U.S. election security officials are bracing the American public for a new type of worst-case scenario for the Nov. 3 presidential election — a flood of disinformation in the hours after the polls close, casting doubt on the results and on the process itself, as voters wait to learn who will lead the country for the next four years.
Making matters more precarious, officials warn the potential attacks are likely to be pervasive, designed to make Americans suspicious of any information they get, even from normally trusted sources.
“Foreign actors and cybercriminals could create new websites, change existing websites, and create or share corresponding social media content to spread false information,” the Federal Bureau of Investigation (FBI) and the Cybersecurity and Information Security Agency (CISA) warned in a public service announcement issued late Tuesday.
“The FBI and CISA urge the American public to critically evaluate the sources of the information they consume and to seek out reliable and verified information from trusted sources, such as state and local election officials,” the announcement said. “The public should also be aware that if foreign actors or cybercriminals were able to successfully change an election-related website, the underlying data and internal systems would remain uncompromised.”
The fears are not new. For months, federal and state election security officials have been trying to prepare voters, telling them that because of an expected increase in the use of mail-in ballots due to the coronavirus pandemic, it could be days before a presidential election winner can be declared.
U.S. counterintelligence officials have also warned in recent months that countries like China, Russia and Iran, as well as other cyber actors, have been carrying out influence operations to “undermine the American people’s confidence in our democratic process.”
But the new warning from the FBI and CISA goes further, laying out how adversaries may try to mislead the American public on the internet and through social media.
Shutting down a wave of disinformation as the polls close could prove challenging.
Still, some election officials see reason to hope based on the willingness of social media companies to meet with them periodically over the past several months to address disinformation campaigns, with some efforts already paying off.
On Tuesday, Facebook took down more than 150 accounts, pages and groups tied to China, some of which targeted the U.S. election.
Facebook and Twitter have also announced takedowns of accounts linked to Russia’s Internet Research Agency troll farm.
Earlier this month, Microsoft went public with information about how hackers linked to China, Russia and Iran actively targeted the campaigns of U.S. President Donald Trump and that of his main challenger, former Vice President Joe Biden.
Some experts worry it may not be enough.
"Many of the dominant platforms have decided to step up and be much more proactive,” Emily Fry, director for Cyber Integration at The MITRE Corporation, said Tuesday during a forum hosted by Auburn University’s McCrary Institute.
"But at the same time, what they are doing here is unilateral, and unilateral platform-by-platform activity is only one part of what we need in order to understand and combat systemic problems across the social media ecosystem.”
Some state officials are similarly uneasy about their abilities to combat a massive disinformation campaign.
"I do worry about in those last couple of days and on Election Day,” said Pennsylvania Secretary of State Kathy Boockvar, who also spoke at the Auburn University event.
“I keep telling people, don't click retweet,” she said. “It's so easy to perpetuate. And of course, that's what our foreign adversaries, that's what our domestic adversaries, that's what they want us to do to undermine confidence in the election."
CISA and state election officials have been pushing back, trying to inoculate voters against the expected wave of disinformation, urging them to prepare, participate and, especially, to be patient.
“This is probably going to take a little bit longer to do the counting because of the increase in absentee ballots,” CISA Director Christopher Krebs, said last week at the virtual Billington Cybersecurity Summit. “Have a little bit of patience. Democracy wasn't made overnight.”