Rachael Lyon [00:00:01]:

Welcome to To The Point cybersecurity podcast. Each week, join Vince Spina and Rachel Lyon to explore the latest in global cybersecurity news, trending topics, and cyber industry initiatives impacting businesses, governments, and our way of life. Now let's get to the point. Hello, everyone. Welcome to this week's episode of To the Point podcast. I'm Rachel Lyon here with my co host, Vince Spina. Where in the world is Vince today?

Vince Spina [00:00:32]:

Hey, Rach. I am, sitting in a hotel room in Dubai, just finishing up a major technology show here called GITEX, and, it's just been a fan fantastic week, though.

Rachael Lyon [00:00:44]:

It's a massive show, isn't it? I mean, that's what I've heard.

Vince Spina [00:00:49]:

We were in hall 24, and I know there was a 25 and a 26, and there isn't a technology that you could talk about that didn't have a massive haul. So I I think, the numbers were in the 100 of 1,000, and I'm not I I think that might have been per day. It could be per week, but it was I mean, just a massive show with, unbelievable attendance. So

Rachael Lyon [00:01:16]:

That's awesome. That's awesome. And it's in Dubai. So there's that too.

Vince Spina [00:01:19]:

It's in Dubai. Yes.

Rachael Lyon [00:01:21]:

That's fine. Alright. So I will let's jump into today's conversation. I am so excited because this is one of my favorite topics, particularly at this time of year, in this year. Maggie Miller, she's a cybersecurity reporter for Politico based in Washington DC. Her coverage focuses on the intersection of cybersecurity and national security, which how awesome is that? Like, there's so much to write about. I I can't even imagine where to start. So welcome.

Rachael Lyon [00:01:45]:

Welcome, Maggie.

Maggie Miller [00:01:46]:

Thanks so much for having me. And, yeah, it's a wild time these days.

Rachael Lyon [00:01:50]:

Oh, man. Absolutely. Alright. Vince, you wanna kick us off?

Vince Spina [00:01:54]:

Yeah. I do. And, you know, it's, it's interesting with that background. Maggie, I'm we both stalked you. We looked you up. Your your your your CV is impressive.

Maggie Miller [00:02:05]:

Mhmm.

Vince Spina [00:02:05]:

Your your background just a lot. And there's so much that we can talk about. You know, if I did my math right, I think literally we're 19 days from election day. Is that I mean, that's crazy. Okay. 19 days.

Maggie Miller [00:02:18]:

Sounds correct to me, and that's gonna

Vince Spina [00:02:20]:

Absolutely.

Maggie Miller [00:02:21]:

Give us all anxiety attacks. Exactly. And

Vince Spina [00:02:23]:

When I think, you know, your background is in politics and cybersecurity, I was like, I'm horrible at metaphors, but I was thinking, man, that that's like peanut butter jelly, or it's like anchovies and pineapple. I don't know if they go together or, you know, they're diametrically opposed, but it just, just interesting. So there's so much we could talk about today. But, you know, recently, one political party had reported that a nation state had sent them inside information on the other political party. 

We're, we're 19 days from the election. And with all that, I just wanted to start with, campaign data leaks as kind of the, the topic. So maybe my my first question to you is, do you see any cybersecurity problems in political campaigns that tend to keep on happening? I mean, it seems to be getting worse and worse. But my sense is, with your experience, this is probably something that's you know, been around for a while.

Vince Spina [00:03:18]:

Maybe the tech has changed or or the the activity level. But, you know, what what tends to keep on happening that, you know, you see from your perspective?

Maggie Miller [00:03:27]:

Yeah. Absolutely. And, just to start off, you know, flattery will get you anywhere, Vince, on Ice TV. No. I mean, it's been an interesting pre election season in that, you know, I think we were all, at least in the reporting space, and I'm sure in the cybersecurity expert space, watching things very closely given the history, specifically, really, of Russian, cyberattacks disinformation efforts ever since 2016 and other countries. And it really has been, eventful. 

So, in terms of campaign hack and leak operations, we've actually seen Iran get really involved this season in a way that they really haven't in the past, targeting the Trump campaign and then leaking some of the information they found to the Biden campaign, and also to, reporters, including one of my colleagues at Politico, and other outlets. So it's been interesting, to track, how things are going.

Maggie Miller [00:04:24]:

And in terms of campaigns, I mean, it's I've been talking to some former campaign officials and experts, and, you know, I feel like there's been a huge evolution in terms of focus on election security by cybersecurity professionals, by election officials, etcetera. But campaigns have kind of stayed in this same kind of startup like space, in that, you know, often, obviously from the lowest campaigns, local campaigns, all the way up to the top presidential campaigns, they're very fast paced. 

They're very, you know, many of them, maybe not as much presidential, but state level. They're formed very quickly. They're constantly evolving. They're constantly changing messages. You've got a lot of very often low paid, very young people working on campaigns, who are coming in. I've been told a lot of times on some of these campaigns, not necessarily presidential, but just campaigns widely.

Maggie Miller [00:05:16]:

They're using personal devices, personal laptops. There's outdated equipment. There's also the issue of, you know, the funds that you get for a campaign, you're really looking at putting into advertising, at putting into, you know, paying the the bills for people that are helping run your campaign. And cybersecurity often really falls, you know, to the last priority, falls to the wayside. 

And I think amid all of this also, because there is this startup like environment, which is how it's been described to me by multiple former officials, it's very easy, you know, if you're working insane hours, you don't have weekends, you know, you're just overworked, You get an email. You accidentally click on something. It's very easy in that sort of environment for some of the really low hanging fruit type. I mean, I would say attacks.

