AP NEWS

Pitt cyber institute to study state election security

March 15, 2018
David Sanger, a journalist for the New York Times, and David Hickton, head of University of Pittsburgh Institute for Cyber Law, Policy, and Security, talk about cyber warfare during a lunch featuring Sanger and organized by the institute Wednesday, Feb. 21, 2018 at Pitt's University Club.

Americans don’t have to choose between digital election and voting technology and security, David Hickton, head of the University of Pittsburgh Institute for Cyber Law, Policy and Security, said Wednesday.

Hickton, a former U.S. Attorney for the Western District of Pennsylvania, said concerns about cyberattacks during the 2016 election shouldn’t force states like Pennsylvania to go back to paper ballots.

“We can have both,” Hickton said about digital voting and security. “We just need to plot the path.”

Pitt Cyber will soon start a project on elections. The institute’s goal is to come up with suggestions to improve Pennsylvania’s election security.

Hickton said he agreed with Gov. Tom Wolf’s order this month that all new voting machines must have a paper trail but said more can be done. Hickton mentioned the upcoming project Wednesday during a discussion about cyber warfare with New York Times journalist David E. Sanger.

Sanger called Russia’s meddling in the 2016 elections a sophisticated attack. Russian hackers stole hundreds of thousands of emails and other sensitive information from a server at the Democratic National Committee without ever entering the country, Sanger said.

The indictment filed last week against thirteen Russians for interfering in the election showed that the attack began in 2014, before Donald Trump announced his presidential candidacy, and evolved over time.

“Did this swing the election?” Sanger asked. “We’ll probably never know.”

Cyberattacks have evolved into the primary way nations confront and sabotage each other, inflicting enough damage to leave a mark but avoiding large-scale retaliation, Sanger said.

If America does attack North Korea, to “bloody its nose,” Sanger said, it will likely strike first with cyber.

“It’s not going to be with dropped bombs,” Sanger predicted during his talk.

Sanger, a three-time Pulitzer Prize winner whose reporting has focused on the threats cyberattacks pose to the United States and how America is using cyber warfare abroad, said the world is only 10 years into the military uses of cyberattacks. He used the adoption of the airplane as an analogy. The Wright brothers first demonstrated their airplane to the military in 1908. Ten years later, there were thousands of aircraft in the sky and their destructive power was just starting to be realized. Aircraft that could drop bombs followed.

Not 30 years later, on Aug. 6, 1945, the Enola Gay, a B-29 airplane, became the first aircraft to drop an atomic bomb, which destroyed the Japanese city of Hiroshima.

Sanger’s point was that a lot can happen in a short period time.

“To stand here today and claim with confidence what kind of destructive power it has would be foolish,” Sanger said of cyber weapons.

Hickton, who brought charges against several member of the Chinese military for hacking and stealing intellectual property from U.S. companies, including some in the Pittsburgh area, asked Sanger what could be done to stop cyber intrusions. In terms of election interference, requiring political ads on Facebook and other social media to adhere to the same rules as traditional political advertising on television is a start, Sanger said.

Stopping overall cyber attacks will take retaliation by the United States, Sanger said. He said Hickton’s indictments against the Chinese helped curb Chinese hacking of U.S. businesses. The United States took no action after attacks from Iran and North Korea, Sanger said.

“This cannot be a free-fire zone,” Sanger said. “People who do this need to know there are consequences.”

Aaron Aupperlee is a Tribune-Review staff writer. Reach him at aaupperlee@tribweb.com, 412-336-8448 or via Twitter @tinynotebook.