with Tonya Riley


What will be the biggest cybersecurity story of the year? You hardly have to ask.

The 2020 election probably is the most anticipated event in U.S. history when it comes to digital security.

Russia’s hacking and disinformation campaign to interfere in the last presidential election shook the nation’s confidence in the U.S. democratic process and rocketed cybersecurity into the mainstream of Washington’s political life. 

Top questions now are not just when but how Russia will try to interfere in the approaching presidential election and whether it will be emboldened by the fact it has yet to face any significant consequences — and, of course, whether other U.S. adversaries will jump into the fray.

“Nobody has really punished them for it and the reality is our adversaries are constantly pushing the envelope,” John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye, told me. “They see what they can get away with and then they push the envelope again.”

If the election concludes without a security disaster that compromises the results or undermines public confidence in them, that will be a victory for solid planning, education and more than $900 million spent on digital election defense since 2016. If it’s disrupted, however, it will be a drastic blow to faith in democracy and to the idea the United States can set any red lines in cyberspace that our adversaries won’t cross.

“If [someone] successfully interferes in our election again, it will call the entire security of the democratic enterprise into question,” Betsy Cooper, director of the Aspen Institute’s Tech Policy Hub and a former Homeland Security Department cybersecurity official, told me.

“Another major episode of election interference could be spirit-shattering, particularly if it is seen as tipping the balance in a close election” and could cause a surge of “the kind of political cynicism common in corrupt states or flawed democracies,” said Jon Bateman, a Cyber Policy Initiative fellow at the Carnegie Endowment for International Peace and a former Pentagon cybersecurity official.

U.S. intelligence and law enforcement agencies are already warning that China and Iran are eager to undermine the 2020 contest. “What Russia did in 2016 turned a lightbulb on in some other nations’ heads about what they could do,” Robert Silvers, a former top DHS cybersecurity official who’s now an attorney at the law firm Paul Hastings, told me. “It’s pretty cheap and relatively easy, so it’s going to get more crowded.”

Here are three other big cybersecurity storylines to watch in 2020:

Hackers seeking to disrupt the election might not wait until November -- and neither are those defending against the threats. 

Hackers could try to manipulate election systems to sow chaos during the Democratic primaries and caucuses and to raise questions about whether the correct candidate was declared the winner of a race. And they could launch disinformation campaigns to sow dissent between progressive and moderate wings of the Democratic party. 

Defenders are also working before Election Day, though, including state and local officials who will be piloting new voting machines and cybersecurity testing regimes during the primaries and caucuses — some of them paid for with $425 million Congress appropriated in December.

DHS’s cybersecurity division will also be running online war rooms for local officials during all the primaries and caucuses and will be running a full rapid-response team with participants from federal agencies and tech companies on Super Tuesday and the November elections.

“Since 2016, the focus and level of resource and intense effort on the federal government's part to support those state and local [election offices] has increased exponentially,” Matt Masterson, DHS’s senior adviser on election security, told me. “The understanding of the risks and threat is at an all-time high.”

Iran is taking the reins off in cyberspace. 

Government and industry leaders are starting the year on high alert for Iranian cyberattacks retaliating for a U.S. military strike that killed a top Iranian official. And with the conflict between the nations reaching its hottest point in years, they’re worried those attacks could cross dangerous boundaries causing massive financial damage or even ending lives. 

“We’re in uncharted territory here for so many reasons,” Jeff Kosseff, an assistant professor of cybersecurity law at the United States Naval Academy, told me. 

If Iran crosses those red lines, the Trump administration will have to face some hard policy decisions about whether it will also cross boundaries in cyberspace and at what point a cyberattack merits a conventional military response. 

“Up to this point, we’ve done a lot of hemming and hawing about what cyber actions would trigger a [conventional military] response, but it’s been a lot of hypotheticals,” Jake Williams, a former NSA hacker and founder of the cybersecurity company Rendition Infosec, told me. “We don’t have a playbook for this.”

China is racing ahead in 5G and more. 

The big China story for cybersecurity watchers in 2019 was the U.S. effort to prevent the telecom giant Huawei from taking a leading position in super-fast next-generation telecommunications networks, which officials feared would allow Beijing to increase its spying on Western governments and companies. 

In 2020 get ready for a far broader battle across a range of emerging technologies, including artificial intelligence and quantum computing, that will determine who controls the future of the Internet — and how secure it is. 

“The single nation that could be a genuine game changer for the U.S., without a doubt, is China,” Frank Cilluffo, a former White House cybersecurity official during the George W. Bush administration and director of Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security, told me. “They’re much more strategic than us and they’re playing a long game.”


PINGED: DHS is encouraging businesses to evaluate their digital defenses amid threats of Iranian cyberattacks. Iran might launch destructive cyberattacks against companies in the finance, energy and telecommunications sectors, the agency warned in a fact sheet released yesterday.

A DHS-affiliated group that shares cybersecurity threat information with state and local governments is also warning officials to be on the lookout for suspicious computer network activity, according to an alert obtained by Benjamin Freed at StateScoop

Top cybersecurity firms are offering up similar advice.

McAfee’s Chief Technology Officer Steve Grobman warned about “cyber warfare campaigns to inflict significant damage or disruption” and urged companies to fortify their digital security.

The cybersecurity firm CrowdStrike warned that organizations in the defense, government, and oil and gas sectors are also likely targets.


PATCHED: Google has reinstated a popular messaging app to its app store despite concerns it could be a a spying tool for the United Arab Emirates, Joseph Cox at Motherboard reports. Google removed the app, ToTok, after a New York Times investigation revealed it could potentially allow the Emirati government to access the messages, contacts and locations of millions of unsuspecting users.

A classified U.S. intelligence assessment and a technical analysis by the Times connected the firm behind the app to a company likely associated with DarkMatter, a controversial Emirati hacking firm, according to the Times report.

Google told Times reporters last month that the app violated unspecified policies. Apple, which also removed the app as a result of the Times investigation, is still investigating it. 

ToTok has vehemently denied allegations of spying.

PWNED: Rudy Giuliani did little work on cybersecurity during the year he spent as an informal cybersecurity adviser to the White House before becoming President Trump's personal lawyer and never filled out ethics paperwork to ensure he wasn't unfairly profiting from the position, Tal Kopan at the San Francisco Chronicle reports

The former New York City mayor wasn’t paid for the advisory role so wasn’t required to fill out the forms — but that also means it’s unclear whether he was using the position to boost his business as chairman of cybersecurity at the Greenberg Traurig law firm or at his own advisory company.

Giuliani was tasked with serving as a liaison between the private sector and the White House on cybersecurity issues. But White House sources say he did little to engage them on the subject and was not significantly involved in a major cybersecurity presidential order the White House released during his tenure, Tal reports. 


— Cybersecurity news from the public sector:


— Cybersecurity news from the private sector:


— Cybersecurity news from abroad:


— Today:

  • The Council on Foreign Relations will host a conversation with Sen. Angus King (I-Maine)  and Rep. Mike Gallagher (R-Wisc.) on Great Power Competition and Cyber Conflict at 11:15 am.

Coming up:

  • The Committee on House Administration will hold a hearing entitled “2020 Election Security - Perspectives from Voting System Vendors and Experts” at 10 a.m. on Thursday.
  • The U.S. Election Assistance Commission (EAC) will host an all-day summit on Jan. 14 addressing preparations for the 2020 elections at the National Press Club.