Maggie Miller [00:06:02]:

I would say more just tactics that can work. And I think there is still, despite everything, this lack of, you know, cyber attacks, cyber visibility understanding by some of these, campaign workers, campaign officials. Because, again, it's not top of their their, their pile for what they're focused on. So it is a really ripe space for nation states such as Iran, but also, frankly, just low level cyber criminals to exploit. Cybersecurity is just not the main focus. And it's not very surprising to me that that has become a main focus of, at least, the presidential campaign cycle.

Rachael Lyon [00:06:38]:

Yeah. It's, it's interesting too on these things, because you have to wonder, like, what are the motivations. Right? And, are we seeing and I'd be interested in your perspective here. Are the the bulk of the attacks coming from foreign adversaries, or are we seeing a lot coming from within the US as well? You know, it's, like, back when, the Ukraine, Russia, you know, that, conflict started coming up, you had this, like, cyber volunteer army, right, where all of these people, like, hundreds of people would just start, you know, hacking one country or the other. 

And I just wonder, you know, with, kind of elections right there asides, are you seeing kind of, you know, a juxtaposition of of foreign adversaries and within the US, or kinda what's what's that trend looking like?

[07:22] Focus on Nation-State Disinformation Threats During Elections

Maggie Miller [00:07:22]:

Yeah. I think in terms of what's being publicly reported by, not just the campaigns, but social media companies, by federal authorities, They've been really zeroed in on the nation state threat. We've seen indictments against Russia or Russian affiliated, actors for, disinformation campaigns targeting, some US based influencers, and taking down a lot of websites that have been linked to Russia, linked to Ukraine that we're posing as news sites, trying to, you know, send out, maybe less credible stories. 

But at first glance, they might seem like credible stories that have a slant towards something, you know, towards what the Iranian government or the Russian government might want in terms of the outcome of the presidential election. But at the same time, I think that, you know, you see, after every election, there is a moment to sit back and take stock of what was seen. And I think this is gonna be something that we're, you know, a lot of these companies and officials are gonna probably, not probably, definitely look at, in terms of what they're seeing. And I think I'm not surprised that what has been, what has been so, widely trumpeted has been the nation state activity. Because it is something that is so much more critical, it's something that likely involves governments, and it's something that's much harder to counter than sort of your low level cybercriminal, given that it really involves geopolitics.

Maggie Miller [00:08:44]:

Right.

Vince Spina [00:08:44]:

Maggie, just to follow-up on that. I mean, that we're hearing that in the news all the time. What's your opinion on, you know, how these data breaches or leaks for inside of campaigns, you know, what's your perception on how that's affecting public trust and, you know, their desire to even get out and vote or, you know, being more doubtful about the the results of the election after the fact. 

I mean, you know, 4 years later, there's, you know, differences of opinion on, you know, the results of election from 4 years law. I mean, what what's what's your thoughts on all of those kind of things as a from a data leak perspective?

Maggie Miller [00:09:25]:

Yeah. And, you know, that's something that's really occurred to me as I've been covering things. I mean, I don't think it's a secret to say that this year was always going to be a highly divisive election, to say the absolute least. And I'm I'm speaking at the presidential level here. Of course, divisiveness below that. But in terms of the presidential election, yeah, I mean, I'm sure this is only complicating things. 

It does not I mean, just writing about some of the Iran leaks, I've had feedback, is one way to put it. Feedback from readers, who have thoughts about what this means for election security, for election integrity, feedback on social media.

[10:00] Election trust issues persist despite officials' efforts

Maggie Miller [00:10:00]:

You know, I think that this is a space that, unfortunately, doesn't have a lot of trust in it on many on both sides, despite the fact that there really has been good faith efforts by all election officials involved to really heighten the election security and really try to heighten efforts to ensure people believe that their vote is secure. But when you see things like, you know, Iran being able to get into the emails of senior Trump campaign officials and leak some of that to another campaign, and then that campaign officials and leak some of that to another campaign, and then that campaign, you know, not necessarily, be as open about what they're seeing initially, at least according to the FBI, that does, you know, engender a little bit of a lack of trust. 

And it's not I I just think that this we're in an environment right now that any sort of scene, interference, or any funny business is only just going to complicate matters in terms of trust, which is unfortunate because, you know, you want as an American myself, you want to have confidence that your vote is going to be, counted and counted accurately, and that you are not being swayed by something that may not be true. And I will say everything I'm hearing from federal officials involved in this, everyone is really working hard to ensure that votes will be accurately counted. But, you know, it's hard to convince the American public that are already concerned about this that that is the case.

Vince Spina [00:11:21]:

Yeah. Counted as one thing validated that it was actually, you know, Maggie's vote or Rachel's vote or Vincent's vote is is, you know, a whole other, you know, concern as well.

Maggie Miller [00:11:32]:

Yeah. Yeah.

Rachael Lyon [00:11:33]:

Yeah. That leads to an I mean, I think this is a great entree, right, to kind of election system security. You know, that's such a hot topic that keeps coming up every election cycle. You know, kind of what what is your perspective there? I mean, particularly in, you know, foreign adversaries targeting actual election systems, particularly when they can vary so much from state to state. You know, it seems like it would be quite cumbersome to do that, but I'd be interested in in your point of view.

Maggie Miller [00:12:00]:

Yeah. Absolutely. I mean, this has really been a big concern since well, I would assume since before then, but 2016 is really what put the spotlight on it with, Russian interference, specifically. There were multiple vectors that Russia used, but one was targeting voter registration databases in multiple states. And that really, you know, put the hackles up of election officials and trying to ensure that these machines that were being used to cast votes and also these online databases were more secure and trying to address some of the vulnerabilities there. And one one thing that has been a strength of the American voting system from the very beginning is, as you mentioned, that every single, election is run by a different election administration group, whether that be the city level, the county level, the state level. It's very, it's not, homogeneous. It is, very varied, and it is pretty much impossible for, you know, an actor such as Russia to say, I'm gonna change the votes of everyone in the country, because frankly, everyone votes in ways around the country with different machines, different models.

