UC political scientist Richard Harknett testifies on Feb. 13 before the Senate Armed Services Subcommittee on Cybersecurity.  Photo: C-Span video screenshot


UC cybersecurity expert to Senate subcommittee: U.S. midterm elections at high risk for cyberattacks


University of Cincinnati political scientist Richard Harknett warned congressional lawmakers and U.S. Cyber Command officials last week that the U.S. remains at high risk for foreign intrusion in the upcoming midterm elections — and the campaigns to come, he cautioned, could make the Russian interference in the 2016 election look like the
“Stone Age.”

 

 

by Rachel Richardson
513-556-5219

 

Feb. 19, 2018

 

Russian meddling in the 2016 election was the “Stone Age” compared to the sophistication of cyber assaults on American elections to come, a University of Cincinnati political scientist warned congressional lawmakers and U.S. Cyber Command officials last week.

Richard Harknett, a UC professor of political science and renowned cybersecurity expert, laid out his concerns Tuesday in open session before the Senate Armed Services Subcommittee on Cybersecurity on the U.S. Department of Defense’s role in safeguarding democratic elections from foreign interference.

He expanded more on the nation’s cyberthreats and strategies to counter them in his keynote address at the U.S. Cyber Command’s first Strategy Symposium, held Thursday at the National Defense University where he spoke on “Cyber Persistence: The new seam in 21st century security dynamics.”

“We have a big picture problem,” Harknett cautioned during his testimony before the subcommittee, which focused much of its discussion on Russian interference in the 2016 election and threats of Moscow’s ongoing efforts to target this year’s midterm elections.   

“With regard to the integrity of our elections, we’ve effectively left civilians, whose main focus is not security, on the frontlines. That is not a recipe for success,” he said.

  • Read Harknett’s prepared remarks to the U.S. Senate Armed Services Subcommittee on Cybersecurity

Harknett was one of four witnesses invited to testify before the subcommittee to help guide it as it explores vulnerabilities that were exploited in the 2016 election cycle, exposed by Russian efforts to hack political institutions and U.S. elections, as well as Russian efforts to manipulate social media and probe local systems and the risk of democratic institutions to future foreign intrusion.

 

 

That the subcommittee sought out UC’s Harknett, one of the world’s leading online security experts, comes as little surprise. The savvy political scientist has spent more than 25 years researching and advising senior government officials on how to protect against and deter threats, both real-world and cyber, in an interconnected world.  

Harknett’s impressive resume includes cybersecurity briefings at the White House, Pentagon, U.S. State Department and Great Britain’s No. 10 Downing St. In the 1990s, he advised the Clinton administration on the development of critical cyber infrastructure before being appointed to Ohio’s Cybersecurity, Education, and Economic Development Council.

In 2016, Harknett became the first scholar-in-residence for U.S. Cyber Command, an initiative of the Department of Defense, where he interacted with top American military and intelligence leaders to improve the nation’s cybersecurity policies. The following year, he served as U.S.-U.K. Fulbright Scholar in Cyber Security at the University of Oxford.

Harknett most recently returned from a three-country tour where he spoke on cybersecurity and government topics to the Royal War Studies Society at the Dutch Ministry of Defence, on the “Changing Character of War” at Oxford University and in briefings with the office of the president of Slovenia.  

 

Below are excerpts from Harknett’s testimony before the Senate Armed Services cybersecurity subcommittee:

 

 

On the new ‘seam’ in 21st security dynamics:

Our adversaries are working through a new seam in international politics. Cyberspace is that seam.  Its unique characteristics have created a strategic environment in which our national sources of power can be exposed without having to violate traditional territorial integrity through war.

What we’ve been witnessing are not hacks. They’re not thefts. It’s not even simple espionage. What we must accept is the fact that we are facing comprehensive, strategic campaigns to undermine our national sources of power, be they economic, social, political or military.  We must develop a counter-strategic campaign to protect those sources that has, at its overall objective, a more secure, stable interoperable and global cyberspace.

 

On a new theory ‘cyber persistence’:

We must adopt a seamless strategy of what I call “cyber persistence” in which our objective is to seize and maintain the initiative. Our immediate objective must be to first erode the confidence adversaries now have in their ability to achieve and enable objectives. They are very confident. Second, we have to erode their confidence in their own capabilities. And third, we must erode those capabilities themselves.

This is a wrestling match in which we have to grapple with who actually has the initiative being one step ahead in both knowledge and action. If we do not adjust to this reality, our national sources of power will remain exposed and more of those who wish to contest our power will pour into this seam.

I don’t know why we are according or why we should accord First Amendment rights to bots. It’s not a free speech issue.

‒ Richard Harknett

Sen. Mike Rounds (R-S.D.):  “You’ve called for a strategy of cyber persistence… How would your strategy calling for persistent engagement apply in the Russian meddling of our election?”

Let’s think about the Internet Research Agency. We know about this center in St. Petersburg. We know that it controls a series of automated bots that are driving particularly well-conceived operations that are meant to be divisive. I don’t know why we are according or why we should accord First Amendment rights to bots. It’s not a free speech issue.

If we have evidence of foreign manipulation, technical manipulation, of the social media space, that’s not what the American people actually understand is coming at them. They think this is a majoritarian aggregator, trending. If that trend is being driven by automated foreign intrusion, that is not an issue over free speech. That is an issue of direct foreign manipulation.

We need to have the reconnaissance. That is what persistence enables you to do… We need to move at the speed of relevance. If, in fact, those bots are hitting us in a particular trend that is meant to be divisive, we should have the capacity to at least disrupt, if not disable, that capacity.

 

Sen. Bill Nelson (D-Fla.) “You have said that 2016 was the Stone Age compared to what’s going to happen, so you want to trace what you think will happen?”

Technologically, I’ll give you one example, senator.  My concern with regard to leveraging artificial intelligence and machine learning.  ...within the next 16 months, I’m going to be able to take you and put you in a video in which you are saying something that you never said in a place in that you’ve never been, and you are not going to be able to authenticate that you had not done that and not been there. Just think about that as a tool for an adversary who wants to engage in disruptive social cohesion types of campaigns. That’s around the corner.  

 


On Facebook and Google’s responsibilities in regards to disinformation and propaganda campaigns involving bots and fake accounts on their sites…

I think we have to move away from a partnership model… the problem is that partnerships require shared interest…. The private sector has a very specific interest: profit-making.  The state has a very specific interest: security-providing.  We should recognize and grant that they have a different interest.  So, we need to move this to an alignment model: How do we structure incentives within the marketplace for them to achieve their primary objective, which is profit-making, while producing an effect that the state requires, which is enhanced security.

 

How would you recommend Cyber Command change their operations?

It’s important to expand this notion of defending forward. This is not a space in which time and geography is leverageable for defense. The frontlines are everywhere. Our general approach has been to defend at our borders, at our network, which actually means that we start defending after the first breach, and we are already playing catch-up. It’s all about anticipation. We have to be able to anticipate the exploitation of our vulnerabilities. We’re not defending forward in cyberspace.





harknett

UC political scientist Richard Harknett has more than 25 years experience advising senior government officials how to protect against national threats. Credit: UC Creative Services

 

 

 

Become a Bearcat

Learn more about how UC's undergraduate and graduate programs in Political Science, Information Technology and its Cybersececurity Certificate program are preparing graduates for careers that have a national impact and global reach, or explore other degrees and programs. Tour the campus and apply today.