Lawfare Daily: How CISA Is Working to Protect the Election

[Intro]

Cait Conley: The objectives of these influence operations by all actors remain the same. And there's two narratives that they are really pushing through every means available. The first is to undermine American public confidence in our democratic institutions. And the second is to sow partisan discord.

Quinta Jurecic: It's the Lawfare Podcast. I'm Quinta Jurecic, Senior Editor at Lawfare, and together with my fellow Senior Editor, Eugenia Lostri, I sat down with Cait Conley, senior advisor to the director at the Cybersecurity and Infrastructure Security Agency, also known as CISA.

Cait Conley: Our adversaries may absolutely try to leverage narratives that will lead to violence. We've already seen how threats and violence targeting election officials manifested after 2020 and continue to. We have to be better than that. We have to say, this is not who we are as a nation. Not in America.

Quinta Jurecic: Today, we're talking about how CISA has been working to protect election security, as the clock ticks down until Election Day.

[Main Podcast]

So we're talking to you almost exactly a week out from Election Day 2024. How does CISA understand the landscape right now? What are things looking like from your perspective?

Cait Conley: Thanks so much. And yeah, this year has certainly blown by. And a large part of that is due to the amount of work that we have been doing at CISA with the election stakeholder community. And just for some folks, who may not be as familiar with who CISA is, or the role we play. So, after Russian attempts to interfere and influence the 2016 presidential election, in January of 2017, the Department of Homeland Security designated election infrastructure as a subsector of critical infrastructure, and thus brought with it additional federal resourcing and support to this sector.

And with that, CISA, the Cybersecurity and Infrastructure Security Agency within DHS, was designated as the federal government lead to work with the election infrastructure community. So that's state and local election officials, as well as election vendors, to help ensure the security and resilience of our democratic institutions, and specifically our election infrastructure.

And per the Constitution, you know, states are responsible for administering elections. The role that we, as part of the federal government, play are really in support of their efforts, right? Enabling those who are on the front lines, administering, managing, securing our democratic process to have the resources and tools that they need to be successful.

And I have to tell you, as just someone who's been in this space for the past 7 years, the amount of progress we have seen and investment by the election infrastructure community, especially state and local election officials, has really been incredible. The resourcing and time and just tireless efforts that they have committed to really even further strengthening the cyber and physical security of our election infrastructure and ensuring their preparedness has been both impressive and inspiring to watch and to be part of.

And so when we look at the 2024 threat landscape and what we're seeing for this cycle. It is the most complex threat landscape we have seen for an election cycle. But we are also entering in a period of time where our election infrastructure is more secure than it's ever been and the election community is more prepared than ever. And that's why we have a lot of confidence going in, while certainly not being complacent about the risks we face.

Eugenia Lostri: So, Cait, you mentioned that this is a very complex environment that you're facing, and I'm curious if you could maybe tell us a little bit more about what you've seen change, right? Like, what is different now than it was in 2020, 2016, and how are changing your approach in order to face this fractured information environment?

Cait Conley: Yeah, and so one of the things I'd start with is when we talked about the complexity of this threat environment, I put it into a few different bins. And they all interrelate, and I think that's why it's really important to understand all of it, right? Because this is something that the election security community has to navigate in totality. And I think what we are seeing here, to use a more military term, is, you know, inter-domain operations or cross-domain operations, where we have malicious actors conducting activities in one domain, like cyber, to enable another activity in a second domain like informations. So using a cyber activity or a cyber event to thus drive or inform an influence operation. And that influence operation may actually be trying to foster effects in the physical domain. And so, you see how all of this is interrelated, and unfortunately we've seen how this has manifested just this year.

So I'll start with the physical side, where, you know, largely following unfounded claims that the 2020 election was rigged and did not reflect the will of the American people, we saw a significant uptick in threats, both threats of violence and targeted harassment, towards election officials of both parties and their families following 2020 over the past several years.

In addition to that, we've seen cyber activity targeting those individuals, whether it's things like doxing, or utilizing that type of activity or information to then fuel influence operations targeting these folks, really at an unprecedented scale that has put a tremendous amount of pressure on this community, and unfortunately forced quite a few departures in the years immediately after 2020.