Maggie Miller [00:13:03]:

You know, they might use mail in ballots, etcetera. That being said, you know, as we were just talking about given the information space, really, all it takes is one machine targeted in one county, and then that being amplified specifically on social media to really cause doubt and really cause fear, which is something that definitely concerns officials. And it's something that I know, you know, that, election officials have been really focused on in saying, hey, we're gonna get out there on election day, you know, at the state, local, level, and you really, you know, should be paying attention to your election official wherever you live, wherever you vote, because they are the ones in charge of that system, and they're the ones keeping an eye on things. And they're gonna say, you know, if they're seeing some sort of funny business going on. But at the same time, it is very possible to, potentially tamper with a machine. It is cumbersome, though. You know, I was at, the Defcon conference in Las Vegas in August, where we have the famous voting village, every year, where some, machines that are still in use in various parts of the country are tested, and hackers have the ability to just tear them apart. And, of course, they always find vulnerabilities every year.

Maggie Miller [00:14:13]:

And I think the thing I want to stress from that is, clearly, there's vulnerabilities in some of these machines. Clearly, the companies need to continue, upkeeping their devices, but it would be quite difficult for a voter to go into a voting, place and do what some of these hackers are doing at Defcon. You know, they don't have the ability I think it would be very noticeable if they went in and started tearing apart a machine in the way some of these hackers do. So it would be harder to sway things. But what has been seen is, you know, you have to be careful with some of these machines and some of the, ability for small mistakes to be made. I believe there was, there was a speech during Defcon, talking about, I think it was a couple years ago, one of the counties in the US where there was a discrepancy of something like 200 votes, and they realized when they did a whole, a whole investigation into it, they had folded the vote wrong, the paper vote wrong, and the vote scanner was not, understanding the exact way they folded it. So it's things like that that can sometimes sway. But, I think, you know, my long winded way of saying, at least from what I've seen, it would be very difficult to, really hack into a device.

Maggie Miller [00:15:21]:

It is possible, possible, and it is something that election officials are laser focused on. We'll say, from what I'm hearing, it's not the main concern in terms of election security for this year. It's really the disinformation space.

Vince Spina [00:15:33]:

If you if you had to put percentage on it, because you you get both sides of that, Maggie. And like you said, it might be 1, you know, voting booth in, you know, one county, and then it hits the news. And that's, you know, that's what we as consumers see. But I'm sure, you know, you've got your ear to the ground and you talk to some pretty important people. Like, how how big of a problem is this really? Is it the 1%? Is it and it just blows up from there? Or, you know, how how widespread do you would you think this is?

Maggie Miller [00:16:01]:

Yeah. That's that's the main issue is, you know, that there might be tampering on one device or more sinisterly, maybe there isn't. But, you know, a post that it claims that that's the case blows up and people lose confidence in that particular voting station that their vote was counted. There's also the issue that was brought up to me of sometimes, voter registration check-in devices, sometimes those can go down, sometimes they malfunction. That's not necessarily gonna well, certainly wouldn't change your vote, but what that will do is slow down the process of people voting. And that has happened in past election days where you see really long lines of people. You see this backup. People assume, oh, there's been some sort of, you know, foreign interference or other sort of malicious interference to ensure I don't get to cast my vote, when often it's just a technical issue.

Maggie Miller [00:16:46]:

And that is something that I know that election officials at all levels are worried about, because, again, it lowers voter confidence in their ability to vote and that their votes will be counted. And especially if that's happening in any sort of swing state where there's gonna be a lot of focus on election day. And of course, complicating matters further is that every single state has different laws for when people can vote, and when ballots are counted, and the process for certifying an election. You know, as we saw in 2020 with the the presidential election then, we didn't have results on election day, and I think everyone is pretty much assuming we're not gonna have results this election day either. It's gonna come down pretty close, it seems like, and it's gonna come down to, you know, the the last ballots being counted in certain states, most likely. But more than that, I think, you know, remember that whatever you see on election day, whatever the media is calling, it is preliminary results, and every state goes through a different process to certify, double certify, take every means they can to show that, you know, this is what the votes were, this is what was counted. And many states have a lot of mail in ballots they gotta get through. Those take a while to sort through and count and and everything.

Maggie Miller [00:17:51]:

So it's a a wide ranging process. I mean, election officials to me, you know, whether they're at the city, county, state, level, to me, it's a very, cumbersome job. So I think it is something that, at least me as an American citizen, I am grateful for those that volunteer to do some of this work because it's certainly a job that is very long ranging and these days unfortunately comes with a lot of threats as well.

Vince Spina [00:18:15]:

You, you said, you know, talked earlier a bit about different laws in different states.

Maggie Miller [00:18:21]:

Yeah.

Vince Spina [00:18:21]:

You know, any any laws out there in in any of those states that you feel have been created around cybersecurity or election security that seems to be or going to help protect voter data, and make these elections fair? Any any new and interesting, you know,

Maggie Miller [00:18:39]:

things that you're talking? There's been a lot of different, developments in the last, I mean, again, since 2016. I keep bringing up that year, but that really did change things. I mean, you had a month later, the Department of Homeland Security. Just before President Obama left office, they made, elections critical infrastructure, which meant that there was a lot more focus on them and resources going towards them. And I know that that was a very controversial decision at the time, but has since I mean, over and over when I've talked to election officials, they have since said, actually and this is election officials on both sides of the equation. I actually think that was a good call, because it puts a lot more attention, a lot more resources on ensuring that the vote is secure. Yeah. And I know states have done quite a bit, different levels to try to ensure that some of these devices are safe, a lot more, eyes on the votes.

