Recent history is replete with positive and negative examples of what can happen to a democratic society when the advancement of technology outpaces regulatory momentum.Not since the advent of the printing press have democracies seen such a foundational shift in the way citizens and state actors engage with the electoral process. Combine that with the hyper-polarized nature of our modern body politic and you have a recipe for disaster, or is it a recipe for hope? Depends on who you ask.
In the case of the so-called “Arab Spring” of late 2010, technology platforms such as Twitter allowed 10s of thousands to organize outside of the tightly controlled communication channels in Tunisia, much to President Zine El Abidine Ben Ali’s dismay. More recently in the U.K., Pro-Brexit campaigners took advantage of high tech organizing strategies to micro-target the individual voter and flip the table of the European order. Those same companies went on to enter the collective mind of the United States and help propel a former reality TV host to the White House.
The media coverage around these high-tech antics has mostly centered around the negative effects, but these advanced tool sets can be looked at in another way. One could even argue they must be looked at in another way if the average citizen is ever going to have a chance to keep up. Millions of dollars from an international bipartisan buffet of political operations have been pouring into sophisticated marketing campaigns usually only commissioned by major brands and big-box chains. The societal anxiety over the sway marketers have on our youth and on our culture isn’t itself new, but the advanced nature of the threat landscape is. The key technological advancement of this threat is the application of modern marketing tools to the political world, in many cases for the first time.
Will the resistance to these digital weapons of mass destruction be born out of the fight for human rights and democratic freedoms, or the ages-old entrenched technology oligarchs co-opting yet another resistance movement and branding it progress?
I sat down with Vasu Jakkal, EVP and CMO of FireEye to find out.
What tools are cyber security companies using to keep up with the emergent threat of digital weapons of mass destruction?
As the virtual and physical worlds blend and the connection between technology and biology deepens, the consequences of cyber-attacks become graver. If it can be connected to the internet, it can be potentially hacked – from the tiniest of wearable devices to major industrial control systems. In particular, there are a few vulnerable areas that, if attackers went after them, could cause widespread disruption, including the electric grid, nuclear safety, aviation, hospitals, and other critical infrastructure.
At FireEye, we believe that to protect these targets against cyber threats technology alone is not enough – you need people and technology working seamlessly together detecting, preventing and responding to cyber-attacks. Cybersecurity is a cat and mouse game, and as the rules of engagement rapidly change you need analysts and experts on the frontlines, equipped with the best cybersecurity tools and aided by machine intelligence and automation. In turn, these experts need to continuously integrate the frontline knowledge back into these security tools, forming a tight innovation loop. Additionally, you need community collaboration – such as rapid sharing of the most up-to-date threat intelligence, both from private vendors like FireEye, which publicly releases a significant amount of threat research, malware analysis and indicators every year and from less sensitive public sources provided by ISACs (Information Sharing and Analysis Centres) and other sharing environments. Rapid collaboration combined with state of art technology and rockstar security professionals that have been empowered to protect and defend –now that’s a tough combination to beat.
With so many variables in this space, it can be easy to miss the important developments, what emerging threat has everyone missed?
I think the public knows that there are social media campaigns, from both malicious actors and benign ones, with the aim of altering perceptions around political or religious issues. It took several years, but eventually many people became aware of our research on these threats. But we also see examples of criminals trying to alter legitimate data, and I don’t think people really have thought about that yet. It’s one thing to see a fake news story and be aware of the risks, but it’s another to worry about data manipulation changes that impact your real bank statement or health records, for instance.
“Cyber threats to the integrity of trusted, legitimate data are going to be a real challenge in the years ahead.”
We can’t always wait for politicians to catch up with coders. What can be done to enshrine greater protection of our democratic processes and systems at the binary code level?
I think governments have done a good job of protecting the actual voting equipment and official websites, along with informing the public about the risks of foreign information operations campaigns. We’ve gotten better at that every year, working in partnership between the public sector, FireEye, and other private experts. But in the future, we might see individual politicians targeted, or more foreign influence campaigns that go after local officials rather than national elections. It’s a race to see if the techniques, information sharing, and best technology that have protected national campaigns in Europe and North America can also make their way to protecting smaller races that are also crucial to democracy.