And so this year we've seen that continue to evolve where the types of physical threats that we're seeing against the election community have manifested as things like swatting attacks at the homes of chief election officials, putting at risk them, their families, and first responders. We've seen bomb hoaxes called into government facilities to include election offices. We've also seen hazardous substances, like fentanyl, sent deliberately to election officials, targeting them, looking to disrupt election operations at election offices and intimidate election officials.

And so when we look at, you know, the, physical threat landscape and what election officials are facing, it's really important to understand that. And that's been a big part of what CISA has done too this cycle, is we have increased the number of resources that we've made available to this community to help them with ensuring their physical security and preparedness for these types of incidents, both at election offices and polling locations.

But we've done things like conduct physical security assessments of election offices. Since January 2023, we've conducted nearly 1,200 physical security assessments of election facilities in the United States. We've also done things like exercises where we've rehearsed these scenarios as well as others with election officials and how they would respond.

But then let's carry over to the cyber domain. I talked a little bit about how some of the cyber activities like doxing are actually involved in some of the physical threats. But then we have just the routine, more routine and more regular, or traditional cyber threats themselves. We continue to see state and local election offices as well as election vendors targeted by some of the more typical cyber threats out there. Things like ransomware. Things like distributed denial of service attacks.

And so we have worked extensively with the election community to really raise the bar on their cyber security and their preparedness, both in terms of defensive measures, but as well as in terms of resilience. And so, you know, there's again been tremendous investment and progress thanks to the prioritization of cyber security, largely coming out of 2016 by this community and that's at the local, state, and federal level.

And so, then we lead into the information domain and. Really, again, what we are seeing this cycle, the scope and scale of foreign aligned influence operations targeting our elections is at a greater level than we've seen in any prior cycle. And so, you know, when we talk about who and how, the Office of the Director of National Intelligence puts out their annual threat assessments. And they've said that over the past several cycles, we've seen a growing and more diverse array of foreign actors involved in this space, looking to especially influence American elections, but also explore interference.

You know, what we have really seen this cycle in terms of influence operations by Russia, by Iran, by China has been substantial. And while the tactics they use have varied, the objectives of these influence operations by all actors remain the same. And there's two narratives that they are really pushing through every means available. The first is to undermine American public confidence in our democratic institutions, and the second is to sow partisan discord.

And so, when you take all of that in totality, on top of asking election officials to go out and be experts in election administration, you can see the weight of what we are asking these folks to take on. And that's why we do truly say that defending democracy is a team sport, and why we at CISA, as the federal government leader, are so proud to stand shoulder to shoulder with these frontline defenders as they take on this no fail and incredibly important mission.

Quinta Jurecic: I'd love to ask you a little bit about how CISA is engaging with election officials in addressing this question of foreign influence. So you mentioned you're providing support on the cybersecurity front. You're providing support on the physical security front. What does it look like from your perspective in terms of how you're engaging with, you know, local election officials who are suddenly dealing with what might well be a foreign influence attempt to decrease confidence in elections?

Cait Conley: So, first I want to give a tremendous credit to the CISA field force. So CISA has teammates across the country in all states and territories who live there, work there, many of whom come from there, are part of those communities and have been for years, who are now our representatives out there serving as cybersecurity advisors, physical security advisors.

And then most recently last year, recognizing the challenges in terms of election security, and the nuance and complexity and election administration and election infrastructure security. We actually hired 10 election security advisors, one for each of the 10 regions that we break the country into. And these folks are former election officials at the state and county level, or they’re former election infrastructure or election IT specialists. They bring over 210 years of combined experience in this space and really have been incredible leaders in this space in the years that they were in public service prior to.

Many are former state election directors or former Secretary of State CISOs. So, tremendous, tremendous experience in leading administration and security in this space. And they've really helped us understand what tools are most effective, what resources are most effective to this community for them to be able to utilize, because guidance is not good if it's just words on paper that no one can do anything about, right? It's how do we provide guidance that is actionable and really helps those who need to take the action do so and move the needle on risk mitigation.

And so the way we've approached mitigating the threat of foreign influence operations and disinformation this election cycle is different than prior election cycles, because the information environment for this election cycle is so different. You know, the information environment in 2024 is more fragmented than prior cycles. There's more platforms, more methods of engagement. We see that foreign influence operations are not even just targeting social media platforms and those arrays, but also messaging applications and chat channels. And so, when we talk about how many players are out there, in the different ways for engagement, we have to approach this differently. And especially when we recognize the scope and scale of these information operations campaigns that our adversaries can and are conducting, especially enabled by generative AI capabilities that just enable the scope and scale at, greater magnitudes than prior.