Maggie Miller [00:19:27]:

And that's you know, people people can come sometimes in some of these stations and actually watch the votes being counted to try to make sure that they they feel, that their vote has been counted and is secure. I think one place we haven't seen a lot of movement is at the federal level. Congress has been pretty deadlocked in anything to do with, election security mandates. You know, there is the constant back and forth between Democrats and Republicans on this. Republicans often have concerns about the federal government instituting anything, that might be seen by states as a mandate. They really wanna leave it at the state level. The one area that there has been agreement is they've managed Congress in the last, oh, gosh, 5, 6 years at this point. I might be wrong, might be a little longer.

Maggie Miller [00:20:08]:

Has appropriated almost $1,000,000,000 I believe, in election security funding through the election, administration, commission, the EAC, to sort of divvy out to states. States, you know, submit for these funds. They they create packages of what they need, detail out, etcetera. You can find a lot more not to plug the EAC, but you can find a lot more very detailed information on that on their website. I've certainly gone through it in my reporting, which I know has been really helpful, given that a lot of these states and localities don't necessarily have dedicated funding to, for example, replace outdated computer systems, computer networks, or to, for example, hire a cybersecurity professional to ensure, that they're safer, or to have antivirus software, or things like that. 

They don't necessarily they know that there's a problem, but they didn't necessarily have the funds. So what I've heard, again, from election officials on both sides of the aisle is these funds have been helpful, to say the least. So that has been something that has changed.

Maggie Miller [00:21:04]:

But I do think there's a lot of interest on Capitol Hill in continuing to look at this issue. And cybersecurity specifically is an area, one of the, I like to say, last bastions of, bipartisanship on Capitol Hill Hill that usually gets a lot of bipartisan support. So, yeah, we'll see what happens after the election. Also, you know, what happens in Congress will obviously be impacted by who comes into power, but also what we see in terms of election day and the threats that are seen. Yeah. Mhmm.

Rachael Lyon [00:21:30]:

Absolutely. And, you know, we can't talk about elections. Right? And you mentioned it earlier, disinformation. There was, I think making the rounds what back in September, there was, foreign interference linked to Russia against, Kamala Harris, her campaign with fake videos. And they even went so far as to kinda create this fake media outlet in San Francisco to give it credibility. I mean, this is bananas, Maggie. Like Yeah. I mean, how how do you combat that?

[21:58] Impact of AI-generated Deepfakes on Elections

Maggie Miller [00:21:58]:

I mean, isn't that the question that everyone asks? How do you combat that? I mean, often, it comes down in many cases to the, you know, where this is being posted on social media, taking action and spotting these posts and saying, well, clearly, this is not true. Yeah. There was a video that that falsely made it seem like she'd been in a hit and run, you know, things like that. But, I mean, that has been a concern, for many elections going forward, is the impact of false or faked media on, candidates, whether at the presidential level or lower. 

Especially now with the advent of AI, there's been a lot of concern about AI generated videos, AI generated, audio recordings, or even deep fakes, that, you know, might seem like it's the candidate, but really is not. That's not what's happening. There has been, I would say from what I've heard, less of the doomsday scenario than what was expected. That being said, there have been AI generated images that have been found, on social media sites.

Maggie Miller [00:22:53]:

Microsoft has come forward talking about that. Actually, China has been involved in that. They've linked some of this, to China, trying to less sway the election and more just exploit divisions in US society, and and just try to, you know I think Iran and Russia have been really the the big players this year, but China's certainly still there. I think it's it's those 3 that tend to wade in, to some of these efforts. 

So, yeah. I mean, this fake this fake, these fake videos, fake, images, they're very concerning. They're certainly, unfortunately, probably into the future in terms of election security. And I think it really is going to put even more of a spotlight on social media companies to try to spot these, try to take them down, try to label them, etcetera.

Maggie Miller [00:23:35]:

And, you know, also, you have to look at how much traction are they actually getting. So the vast majority of these posts that I've seen at least this cycle that have been called to my attention really haven't gotten a huge audience, haven't gotten a huge uptake, but there's been a few, that have been passed along, especially on TikTok, before they were able to be debunked. And when a certain amount of people see them, even if they're debunked later, you know, there's a certain amount of, well, I saw this. This is true, etcetera. Or, you know, oh, they've been they've been called out debunked, but, you know, not trusting that. So there's I mean, it's the ongoing question of how do you how do you ensure that, you know, Americans and others around the world in in election scenarios really what they're seeing or can really understand that what they're seeing is false. And that's just an ongoing question that I think officials and and social media executives are still trying to grapple with.

Vince Spina [00:24:25]:

Yeah. I was just to follow-up on that, Maggie. I mean, I I'm just probably gonna ask you, you know, how how concerned are you? But I I think you articulated that well. I mean, it is a it is an issue and, you know, it's something in in my my personal family. We tend to make sure, you know, there's certain, subjects that are off limits and politics have been added to that, you know, that group because just in our family alone, I mean, you can almost split the family right right down the middle. So it's become concerning. You know, from a from a government perspective, in general, do do you think we're we're prepared as a as a as a country and quite frankly as a world, to counter these these threats as it pertains to AI? I mean, this thing is it's pervasive and it's getting better and and obviously more scary, all the time. I mean, what's your thoughts on that?

