News

Keeping US elections safe from hackers

Robert Mueller’s former chief of staff from his time at the FBI says Washington isn’t doing nearly enough to secure U.S. election systems in the wake of the special counsel report on Russian interference in 2016.

John Carlin, who now chairs the law firm Morrison & Foerster’s global risk and crisis management group and co-chairs its national security practice group, told The Hill in a recent interview that foreign threats against elections are “here and present,” adding that he “absolutely” expects Moscow to attempt to interfere in this year’s vote.

“The overall message that the seriousness of what they found in terms of the Russian government interfering in our elections in a sweeping and systematic action, you would hope that this is the type of report that would drive in a bipartisan way all Americans to see what we can do to prevent it from occurring again,” said Carlin. “I wish there would be more of a bipartisan focus on what Russia did and holding them [to] account.”

ADVERTISEMENT

Carlin noted that while “there have been improvements” from the federal government to address election security concerns — most notably $425 million Congress designated to states for election security as part of the recent appropriations cycle — the ongoing “plague” of ransomware attacks poses a new threat.

“The two are linked when you see the disruption of services caused in some of the ransomware attacks,” Carlin said of ransomware strikes, which involve an attacker locking a system and demanding money to unencrypt it. “If you had someone who wasn’t doing it for money but was doing it to cause maximum disruption around Election Day, I guess you have the two issues marry up.”

Carlin is calling for all 50 states to move to voting systems with paper ballot backups, which multiple ones do not currently use, and also for keeping one eye on the horizon in terms of addressing future threats to elections, such as ongoing disinformation campaigns on social media.

Carlin, a Harvard Law School graduate, served as the assistant attorney general for the Department of Justice’s National Security Division, a position that required Senate confirmation and had him leading nearly 400 employees. He was involved in the investigation into the attack on Sony Entertainment’s computer systems by North Korean actors, as well as prosecuting the Boston Marathon bombing case.

Carlin also brought charges against multiple Iranian actors for launching cyberattacks against the U.S. financial sector, an issue that has again entered public awareness in the midst of heightened tensions between Washington and Tehran over this month’s killing of Iranian Gen. Qassem Soleimani.

ADVERTISEMENT

Carlin said now that Iran has responded by attacking a pair of bases in Iraq housing American troops, it will look to target the U.S. in cyberspace next.

“I think we are in for a campaign, and there are two things to look out for: One would be actual attacks that are not attributable,” Carlin said of potential Iranian cyber strikes. “More worrying would be proxies and easily affiliated groups that are acting under the general increase in hostility, because they are more likely to miscalibrate.”

Carlin, who grew up in New York, can trace his focus on national security to early in his career, when the Sept. 11, 2001, terrorist attacks left him temporarily unable to contact multiple family members who were in New York that day.

“My desire to serve in national security came from feeling lucky that my family was OK,” Carlin said. “My father was in some way underneath the World Trade Center on 9/11, my brother-in-law was across the street, my wife was in New York at the time, and I remember doing the phone calls to make sure that they were OK, and I was lucky that we were.”

In 2018, in conjunction with Garrett Graff, a former journalist and another top official at the Aspen Institute, Carlin co-wrote “Dawn of the Code War,” which detailed threats against the U.S. in cyberspace from foreign governments and other malicious actors — and the dawning of a new Cold War online.

ADVERTISEMENT

Carlin told The Hill that, more than a year later, he has not seen “sufficient action from either the executive branch or Congress” in confronting threats from nation states and organized criminal groups.

“There is more awareness but unfortunately no, there is insufficient action,” he said.

Carlin noted that his cybersecurity concerns extend beyond elections, pointing to potential vulnerabilities of web-connected devices, commonly referred to as the “internet of things” (IoT), which includes everything from mobile phones to cars to refrigerators.

“The default of connection is insecure, so insecure that a child with publicly available software can in some cases hack and kill,” he said.

With an estimated 7 billion IoT devices in use worldwide right now and millions more predicted to be added in the next few years, Carlin noted that the world is at an “inflection point” in regard to addressing their security concerns.

“We use it for everything now, from banking to defense systems to vehicles and planes,” Carlin said of the internet. “That is where we are now, and we are on the cusp of connecting millions of new devices to that same insecure tech … it’s vital that we tackle it now.”

Leave a Reply

Your email address will not be published.

Pin It on Pinterest