And so the way we've looked at this is really through three different ways. So, one, informing the stakeholder community about the tactics that we've seen our foreign adversaries utilize in their disinformation campaigns or their influence operations. And in April we led the development of a security guidance document. We were joined by our FBI and our ODNI colleagues and the authorship of that talk about the different tactics we have seen foreign adversaries user for the past two years in these types of influence operations.

In addition to that, over the past several months, CISA has partnered with the FBI to do a series of public service announcements in which we're not just trying to educate the election security community, but also the American people about these tactics that we have seen. And the examples there that we drew on in the four were look, you could see a Russian influence campaign trying to undermine American confidence in the security of election infrastructure by alleging that a distributed denial of service attack against an election night reporting page changed the results, right? Or that a ransomware attack against the county election office somehow impacted the vote casting or tabulating systems.

Like all of these things where if you actually understand the technology and the processes, you realize there's nothing there, right? A DDoS attack or a ransomware attack is not actually going to impact the security or integrity of vote casting or counting. But our adversaries may try to convince you otherwise, and so to be aware of those tactics and the things we've seen them do in the past are likely to manifest again this year. And so as we looked at the different tactics as well, we wanted to make sure the American people understood the different mediums that they could be engaged on.

And so our most recent publication with FBI was two Fridays ago now, where we highlighted their utilization of commercial and public relations firms to really hide their hand. We put down, I think it was over 300 websites that we've seen utilized in some of these campaigns, and I can talk more about that too, in terms of the details there. But so, bringing to light a greater understanding of the tactics that are employed has been one way.

The other way has really been through training and rehearsals with the election community to make sure they are ready and prepared to face these types of events. And we do that predominantly through targeted training events, but also through tabletop exercises. So, since January of 2023, CISA has conducted over 180 tabletop exercises across the country and nearly 500 trainings. In total, we're reaching tens of thousands of election stakeholders, walking through the different types of incidents that they may encounter from physical, cyber, to foreign influence operations and most importantly, how they respond.

And the last thing we've really been focused on, so, if one is information sharing, two is training and preparedness, the third is encouraging best practices for post-security incident communication. And so we've actually put out two communications guides this year for the election infrastructure security community. One on how to build out a broader public communications plan to help enhance trust and confidence in election security by showing the work that's been done.

And then the second is really helping election stakeholders understand how to communicate during an incident response. Because when you talk about in 2024, what is the best mitigation to these influence operations: it's communication, it's transparency, it's having trusted authoritative sources come out with the facts, and understand that, or have the American public understand that, in, in this incredibly fractured information environment, where you were getting flooded with information a thousand different ways, that this signal through all of that noise, is your state and local election official, right? They are the trusted sources of information for election administration. And that's where you need to go to.

Quinta Jurecic: So we actually had a great example of this recently. Listeners might have seen, there was a video circulating that purported to show someone ripping up ballots that had been cast for former President Trump in Bucks County, Pennsylvania. And the Bucks County GOP put out a tweet essentially saying, you know, this isn't true providing information. And then the next day we got a joint statement from ODNI, FBI and CISA sort of weighing in on that as well and indicating that it had been part of a Russian effort to sow distrust.

I think that is a useful way of kind of framing what you're talking about, how it works in practice. I'm wondering if you could talk about what that looked like to you from the inside and how it shows how you all are thinking about this.

Cait Conley: Yeah, tremendous credit to the Bucks County Board of Elections and the election officials there and in the state of Pennsylvania under the leadership of Secretary of State Al Schmidt. Their ability to quickly respond in a bipartisan manner to ensure that their voters had the accurate information and understanding is a perfect example of, what is effective at fighting back in this, you know, countering foreign influence space.

And, you know, I think it's also a great example of when we say election security is national security, that's exactly why. Here you see Russian efforts to undermine the American public's confidence, and specifically voters of that county's confidence and the security and integrity of their process. And to stoke partisan discord. Right? Like, that example is a perfect highlight of the two objectives that our adversaries are doubling down on every chance they can get.

