5 minutes with James Woolsey – On Securing U.S. Voting Systems Now and Into the Future | 2020-11-03

Former Central Intelligence Agency (CIA) Director R. James Woolsey Jr., a veteran of four presidential administrations and one of the nation’s leading intelligence experts, believes we should be worried about election security on a number of levels — though he says there are some relatively easy fixes.

Woolsey was recently interviewed in a new documentary on the subject, titled “The Real Activist,” set to release today, November 3, 2020 on Amazon Prime. The documentary explores the vulnerability of future U.S. elections as well as solutions to secure the voting process, and interviews a number of computer scientists, politicians and activists, in addition to Woolsey, including one of the creators of open source software and a veteran in banking system software Brian J. Fox. Moving election software from being held under private licenses by tech companies to openly sourced software, allowing for more transparency in the voting process itself as well as security of the voting process, is discussed in the film.

Here we discuss with R. James Woolsey and Brian J. Fox, the security threats surrounding the voting process, measures that can be put in place to mitigate those risks, as well as what Woolsey considers the biggest security threat to the U.S. outside of election security.

Security magazine: What are the security threats surrounding the voting process?

Woolsey: Well from a software perspective, I’d say there are three. First is a direct attack on a system such as voting tabulation. The second is a direct attack on a system manufacturer of machine voting system or software, and the third would be misinformation or increasingly called dezinformatsia [a.k.a untrue propaganda or fake news], which can lead to people not voting or voting for something they don’t want. This is increasingly a problem and it is all about undermining faith in the system.

One thing I should mention, is these attacks can come from outside the election system, such as a bad actor, individual or a group and that can take a number of different forms from denial of voting, making machines unavailable or modifying vote count. There are all sorts of possibilities. With social media, dezinformatsia looks very different because you can drown an opponent with various types of social media — you can wreak havoc.

Security magazine: What security measures can be put in place to mitigate some of the threats?

Woolsey: Once you discover someone in the system whatever or whoever it is, you’ve got to fix it. We have a problem in that sometimes a manufacturer would rather keep a program than fix it. That leaves us dead in the water. Open source software seems to me to be quite clearly essential in this.

But there is not a single solution. [With social media and dezinformatsia] it’s extremely important to play offense as well as defense and figure out how to effectively undercut the misuse of social media. That’s vital now — years ago nobody would have talked about that as an issue. From our point of view “informatsia” can work just as well as dezinformatsia.

We can’t forget that we do have some real leverage. I was just given the job of heading up the Conventional Armed Forces in Europe (CFE) Treaty in Europe in 1989 [negotiated during the final years of the Cold War] and the first night I was there in my apartment I saw the Berlin Wall coming down on CNN and I thought ‘well that might have some effect on my negotiations,’ and yes it did. So, we can’t give up on parts of informatsia that we can own and use — we have to realize that we can use clear and honest information on our side very effectively.

Fox: From a technological standpoint, we can combat disinformation with information from history that we have put in a public trust to protect that truth, to be stored in technologies like blockchain ledgers and kept safe so that when somebody tries to discredit those facts we have an actual trail of truth that can be believable.

Security magazine: Transparency surrounding the voting software and election process is tackled in the documentary. We expect accountability and transparency in the private sector in terms of data breaches and privacy—explain what level of transparency you think the government should offer for elections.

Woolsey: It’s very important to do what we can to get to transparency and enlist our fellow hackers in a common effort…but that’s hard. In the past, we didn’t have trouble getting distinguished people willing to work with the government, but on the whole now it’s tough because we are in a world in which those [highly qualified people] are at private companies and the high-tech companies of Silicon Valley are ignoring us, more focused on the stock market.

This is tough and [election security] is a very serious issue and one that we’ve got to deal with and we have not dealt with very well. But just as there is a ready defense coming up with new and creative approaches to attack, we’ve got to come up with new and creative approaches and improve our standing by bringing in the best and working together creatively going forward.

When I was Under Secretary of the Navy, if we needed a new solution to something particularly important…we called a specialist of a government contractor and we’d work together. That was the norm, not a stray occurrence. We are all in this together and we’ve got to keep on working or we will all go down together.

Fox: We need 100% of transparency of details in the election process. There is no bias when it comes to password protection, and we need to understand security in the voting process: we don’t need to know who voted for whom; we need transparency in the process to make sure the actual process is working.

Security magazine: On a separate note, what do you consider the biggest security threat to the country and one that private enterprises should prepare for?

Woolsey: Electromagnetic pulse. [A nuclear electromagnetic pulse (nuclear EMP, or NEMP) is a burst of electromagnetic radiation created by a nuclear explosion. The resulting rapidly varying electronic and magnetic fields may couple with electrical and electronic systems to produce damaging current and voltage surges. A high altitude EMP can cause lingering atmospheric effects, which can last several hours or even days.]

You don’t need a nuclear weapon to use or threaten with it. It can be put it in a weather balloon or a suitcase. You can generally assume that any country that has a nuclear weapon, even a primitive one and a scud missile can launch something and take out electric grid, for example.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.