Maggie Miller [00:25:20]:

I think it's one of those issues in terms of AI, in terms of its impact on the information space. It's an area where I feel like everyone and their mother is running around, you know, chickens with their heads cut off knowing that it's an issue. I mean, you can't go up to Capitol Hill without seeing a new bill introduced on AI issues every day. You know, we've also seen leadership, trying to move through. We've seen Senate Majority Leader Schumer has been really leading on on an issue with AI. And obviously, you know, social media companies, tech companies are trying to address this. Obviously, in the EU trying to address this. I could go on for days.

Maggie Miller [00:25:54]:

But I think the issue is there's a lot of efforts and a lot of, attention on the issue, but trying to get consensus on on something, and trying to get consensus on what the actual problem is, what government can do, what is too far for government to go. And of course, when it comes to tech, I mean, this is tech, cyber, anything in that space. Government moves so slowly, and it's an area where things evolve so quickly and change and and new technologies are being introduced. But it's like the speed of light and government's, you know, the turtle crawling along. And, it's not always easy to keep up. I mean, an example completely separate, you know, privacy issues have been an issue for a long time. We still don't have a federal privacy law. Still not on the books.

Maggie Miller [00:26:35]:

We've got state level. We've got, one in the EU that we often have to kind of abide by, but still not that. And that's been an effort every single year in Congress, that comes up, and it still can't get through. So I think even when there is, bipartisan consensus that there's an issue here, there's certainly bipartisan consensus on privacy, for example, that there's something that needs to be done. It's still hard to actually get agreement, actually get something through. And, I think, you know, we might see that with AI, but there's consensus it's a problem. But what do you do? So, you know, moving forward, it's gonna continue to be an evolving issue. Obviously, AI has great promises.

Maggie Miller [00:27:11]:

I don't wanna sound like huge doomsday. I mean, there's been, you know, thoughts that it could for the intelligence community in the US, it enables them to sort through, you know, billions of items of data at much faster speeds, maybe, you know, spot potential terrorist plots, etcetera. That's amazing. I mean, it could help solve health issues like cancer research, etcetera. But it also, as I mentioned, can supercharge disinformation, and make it, you know, much harder to combat. It could also supercharge, you know, cyber attack efforts, could make it easier to for low level cyberattack efforts. You know, it's been brought up to me that many cyber criminals are not English speaking, and so often it's easy to spot, you know, spam emails from them just because there's certain grammatical errors. That's not gonna be the case in the future with AI.

Maggie Miller [00:27:56]:

They can simply run it through. So there's a lot of question marks around it. I know I went on forever there, but I have many thoughts on AI. It's constantly discussed in the cyberspace.

Rachael Lyon [00:28:06]:

Yeah. It's and there's no really clear answer. Right? How do you regulate it? What's the right thing to do? And because there's just so many unknowns

Maggie Miller [00:28:13]:

Mhmm.

[28:14] Aligning global cyber policies; UN's pivotal role

Rachael Lyon [00:28:14]:

Right now. You know, switching gears a little bit, I'm I'm always kinda fascinated in, you know, looking at, kind of the global perspective. You know, how can you get countries aligned, right, on, you know, cyber policies, what's acceptable? You know? And I know there's, you know, some countries that don't have extradition, so there's no way you know, yes. There's criminals there, but we're never gonna get them to the US to have them try it or have any accountability for that. And, you know, I'm always kind of looking at, you know, what's the role of, like, the UN or NATO? Like, how you know, what role can they play here? You know, because it can be tricky. And, I would love your thoughts on the UN cyber treaty. You know, are there is what are the most significant provisions in the treaty that could have a major impact on how countries handle cyber threats and cybercrime.

Maggie Miller [00:29:02]:

Yeah. Absolutely. And thanks for bringing that up. I know it's been an issue I've been reporting on. You know, it's one of those issues that I think at first glance many Americans would say or or many people in the world who aren't in the cyberspace would say, oh, it's just another complex UN treaty. I'm not looking at it. But it's become a key issue at the UN in terms of disagreement. So basically, this treaty was first proposed by Russia in 2019.

Maggie Miller [00:29:25]:

It was brought forward. The US, its allies had serious concerns about it. They saw it from the beginning as, basically an avenue that Russia was using to try to say, oh, yeah. We wanna tackle cybercrime, but at the same time, we wanna get language in here that allows us to, you know, maybe take away some digital rights to to conduct more surveillance of our citizens. So there were issues from the beginning with it. But the problem is that cybercrime is a major threat across countries around the world. It is an area of agreement by countries that more needs to be done to tackle this. So there was this agreement by countries there needed there should be a treaty on this.

Maggie Miller [00:30:01]:

There should be something the UN does on this. And it was negotiated over the past few years, with the you know, the US was fully involved. The EU was fully involved. At the same time, Russia was very involved. China was very involved. And the product that emerged earlier this year that was approved in committee is one that has really caused a lot of controversy. There's been serious concerns, just like from the beginning, that the product they've come out with in the end is indeed potentially going to be used by governments like China, like Russia, to surveil their citizens and say, oh, the UN, this treaty has said we can do this. There's just certain language in there that's concerning, that could take away digital rights.

Maggie Miller [00:30:38]:

And so a lot of private sector groups, a lot of NGOs have really raised this concern with the White House in recent weeks, raised this concern with the EU. And the White House is still weighing how to vote. There's gonna be a vote on this treaty in the full UN later this year at some point, probably between Thanksgiving and Christmas. And the White House is still not quite sure. Because the problem is, if the US votes against it, then, you know, it kinda gives Russia and China this avenue to create updates to it in future that could make it even worse. And the US kind of shut out. Updates to it in future that could make it even worse. And the US kind of shut out.