And I think this plays into the larger picture of what we've continued to see coming out of Russian, especially, influence operations, but also Iranian and Chinese, which is: they will find topics that they know are divisive. That they will deliberately utilize and weaponize to pit Americans against each other. We've seen that with them pursuing topics like non-citizen voting and saying that is an issue. We've seen it with deceased voting. We've seen it with voter fraud. These are all topics that we've seen Russian influence campaigns seize on and then try to promote both in social media as well as through the establishment of either websites spoofing legitimate media institutions or creating their own.

And I think this is a really important example of some of the tactics we're seeing manifest. And, you know, it's something we also tried to highlight in the public service announcement with the FBI a couple weeks ago, where there has been so much effort this cycle by Russia, Iran, China, to hide their hand behind these campaigns, because they know the more authentic it seems, the more traction it's likely to get. And so, they've done things like hire commercial and public relations firms to propagate these narratives. They've hired witting and unwitting influencers to be those who are actually pushing out these narratives. They've done things like create what's called cybersquatting sites where, they utilize cybersquatting as a tactic, where essentially they make a website that looks like the real one, but is slightly off in order to impersonate it.

So an example that we saw over the past several months has been both the Washington Post and Fox News, where they've created these websites purporting to be the authentic media outlets, impersonating them, and then filling that website with articles that just espouse the Russian information narrative. And so, a viewer may not even realize they're not on the real website because one of the additional tactics we've seen is through targeted media ads, as well as utilizing fake personas to actually push targeted messages out to the desired audience with these shortened URLs or website names, where folks don't even realize what they're clicking is not the authentic website. It looks like it is. And then when they go there, what they see mimics the actual website. And so it's getting harder and harder to tell what is fake from what is real because of the sophistication of these campaigns, which is why we really want to draw awareness to the sophistication of the tactics we're facing this year.

And we've seen our adversaries even look at really deliberate, localized, or regional targeting of these efforts to specific users, trying to influence the views of individuals in key areas. You know, the Department of Justice in early September released the indictment of two entities, or two RT employees associated with some of these campaigns, but also discussed the seizure of 32 domains associated with one of the larger Russian influence operations, the Nevers. And in that, you saw the complexity of what they were trying to achieve this year, but also the specific targeted nature to include focusing on certain battleground states, because they think that's where their campaigns could be most influential.

Eugenia Lostri: In the lead up to the election, I think a lot of ink has been spilled about the potential effects of AI and generative AI on the bucket of, you know, generating misinformation, but also on cybersecurity, right. So, two out of the three buckets that you've identified.

I'm curious how you've seen this actually, you know, apply in the real world, if AI has been used in a particularly new way to inform this new landscape that you described, if the threat is as exacerbated as some people were concerned. But I'm curious, not only about how the AI has been used, but by how effective it has been. You've described some sophisticated operations: are those actually reaching people that, you know, could be swayed?

Cait Conley: So I think we have certainly seen generative AI-enabled capabilities utilized in foreign influence operations. I believe it was July of this year, the Department of Justice also seized two domains associated with a larger RT influence operation that was leveraging a software known as Meliorator, which was this generative AI-enabled tool to develop personas and then craft both synthetic text and images to, again, really just leverage this bot farm to push their narratives and achieve the objectives of their influence operations. We've seen examples like that manifest.

On the cyber side, we've also seen the ability for this to really lower the bar for a malicious actor needing to know or have cyber skills in order to conduct nefarious cyber activity. And so, while generative AI has not introduced any fundamentally new risks to this election cycle, it has exacerbated those in the foreign influence operation and disinformation space and the cyber domain.

I think the really good news on the cyber domain is we, again, going back to the beginning of the conversation, we have made so much progress with the election security community in this space that when you look at the state of election infrastructure security in 2024, it is more secure and more resilient than it has ever been. And I think it's really important to unpack what we mean when we say that. So, when we're talking about why we have such confidence in election infrastructure, and specifically why we are so confident that a malicious actor could not at scale materially impact the outcome of the presidential election without detection, it's because of a few different things.

So first, for those who don't know, like, states each run elections differently. If you've seen one state's election, you've seen one state's election. And even within states, many jurisdictions do things differently too. So we're talking about different processes, different systems, different vendors. And so inherent to this diversity and decentralized nature is this tremendous resilience, right? Because you can't just impact one thing that will have this cascading effect across the nation.

