With the recent election in the US and the inflammatory rhetoric from President Trump, the spotlight has once again come up on election tampering. While there isn’t any evidence of any fraud or tampering going on, it does call us back to the 2016 election, where Russia attempted to interfere. As such, a new fervor and focus has been raised around protection elections going into the future, and not just the current ones in 2020.

To that end, a recent security panel was convened and sponsored by the Canadian Conference of Defence Associations Institute, a representative body of around 400,000 active and veteran members of the Canadian armed forces. The institute also represented Canadian armed forces with the EU, so it definitely holds a lot of sway. In addition, this panel was moderated by Richard Fadden, the former national security advisor of Canada.

A Coalition of the Willing

It was during said panel that the former associate deputy director of the CIA’s digital innovation branch, Sean Roche, called for a “Coalition of the Willing” to fight any electoral tampering by foreign nations, as well as cyber-attacks and misinformation in general. Of course, he was slightly more hesitant when asked if a cyber-attack on a Nato country would trigger Article 5 of the charter, which would call all the NATO countries to respond in kind.

Roche then clarified that it would certainly be much better to have the basis of any future action be like-mindedness, rather Article 5. His belief is that any policies and actions would be rolled out much faster if co-operation was done outside of NATO obligations, especially since some countries in NATO may be somewhat opposed to said obligations.

Most importantly, according to Roche, is countries acting collectively to not only condemn cyber-attacks, but also to attribute them to the correct attackers. In his mind, expanding the information-sharing infrastructure is pivotal for quick and effective action, saying that “We cannot have everything locked away in a safe”. Speed is true of the essence when it comes to countering a cyber-attack, and having things moving at the pace of bureaucracy can be problematic.

Russia & China Biggest Threats

According to Richard Fadden, “Clearly Russia and China are the main players, and we need to work our way through what they are doing”. He goes on to point out that the interference with elections is just one tool in the toolbox when it comes to undermining democracy and freedom. If anything, Fadden warns that we shouldn’t only be focusing on election tampering, here in Canada and abroad, but also on the increasing influence of these nations.

In fact, in the last couple of weeks, we reported on the worsening tensions between Canada and China as well as China exporting their surveillance infrastructure. This issue speaks directly to the increasingly worrying influence of China and other nations when it comes to cybersecurity and our linked tech industries. By having easy access through these regimes and policies, China and other nations can easily interfere in the security of our freedoms.

Similarly, disinformation campaigns by nations like Russia and China can undermine the legitimacy of elected officials. Just last month the Director of National Intelligence John Ratcliffe and FBI Director Christopher Wray claimed that Russia and Iran had used voter registration information (which is public), to send out emails with content made to look like it came from the right-wing group Proud Boys.

Thankfully, any attempt to undermine the US elections, which could have issues for Canadians down the line, has been dealt with. The director of the Cybersecurity and Infrastructure Security Agency, Christopher Krebs, said that they have “addressed those threats quickly, comprehensively and publicly”. Also, while there have also been multiple attempts at interference, election infrastructure seems to be robust enough to avoid any issues.

More Stick than Carrot

So once a nation has been named for carrying out a cyberattack, what’s the next step? Well, the most common political tool comes in the form of sanctions. The EU already has some tools when it comes to dealing with these issues, for example denying entry to those who have been involved in cyberattacks, or even freezing bank accounts (or reclaiming them completely).

Unfortunately, Fadden argues, individual state or union actions might not be enough when it comes to dealing a blow to cybercrime. After all, just because somebody has been denied entry into the EU or the use of bank accounts there, it doesn’t mean that they can’t go somewhere else. Or, in a worse case, could even hire somebody to go in their stead and use the accounts for them.

Interestingly enough, while Roche believes that we should go after countries and people who carry out cybercrimes, he does not believe that it could come in the form of retaliatory cyberattacks. Essentially the argument here is that One can’t judge another country for actions One has already taken, it would be too much of a hypocrisy, as well as a problem diplomatically and politically.

Finally, we also have to consider the wider picture when it comes to countries like China and Russia. There are trade deals and diplomatic agreements that are at stake, and therefore it’s important to balance those with firm and fair action. Sanctions, especially economic ones do work, but it should generally be left to last unless nothing else works.

As for the average citizen in both the US and Canada, for the time being, there is no reason to believe that elections aren’t fair and protected. So far, there’s been no evidence of successful interference from a foreign nation. Similarly, there hasn’t been any evidence to say that any fraud has been carried out.

Therefore, it’s important to remain calm, trust the results of any election, and press our representatives to ensure that cyberattacks to not interfere with our freedoms and our democracy.