Maggie Miller [00:31:07]:

So there's a big effort by some of the NGOs involved, who are, you know, digital rights groups, to really get the US to either abstain or vote no. But we'll see. I mean, just, just this week, the EU came out and has said that they're going to vote in favor. The EU, as the actual entity, the European Union, which does kind of send a signal as to where the White House may go on this, where the US may go on this. So it's very controversial. I think, as I said, cybercrime is an issue that everyone agrees on, and the international community should be tackled. But the way that the UN is going about it is interesting, and, kind of shows, at least those I've talked to, that it may have been more of a victory for countries like Russia and China than countries that really do wanna tackle cybercrime.

Vince Spina [00:31:56]:

Maggie, you said, you know, the vote is somewhat imminent, but my sense is it's gonna happen after the election. Do you see the vote, changing based on, you know, which which candidate, you know, wins the the presidency? What what's your thoughts?

Maggie Miller [00:32:12]:

It's a good question. I mean, at the same time, obviously, you know, president Biden, no matter how the vote goes on November 5th, he's not gonna be president post January 20th. So, you know, it doesn't really impact him as much. He already knows he's going out. You know, I'm not actually sure how much the election will impact the outcome of this, but, you know, I'm sure that having it after the election, having it during a lame duck period where you know, often in lame ducks, a lot of things get pushed through that, you know, might not have been as popular, that might not have been something that would help you during an election. But all of a sudden, the election's over. You're about to get out the door, you know, get some things through. So, you know, that might play into it, but can't really can't really predict on that.

Maggie Miller [00:32:56]:

But it does it is interesting to me that the EU has now said that they're gonna vote in favor. So that would be even more interesting if the US either abstained or vote no, voted no, given the allocation.

Vince Spina [00:33:07]:

Enough, is the EU, is that is that collective one vote? Or is that,

Maggie Miller [00:33:11]:

I believe the EU, and I really should know this more, I believe the EU has its own vote. I don't think it's a collective of every country in the EU. I think it's the EU has its own vote, but you might need to double check on that. And I apologize to listeners if I'm wrong on that. The e the the United Nations, you know, is something that I tend to not cover as much, but then this has become such a big issue that I've really waded into this. So, but that was breaking news this week in terms of the EU. Mhmm.

Rachael Lyon [00:33:36]:

Nice. So coming back to kind of the the new president coming in, you know, I know there's been a lot done in recent years, particularly on the cybersecurity front of it. When you have a new presidential, changeover, right, I mean, how do you see that impacting things currently in motion? Do you see that stalling depending on who comes in? Or, you know, I I've been I've been feeling like we've been getting some momentum, and I'm just curious with an election changeover, what impact that might have.

Maggie Miller [00:34:06]:

Oh, big impact. I mean, as I said, cybersecurity is a pretty bipartisan area of agreement. There are some issues. As I said, sometimes election security can cause, some hiccups there in terms of, you know, state versus federal. But cybersecurity does tend to have a lot of bipartisan agreement there. That being said, you know, if former president Trump comes in, has a second term, you know, if you look at whether or not, you know, he he does follow what is in, the famous project 2025 report, there are certain things recommended in that report that would certainly be major changes from currently now. For example, big defunding, and movement of the Cybersecurity and Infrastructure Security Agency. The the report would recommend putting that under the Department of the Treasury, and also, seriously curtailing some of its powers.

Maggie Miller [00:34:55]:

Very much a major change. Also, there's a recommendation to split apart the NSA and US Cyber Command from under 1 leader to 2 separate, which is actually quite a divisive topic on Capitol Hill. There's a lot of back and forth on whether that is, necessary. But one thing, actually, that wouldn't change quite as much just because it's in law is the National Cyber Director Office at the White House. You know, that was a position there was a cybersecurity coordinator position that was eliminated under former President Trump. And actually, as a result of that, there was a lot of bipartisan pushback on the Hill to that, decision. And as a result, there was a law push through that created, in law, the position of the National Cyber Director and the office there. So, you know, I'm not saying that some of their, funding or some of the staffing might not change, but that actual position would remain.

Maggie Miller [00:35:43]:

And that position has really helped spearhead. We had the National Cyber Strategy released not too long ago, National Cyber Workforce Strategy released. Cyber workforce is an issue. I know that there's been a lot of concern bipartisan on the Hill about the fact that we have so many open jobs in cybersecurity. I mean, you can't think of an organization that doesn't need a cyber pro these days. And usually, they're fairly good paying jobs, so it's a pretty good, area for folks to go into. So that would probably be something that moves forward. AI, as we said, is gonna continue to be an area of concern.

[36:16] Cybersecurity remains a Bipartisan Focus under any Administration

Maggie Miller [00:36:16]:

I can't imagine that under either administration, there wouldn't be focus on that. So I think, as I said, it's gonna be an issue that I think sees less, stark differences depending on, you know, if it's vice president Harris or former president Trump. But, certainly an area to stay focused on. And, actually, you know, as a spoiler to our readers, we are recording this, I believe, before it's going to go out, a couple days at least. And in the next few days, there, and you'll probably have seen this by the time this comes out, there is a report coming, from former, federal, state leaders, are those movers in the cybersecurity space in DC on both sides of the aisle, which has a long run of recommendations that, either of the 2 administrations could take on, to further cyber policies. They're pretty, I would say, measured for the most part, kind of just how to continue the work that's ongoing. Cyber workforce is a big element of it. They actually do recommend that CISA be given some further authorities, be maintained at certain budget levels.