So in addition to the diversity and decentralized nature, you also have layers upon layers of security measures, both cyber, physical, and procedural, that go into administering elections. So there are pre-election testing of systems, there's post-election day audits, and then when you look at the actual systems themselves, the machines that Americans use to vote on are not connected to the internet. So all of these are really important measures to ensure the security and resilience on the cyber side of our nation's infrastructure.

And I think the other really important fact in terms of a positive trend that we've seen, continue over numerous federal election cycles is the increasing number of paper records. So for the 2024 election, over 97% of registered voters in America live in jurisdictions where they will have a paper record that they can verify when they vote. So that's another really important step when it comes to confidence in the outcome of the election and the ability to count, recount, audit as necessary. So I think all of that is really what plays into why we have tremendous confidence, despite the fact that yes, generative AI capabilities have enabled threats to be greater this cycle than past or more sophisticated.

Quinta Jurecic: We also wanted to ask you about deepfakes specifically, which I think has been, kind of a, something that people have been pretty frightened about this election cycle. There were a lot of, you know, kind of the sky is falling articles that went around about how, you know, no one was going to know what was true, that kind of thing. I feel like I've seen increasing coverage of experts kind of saying, actually, you know, maybe it's not so bad.

So I'm curious what your perception is of the role that deepfakes have played or may be playing, and also to what extent you're seeing the effects of what I know some people, Bobby Chesney and Danielle Citron have called the Liar's Dividend, this idea that even if something isn't a deepfake, the fact that it could potentially have been a deepfake, works to, kind of, decrease trust in what people are seeing and hearing.

Cait Conley: So deepfakes, as you know, have been around well before generative AI was really injected into the mainstream. And we've had to deal with the threat posed by deepfakes for years, and so I think that's also the good news story here. It goes back to what we're seeing this cycle, while more complex, is not new. And we're just building upon years of defense and readiness to ensure the security and integrity of this election.

I would I want to point back to what we saw in January, where we had, I think, a really effective and compelling example of how even when this, more sophisticated technology is used, we can still push back and overcome. And so, if you remember in January, the day before the New Hampshire primary, a robocall came out purporting to be President Biden with the apparent intention of trying to influence Democratic voters to not turn out for the next day's presidential primary, and to save their vote for November.

Well, once those calls started happening and the New Hampshire Attorney General was alerted, John Formella, he went into immediate action, where he released a public statement saying we are aware of these calls, they are suspicious, they are under investigation, and for the voters of New Hampshire to not give any credence to the messages that are being conveyed. That for authoritative and accurate information about voting, to turn to their state's chief election official, Dave Scanlon, the Secretary of State, and his office, for the accurate information and for them to go out and vote that next day, you know, per their will and their choosing, but to disregard the information in the robocall.

So after the New Hampshire attorney general comes out with that press release, the New Hampshire Secretary of State Dave Scanlon, and his team, his Chief of Staff Dave Wang, they go into overdrive, right, in terms of retweeting that statement, getting out on every media outlet they can to ensure that the New Hampshire voters understood that this robocall was inaccurate, it's not true, it's under investigation. And here's the actual information New Hampshire voters needed to hear and to know.

And you know, I think the New Hampshire secretary of state has said that turnout that actually happened on the presidential primary was even higher than what he had projected, despite that robocall, and attempts at suppression. And so since then, you've also seen legal action taken against those who are responsible. You've also seen the FCC take action to hold the individual responsible accountable for their violations using the regulatory power there. And so I think that, yes, deepfakes are problematic. But we also have a range of tools that we can use to mitigate their impact, no matter how compelling they may be.

And I think last week in Bucks County, Pennsylvania is another great example where, again, election officials were faced with this and they overcame. Now it is our role as the federal government to support those efforts when we know a foreign adversary is behind them and to ensure that we are being as transparent as possible with the American people. And I think that's another really important highlight when we talk about what's different in 2024 than in prior cycles. In 2022, the Office of the Director of National Intelligence established the Foreign Malign Influence Center, which is really leading the U.S. government's intelligence efforts around this space and how adversaries are trying to undermine American national security interests.

In addition to that, this year, we have seen tremendous transparency by the federal government in this space, letting not just, again, the election security community, but the American people know about the threats against our democratic institutions and us as a society by our adversaries who are looking to, again, stoke domestic discord to further their own foreign policy objectives. And a reflection of this is since mid-summer, we've had six election threat updates from the director of national intelligence and her team, specifically talking about this. The four public servants announcements from CISA and the FBI, again, unpacking how some of these things may manifest and specifically the tactics we've seen.

