible indictment his agency and perhaps the entire cyber effort inside the US Government, a failure at the highest levels of government to understand the reality of our current risk; simply put, we do not believe anyone who understands cyber warfare can possibly believe our election systems are secure now (or have been secure in the past).
Convince us otherwise and we will award a prize.
It seems to us, even with only a generalized knowledge of the activities of the National Security Agency and the Department of Defense Cyber Command, that the highly successful Stuxnet attack on the Iranian nuclear program demonstrated that virtually every electronic data system is at risk. This is true even when “air-gapped” (not connected to the internet); such systems are increasingly vulnerable to hacking, and this includes not just computer systems but any electronic systems that utilize any sort of microchip technology and software to performs their basic functions. This has been demonstrated time and again, as both government agencies and many private sector corporations and businesses, large and small, have been hacked and attacked. Large data losses are common and frequently reported to the public, as are so-called “Ransomware” attacks. Attacks range everywhere from “simple” data thefts, to data manipulation, to the generation of false and damaging instructions (public reporting suggests this is what Stuxnet did to the Iranian Nuclear Weapons development program), even to the point of managing to take control of a vehicle from a driver - remotely.
We also know that foreign actors such as China, Russia, Iran and North Korea are all well-versed in cyber warfare. It is not a large leap to realize that interference with the US national elections must be their number one, top priority target with the potential for causing the most damage to their biggest adversary. Accordingly we must believe that they are spending, and have spent, vast resources in time, treasure, equipment, research and manpower to achieve that aim.
It is important to understand that the most successful intelligence operations, including cyber attacks, are completely covert – permanently. This includes destroying all evidence of the existence of related weapons (in this case malicious software) and also the laying of false trails to mislead forensic investigation once the attack is suspected or known. In the theater of cyber warfare, there are no certain fingerprints or flags, there are only trails and suggestions (unless the enemy gets careless or political calculation rears its ugly, interfering (from any intelligence operatives point of view) head and divulges secrets for political gain). Thus a successful cyber attack, even if detected, cannot be attributed to a particular foe with absolute certainty.
There is a growing body of evidence, slowly being made public, that our election machines and systems were not secure. We believe that they cannot, given the current state of Information Technology, be secured and that the United States (particularly Congress, but to include state legislatures) must therefore take immediate action to protect our elections and remove electronic machinery from any key role in our voting systems. This is not to suggest that some machinery cannot be used to assist the process of achieving rapid preliminary results and communicating those results to the public, but they must not become or remain the primary means of counting or reporting vote totals, at any level.
Our current dependence on electronic systems has left us unable to endorse any candidate, for any party or position, as legitimate. This is a major weakness in the fabric of society, one that has enormous potential for damage in so many ways that we fear for the future of this country. That is why we are challenging anyone to come up with a rational, reasonable argument to convince us that our fears are unfounded, that we are wrong about the threat of foreign (or malign domestic) interference in the most important civic action we citizens participate in - voting. The elections we vote in must be free and fair, and equally, they must be seen by all to be free and fair, to ensure the legitimacy of the politicians in whom we necessarily must repose so much power. In our view, no politician can now claim to represent The People and no laws passed by the current “elected” legislators can be valid until we hold an election in which we can have faith.
Prove us wrong – please!
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. (CISA Alert AA20-352A)