Maggie Miller [00:37:20]:

So I think that that's gonna be a report that's gonna be, you know, as I said, there's been bipartisan involvement in shaping that, and it's a lot of the big cyber voices in DC, so I think that that could be a pretty useful report no matter who's in the White House come January 20th. But, let me tell you, on my team and here at Politico, the transition is gonna be a major focus of our reporting, post November 5th. So, you know, not to put a plug in for myself, but please keep following. So that's gonna be the main focus, I would say.

Vince Spina [00:37:49]:

Absolutely.

Rachael Lyon [00:37:50]:

Yeah. I imagine.

Vince Spina [00:37:52]:

Rachel, any more, questions along that line? I I wanted to just delve into Maggie a little bit. She's, interesting. Anything, prior to asking her a couple background questions? Or

Rachael Lyon [00:38:03]:

No. No. Let's jump into it. I'm always fascinated kind of the the personal side of of how folks get to cyber. Yeah.

Vince Spina [00:38:09]:

Yeah. We and we won't go too personal, Maggie, but as we, talked earlier, I mean, you're super interesting. We both did a little bit of research on you. Rachel's kind of words about when she introduced you said your career is kind of at the intersection of cybersecurity and politics, and I'm like, when I, you know, heard those kind of, you know, two areas of, of expertise, I'm like, that could either be peanut butter and jelly or anchovies and pineapple. 

I can tell you after talking to you, I'm leaning more towards, peanut butter and jelly. But how did you get here? Like, you know, how did your career get you to being, you know, somebody who reports on politics, but more specifically the cybersecurity issues and opportunities in that area of importance.

Maggie Miller [00:38:57]:

Yeah. You know, I really think it's kind of serendipity. And I always tell people I feel like I really fell into cybersecurity, but more than that, I fell into cybersecurity at the exact right moment. You know, I was pretty young. I hadn't long been out of university. I'd done some work with Voice of America, with a few different, media outlets, and I was really looking, you know, for some policy work in DC. I was based in DC, and I had a wide range of, job applications out. And actually, I was hired by an organization, which is fairly well known, as we say, within the Beltway in DC, called Inside Cybersecurity, which is part of a larger organization that is inside defense, inside US Healthcare, etcetera.

Maggie Miller [00:39:35]:

And really, what they do is it's very focused on sort of regulations. I think we're read by a lot of lawyers, I think. Very sort of in the weeds learning about it. And I started there at the beginning of 2017, and that was quite a time to come into cyber security. Again, I feel like the theme has been me talking about 2016 and how that was really big with the election, but it did it was big. 

And, you know, we saw within a year of that 2018, former president Trump, signed into law legislation that, you know, renamed and created CISA. You know, we saw after that, we saw the SolarWinds hack in 2020, Colonial Pipeline 2021. Just sort of the snowballing of, cyber attacks that put a lot of Americans' attention on the issue, and efforts by the federal government to evolve to address the moment.

Maggie Miller [00:40:22]:

So, you know, I fell into this work. I was there for almost 3 years, and then, you know, you talk about politics. I ended up going working for The Hill newspaper. I always say The Hill newspaper. I did not work for a member of Congress. No offense to members of Congress, but having covered things up there, I don't care, no matter what my political thoughts, I would never work. It's just, it's a whole world, no thank you. But covering it's interesting.

Maggie Miller [00:40:46]:

So I worked for the Hill for a bit, and was there during the 2020 election, and everything, the fallout from that. And then in 2022, I had the opportunity right at the beginning of the year to start with Politico. And again, what a time to start. I came in and pretty much for the first two months I only wrote about Ukraine, and the cyber elements of what was going on with Russia's invasion and how the US was supporting. So it's really been this evolution of not only my path in covering cyber security, but that path happening at the exact time that things were really, to say it in the less formal way, popping off in this area. And it's something, I didn't really have any background in it, I didn't really have any background in tech. 

For me, it's been really fascinating, because it's an area that to me it felt like, you know, if you're not in this space, you don't understand the criticality of it. People are always, as they should be, concerned about missiles and bombs, etcetera.

Maggie Miller [00:41:44]:

You could use a cyber attack and cause some of that same destruction. Maybe not as permanent, but it could cause severe problems. And it's way cheaper, and it's something that I think even now the international community hasn't really fully grappled with. How do we respond to that? If you shut down the power grid of New York City with a cyber attack versus a bomb, a bomb, I feel like it's clear cut. A cyber attack, I don't know, what do we do? So it's a scary, scary world, I think, and certainly cyber plays a role in every conflict now, and what a space to be in. But it's fascinating, and as I keep saying, I love covering an area that it does feel fairly bipartisan in Washington. It's a nice space to to be in. Everyone kinda wants to talk to you.

Maggie Miller [00:42:27]:

And you do feel that sort of, you know, civility that I think in the last few years, you know, as people become more entrenched on different sides, has really been missing. So it's a it's a good area to cover here.

Rachael Lyon [00:42:38]:

Nice. So you've you've been doing, like, the, I think, the fun times of cyber. It's, I I love cyber.

Maggie Miller [00:42:44]:

Fun times. Maybe. Fun times. Maybe not so fun for the victims. But yeah.

Rachael Lyon [00:42:48]:

You know, but it you know, every day you learn something new, and that's what I I love about the cyber industry. You know, it's continuously changing and very dynamic. You know, and and you've been covering it for quite some time. I'd be curious to know. I mean, do you have a favorite, like, cybersecurity story you've written? I mean, is there anything that kinda stands out?

Maggie Miller [00:43:07]:

I mean, I thought you were gonna say, like, a favorite crisis, there for a moment because, you know, I always think back to solar winds and think, oh, it was fun my Christmas being ruined, you know, just constantly working through that whole holiday. No, there's

Vince Spina [00:43:21]:

That's right, your job starts when something like that happens, right?