So, I think, while deepfakes may be more compelling than ever, you know, we've also really ratcheted up the tools at our disposal to counter and to fight back. And I think again, the Department of Justice's actions this year with respect to disrupting some of these foreign influence networks and infrastructure and holding those responsible legally accountable is a reflection of, the federal government's not just going to talk about and illuminate. We'll do that, but we're also going to disrupt and deter.

Eugenia Lostri: I was struck by a particular use of deepfakes that was described in one of the CISA fact sheets that described the types of threats that we should all be aware ahead of the election. And it's maybe a use of deepfakes that doesn't really get you headlines, but it's the use of AI generated content. And, I'm quoting here, such as compromising deepfake videos that could be used to harass, impersonate, or delegitimize election officials. Have you seen that happen? And, you know, what is the advice or support that CISA can offer to someone who may be experiencing that?

Cait Conley: So we have not seen that manifest yet this cycle. We've predominantly seen those types of attacks focused around the process itself, or polarizing policy topics. And so we remain incredibly vigilant and recognize that could be a tactic that is, you know, in reserve and further employed.

I think a lot of this also comes down to, and the most recent National Intelligence Council memorandum that was declassified by the, director of national intelligence last week captures a lot of this, and so does our most recent public service announcement at CISA. But we are also very aware of the likely barrage of foreign influence activity that we, America, are going to face in the days and weeks immediately after the election.

We recognize that our foreign adversaries have learned from prior cycles, and know that that period of time, especially in the days immediately after the election, when unofficial results are still coming in, and the official certification process is still being run by election officials. And each state's chief election official is working through that process to certify the final results. That window of time is ripe for these types of influence operations campaigns to sow uncertainty around the outcome, and again, just try to stoke partisan discord domestically.

And that's regardless of how the election plays out, that's agnostic to the outcome. Again, the intention here by Russia, Iran, China, is really to stoke domestic discord and to crush American confidence in our democratic institutions. And so that period after is also where we see this heightened threat environment for election officials who could be deliberately targeted. We saw this in 2020 when Iran created the “Enemies of the People” website, which deliberately targeted certain election officials. Again, trying to stoke partisan outrage against certain individuals.

And so I think we, while we haven't seen all of these tactics manifest yet, we are certainly very concerned and remain vigilant over what we may see. But I think that's the other message for the American people is, look, we have seen more than ever in this cycle. And it's not even election day. So we have to be ready for the onslaught of these types of campaigns after, and they're probably going to be pretty compelling because of technology, because of generative AI-enabled capabilities. We cannot let our adversaries win. We cannot do the work of our adversaries for them.

And especially when it comes to how these types of influence operations can lead to the manifestation of physical violence. In July, ODNI put out a separate statement talking about how the Iranian government was doing an influence operation trying to foment protests around the Israel-Gaza conflict. This goes back to my point earlier about the cross-domain operations, how folks are using activities in one domain to generate results in another.

Our adversaries may absolutely try to leverage narratives that will lead to violence. We've already seen how threats and violence targeting election officials manifested after 2020, and continue to. We have to be better than that. We have to say this is not who we are as a nation, not in America, and really just keep reminding ourselves that this is exactly what our adversaries are trying to do and we cannot let them win.

Eugenia Lostri: So, I'm curious if one of the differences in this election cycle pertains to the role that the private sector, especially companies that focus on generative AI, the role that they have.

I believe in a conversation that Quinta actually had about one of these groups, the guest, Thomas Rid, and you can please correct me, Quinta, he talked about the visibility that companies have into the generative AI content, which is very different from the visibility that maybe social media companies could have on disinformation efforts that were happening on their sites. And I'm wondering if that allows them to be more proactive in flagging and taking down this type of content, and if that's something that is having any sort of effect in this election?

Cait Conley: So I would defer to the private companies for how they pursue and their private entities to make their own decisions. What I will say is I think we have seen companies across the board in many ways come out to bring light to a lot of the Form 1 influence activities that they are seeing. And that's an important part of this, too, because they do have unique insights and visibility based on what's happening on their network and their infrastructure.

I think, you know, a big part of who CISA is as a federal government agency is we are a partnership agency. We recognize that national security is a team sport, and it's not just the federal government in this alone. We have to do this together, especially when it comes to critical infrastructure security, where the overwhelming majority of our nation's critical infrastructure is owned and operated by the private sector.

