If I have to tell you once, I have to tell you 10,000 times.
Or at least that’s the challenge for Gary Pruitt, who has overseen the last three presidential elections as president and CEO of The Associated Press, based in New York City.
For 175 years, the AP has not only covered U.S. elections, he said, but also compiled vote totals, then called the winners as a trusted source for 12,000 news clients around the globe. In November 2020, the AP performed those tasks in North Carolina as part of its coverage of more than 7,000 U.S. elections in all 50 states.
As difficult a challenge as that was, Pruitt said, his organization also successfully fended off numerous and sophisticated hacking attacks from bad actors to AP’s election platform from Pakistan, Taiwan and other countries, not to mention adversaries it saw from Russia in 2016 as well.
A familiar ploy for bad actors is “phishing,” or sending fraudulent emails supposedly from reputable sources with links that when clicked can open the door to mischief, breaching an account to reveal personal information, such as passwords and credit card numbers.
Last year, he said, the AP received an average of 10,000 phishing emails — a day.
“Cybersecurity is an arms race you can’t afford to lose,” Pruitt told Adam Clayton Powell III, the host of an upcoming USC Election Cybersecurity Initiative Regional Workshop for North Carolina and four other states. Powell is the initiative’s executive director.
The initiative, a nonpartisan, independent project funded with a generous grant from Google, not only provides information and education for people involved in campaigns and elections but also teaches the public about how to guard against cyberattacks and disinformation.
The University of Southern California pulled together a team of experts last year and borrowed on the wisdom of national leaders to conduct election security workshops in all 50 states under the banner of “Our candidate is Democracy!”
Last August, with the Chatham News + Record as a media partner, Powell conducted a workshop for North Carolina candidates, elected officials, academics and others before the November elections.
Powell will be back next Thursday, April 22, on Zoom pounding the warning drums again to arm North Carolina residents and public officials with tips and insights on cybersecurity and cyber safety, disinformation and misinformation, and crisis response techniques.
“Security of elections in North Carolina and around the U.S. are under attack from expert and well-funded adversaries using new techniques,” Powell said. “So we are returning to North Carolina, virtually, with a nonpartisan election cybersecurity workshop ... to help defend elections.”
Who should attend? Powell recommends the workshop to campaign staff, state and local election officials, academics, non-governmental organizations, policymakers and students.
“Designed for general audiences rather than technical specialists,” a workshop flier says, “our sessions are led by cybersecurity experts from government, industry, research and academia. They will include simple tools and practices that can help keep our democratic process safe.”
This year the cybersecurity workshops will cover all 50 states again, but with combinations of states in regional online sessions. The North Carolina workshop will include representatives from Kentucky, Tennessee, Virginia and West Virginia.
The lessons in how to avert the next cyberattack will be especially important to Chatham County officials.
The dangers of a cyberattack struck home for the county on Oct. 28, 2020, when its computer network was hit with a ransomware attack launched through a malicious attachment in a phishing email.
The cyberattack shut down most county functions and temporarily cut off public access to services. The Chatham News + Record reported finding sensitive files on the dark web that had been uploaded in November and a second batch in January.
The News + Record published a screenshot of some posted files, which at that time had been viewed more than 30,000 times. The cyberattack was linked to DoppelPaymer, one of more than 20 ransomware groups identified by the FBI.
“One thing we learned from talking to cybersecurity experts in our reporting on the Chatham County breach was how fragile computer networks are,” said News + Record Publisher Bill Horner III. “We’ve learned how these threat actors attack municipalities, universities, hospitals ... and getting ‘in,’ for them, is quite simple. This workshop will focus on elections, but there’s a lot for all of us to learn about this. I’d encourage people to check it out.”
About the author" Buck Ryan, a University of Kentucky journalism professor, is conducting a “participatory case study” of the News + Record, which he views as a national model for community newspapers. You can read his article about the last North Carolina election cybersecurity workshop here.