For those interested in how foreign adversaries are meddling in U.S. elections with social media, there is a recent must-read paper from the NDN Think Tank: A Primer on Social Media Bots And Their Malicious Use In U.S. Politics authored by Tim Chambers of the Dewey Square Group. This report is the definitive work about:

 

The transport layer of weaponized social media content used for political purposes.

The methods work for any kind of content, whether preaching to the choir, or intentional distortion of real political events, or outright lies. Probably the most illuminating aspect of the report is the explanation of how any single blob of content gets its reputation burnished. It’s not just disinformation campaigns where the goal is to get the content widely heard or seen. It’s that, plus getting the content normalized by the support of large numbers of people. And here is the really clever bit: the content is liked/re-tweeted/etc by large numbers of who turn out not to exist including some bot-people with an (invented) impressive following or reputation.

This approach is a key part of the new information operations, and the chilling thing for me is how these info-ops are already part of current politics and electioneering, just adjacent to the actual administration and operation of elections. Since our focus is on innovative technology for election administration and operations, I have to be concerned with how election technology can be damaged by the new info-ops.

I can see adversaries revving this engine to attack U.S. elections at the level of basic trust, in contrast to the operational attacks that are the current focus of election hacking FUD.  When I started in the cyber aspect of critical infrastructure protection in early 2001, we worried about “cyber-physical” attacks, where a cyber attack would magnify a physical attack on physical infrastructure.

At the Intersection of Social Hacking & Election Administration

Now we also need to address the much more insidious and diffuse threat of cyber-social attack, where a publicly visible cyber attack on election infrastructure is performed to provide the starter fluid for bot-based information operations intended to undermine belief in election outcomes and potentially de-legitimize an election. I’m talking about malevolent technology plus social media being a machine where cyber-ops are used to intentionally create a publicly visible mole-hill, which info ops then turn into a political mountain.

A scary thought.

For myself and our work it underlines the need for election infrastructure that is publicly, demonstrably, ground-up strong against cyber-ops. With the weak and architecturally flawed election technology we have today, any claim about an election technology hack, even a completely spurious one, is just too credible by default. The readiness of election technology to buttress or reject digital attack we are addressing, but the cyber-social threat to elections requires its own focused effort as well; to my understanding the work of projects like the Belfer Center’s Defending Digital Democracy is an important step in the right direction.  Reading Chamber‘s paper on social media bots should be an early step of that effort.

— EJS