We have to work together to ensure we are protecting and preserving our nation's top security interests, and that includes election security. Again, back to 2016, it was a wakeup call. Election security is national security. And while elections may be political, election security is not. So, we have to work together across all lines to ensure that we are preserving the most sacred thing we have as a country, which is our democracy.

Quinta Jurecic: I want to make sure we touch on one issue that I’ve often been thinking about in context of these conversations around, you know, foreign malign influence. So, for example, the Justice Department, I know, Deputy Attorney General Lisa Monaco made a big point when these indictments were announced of saying, you know, this is something that we're looking at because these are foreign actors. It is agnostic to the content, right?

And I think that's, obviously important, and you all and other agencies have made that very, very clear in all your statements about this. But it is also true that in the wake of the 2020 election, there was a lot of information flying around, many of it from people who were genuinely trying to make sense of what was a confusing situation that did not necessarily originate from outside the United States, but originated within it. And I'm conscious that this creates a, you know, it's a difficult situation, obviously, for government agencies, because it does implicate potentially First Amendment rights.

We've been talking here about, you know, foreign influence primarily, and sort of, issues of cyber and physical security. But I did want to raise this issue, just to, make sure that I asked you about it and ask how CISA is thinking about that aspect of things this time around?

Cait Conley: Yeah, no, I think you bring up a really important point, right, which is America is the greatest nation in the world because of our freedoms. And so the freedom to express our opinions is an incredibly important part of who we are as a nation.

That being said, when people agnostic to politics or platforms or partisanship use that ability or that exposure to spread disinformation, inaccurate, false, misleading information about our nation's democratic process. We are doing the work of our foreign adversaries for them, and I think we really have to realize that. We are doing nothing but hurting ourselves as a nation and helping them pit us against one another.

And so, I think that this, is where I hope we as a country can really check ourselves and realize that, again, regardless of the outcome, elections are this incredible moment in our history of a nation, to have hope and to unify around the freedom to choose and to make our political voices heard. And that is a very powerful thing. And that is deliberately being targeted by our adversaries who look to weaken us, and attack something that is so near and so dear and so sacred as our democratic process to do so.

And so, I think this is hopefully an area where we can unify and know that we have to defend this process together.

Quinta Jurecic: Is there anything else that you'd like to touch on before we go?

Cait Conley: Yeah, no, I mean, I think this has been a great conversation, and really grateful for the opportunity. I think, I hope that folks who listen to this hear this story of an incredible group of heroes, which is really a lot of state and local public servants who are out there in this tireless endeavor to bring the democratic process to the American voter, to deliver to the American voter free, fair, and safe and secure elections.

And that these public servants are not faceless bureaucrats. State and local election officials are heroes, and they're parts of our community. They're our neighbors, they're our family members, they're our friends, they're people we see in the grocery stores or at community events. And they deserve our respect, our admiration, and our gratitude.

And so this year, I hope we recognize, especially because of the actions of our adversaries who are intent on undermining American standing in the world, and to do so attacking our democratic institutions, I hope we recognize that this is a call the action for all Americans to come together and to unify, because it's our democracy to defend.

So, really appreciate the time today to talk about it. You know, we are incredibly confident in the security and integrity of our democratic institutions, and that the outcome of the 2024 election, regardless of what that is, will reflect the will of the American people. And that election officials will once again overcome all of this, with the help of private partners, and public partners, and us, to ensure free, fair, safe and secure elections to the American people.

Quinta Jurecic: All right, Cait Conley, thank you so much for taking the time.

Cait Conley: Thank you all. Really appreciate it.

Quinta Jurecic: The Lawfare Podcast is produced in cooperation with the Brookings Institution. You can get ad-free versions of this and other Lawfare podcasts by becoming a Lawfare material supporter through our website, lawfaremedia.org/support. You'll also get access to special events and other content available only to our supporters.

Please rate and review us wherever you get your podcasts. Look out for our other podcasts including Rational Security, Chatter, Allies, and the Aftermath, our latest Lawfare Presents podcast series on the government's response to January 6th. Check out our written work at lawfaremedia.org. The podcast is edited by Jen Patja and your audio engineer this episode was Noam Osband of Goat Rodeo. Our theme song is from Alibi Music. As always, thank you for listening.