Pitt cyber institute to study state election security |

Pitt cyber institute to study state election security

Aaron Aupperlee
Aaron Aupperlee
David Sanger, a journalist for the New York Times, and David Hickton, head of University of Pittsburgh Institute for Cyber Law, Policy, and Security, talk about cyber warfare during a lunch featuring Sanger and organized by the institute Wednesday, Feb. 21, 2018 at Pitt's University Club.
Aaron Aupperlee
David Sanger, a journalist for the New York Times, and David Hickton, head of University of Pittsburgh Institute for Cyber Law, Policy, and Security, talk about cyber warfare during a lunch featuring Sanger and organized by the institute Wednesday, Feb. 21, 2018 at Pitt's University Club.

Americans don’t have to choose between digital election and voting technology and security, David Hickton, head of the University of Pittsburgh Institute for Cyber Law, Policy and Security, said Wednesday.

Hickton, a former U.S. Attorney for the Western District of Pennsylvania, said concerns about cyberattacks during the 2016 election shouldn’t force states like Pennsylvania to go back to paper ballots.

“We can have both,” Hickton said about digital voting and security. “We just need to plot the path.”

Pitt Cyber will soon start a project on elections. The institute’s goal is to come up with suggestions to improve Pennsylvania’s election security.

Hickton said he agreed with Gov. Tom Wolf’s order this month that all new voting machines must have a paper trail but said more can be done. Hickton mentioned the upcoming project Wednesday during a discussion about cyber warfare with New York Times journalist David E. Sanger.

Sanger called Russia’s meddling in the 2016 elections a sophisticated attack. Russian hackers stole hundreds of thousands of emails and other sensitive information from a server at the Democratic National Committee without ever entering the country, Sanger said.

The indictment filed last week against thirteen Russians for interfering in the election showed that the attack began in 2014, before Donald Trump announced his presidential candidacy, and evolved over time.

“Did this swing the election?” Sanger asked. “We’ll probably never know.”

Cyberattacks have evolved into the primary way nations confront and sabotage each other, inflicting enough damage to leave a mark but avoiding large-scale retaliation, Sanger said.

If America does attack North Korea, to “bloody its nose,” Sanger said, it will likely strike first with cyber.

“It’s not going to be with dropped bombs,” Sanger predicted during his talk.

Sanger, a three-time Pulitzer Prize winner whose reporting has focused on the threats cyberattacks pose to the United States and how America is using cyber warfare abroad, said the world is only 10 years into the military uses of cyberattacks. He used the adoption of the airplane as an analogy. The Wright brothers first demonstrated their airplane to the military in 1908. Ten years later, there were thousands of aircraft in the sky and their destructive power was just starting to be realized. Aircraft that could drop bombs followed.

Not 30 years later, on Aug. 6, 1945, the Enola Gay, a B-29 airplane, became the first aircraft to drop an atomic bomb, which destroyed the Japanese city of Hiroshima.

Sanger’s point was that a lot can happen in a short period time.

“To stand here today and claim with confidence what kind of destructive power it has would be foolish,” Sanger said of cyber weapons.

Hickton, who brought charges against several member of the Chinese military for hacking and stealing intellectual property from U.S. companies, including some in the Pittsburgh area, asked Sanger what could be done to stop cyber intrusions. In terms of election interference, requiring political ads on Facebook and other social media to adhere to the same rules as traditional political advertising on television is a start, Sanger said.

Stopping overall cyber attacks will take retaliation by the United States, Sanger said. He said Hickton’s indictments against the Chinese helped curb Chinese hacking of U.S. businesses. The United States took no action after attacks from Iran and North Korea, Sanger said.

“This cannot be a free-fire zone,” Sanger said. “People who do this need to know there are consequences.”

Aaron Aupperlee is a Tribune-Review staff writer. Reach him at [email protected], 412-336-8448 or via Twitter @tinynotebook.

TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.