Maggie Miller [00:43:24]:

Oh yeah, well, I mean, not to, I'll answer your question about favorite story in a moment, but that just happened a couple weeks ago with the CrowdStrike outage where it ended up not being a cyber attack, but at the start of the day, everyone thought it could be. I mean, as it was brought up to me, what we saw with CrowdStrike very well could have happened with a cyber attack. And you know, you wake up, it's 8 a. M, and immediately your phone is blown up with 60 different messages from people, and it's just go, go, go. So those days are exhausting, but really rewarding in some ways. But in terms of favorite stories, I mean, gosh, there's been several. I loved writing about the UN Cyber Treaty recently. There was another story I did actually when I was working for The Hill that I'm pretty proud of, which was actually about some targeting that was done of a journalist who worked for Al Jazeera actually in Qatar, and she was being targeted by, probably at the orders of the Saudi Crown Prince, MBS, targeted with a lot of disinformation and harassment on Twitter by people linked to him, by people being paid by him, and she was filing suit against him in the US because some of those people that were, undertaking these efforts against her were based in the US.

Maggie Miller [00:44:37]:

And that felt really interesting to kind of dig into what it means to be a journalist in that space and have the sort of harassment she was getting. Speaking of fake images, a lot of doctored images of her, maybe in compromising positions that she wasn't in that were going around online, a lot of harassment. So that was really interesting to cover that side of things. Also, I've, you know, as I said, I cover national security, so covered very in-depth everything that's happened in Ukraine. That's been really heartbreaking, but really interesting to cover. Had some really interesting conversations the last few years with Ukrainian officials. I mean, covering everything from the impact on telecoms, talking to telecom officials there, you know, who are saying, yeah, we have huge cyber attacks and half of our workforce is on the front lines fighting Russia. So, you know, it's a really deep, in-depth area to go into.

Maggie Miller [00:45:26]:

And I guess to lighten the mood a little bit, I also, you know, everyone knows Taylor Swift, everyone knows, you know, there was a huge effort to get her tickets last year. And there were actually hacking issues that impacted Ticketmaster, a huge amount of bots. And digging into that and breaking that news with my colleague, Josh Cisco, that was kind of a fun one. And weirdly enough, despite the fact that I write about all these big topics, probably the story I've had the most personal feedback from, from my personal friends and family. They're like, oh my god, you're writing about Taylor Swift? That's great, let's talk to you about your story now. I'm like, well, not really writing about Taylor Swift, but you know, really about this issue, so.

Vince Spina [00:46:04]:

Did she send you tickets after the fact?

Maggie Miller [00:46:07]:

No, gosh, I wish, my gosh. I actually, you know it's funny, I actually haven't been to her show. I had the opportunity, a friend of mine was online for 12 hours to get tickets to her show in Atlanta. Wow. And you know, up to her. I won't talk about how much she paid, she paid a lot. And I just decided the amount, she had another ticket I could have had, but the amount to get that ticket and attend, I just said, you know, I'd be interested to see her in person. I cannot justify that amount of money.

Maggie Miller [00:46:33]:

But I did in my defense, I did go to the the theater and see the show, you know, that when it was recorded. So I've kind of seen it. I don't know. I'm a

Vince Spina [00:46:40]:

I'm a Swifty myself. So I

Maggie Miller [00:46:41]:

Yeah. Yeah. To see her. Yeah. I did not know that

Rachael Lyon [00:46:44]:

about you, Vince.

Vince Spina [00:46:45]:

Yeah. I know. Yeah. Maggie, we've talked a lot. A lot of subjects here. Very interesting. Campaign data leaks, voter security. I mean, on and on.

Vince Spina [00:46:55]:

Everything. Disinformation. What haven't we asked you? Like, what's the question we haven't asked you that, you know, our listeners might be interested?

Maggie Miller [00:47:04]:

Oh, gosh. We've really been pretty wide ranging. Yeah. I would say a little bit on you know, I kinda hinted at this right at the end of of talking about, some of the geopolitical issues, but cyber really is a geopolitical issue. I don't think this will surprise many of your listeners. Yeah. But really, I mean, you know, I've I've talked about Ukraine. I've also covered aspects of what's happening in Israel Gaza.

Maggie Miller [00:47:27]:

I mean, there have been cyber elements involved with that. And also looking at potential in the future Chinese invasion of Taiwan, which would almost certainly begin with mass cyber attacks. It would also impact the US. I mean, we've seen the US really calling out China pretty strongly in the last few years for some of these campaigns to infiltrate US infrastructure in advance of a of a potential war one day, where, you know, say, we're prepping to go to the aid of Taiwan. Oh, interestingly enough, the networks for key trains or key, airlines that need to get our troops overseas, all of a sudden have gone down, sort of like what we saw with the CrowdStrike outage. That would be, you know, pretty crippling. And I think it's something that, you know, not to be a doomsday, but I do think the American public generally hasn't really grappled with, you know, where we are in terms of these threats, and how they are going to increasingly be part of sort of any conflict we see, that we're involved in in the world and and, you know, the wider region. So I think, obviously, we need to continue to be concerned about, you know, physical attacks, bombs, missiles, etcetera.

[48:28] Cybersecurity is critical in modern geopolitics.

Maggie Miller [00:48:28]:

But I think cyber is gonna be just more part of a toolbox. And, you know, it's nice you have this podcast because I think a lot of, you know, the average American might say, oh, it's cyber, it's nerdy, etcetera. But it's really central, actually, when it comes to things that impact our lives. I mean, there's been a lot of talk on Capitol Hill about satellite safety, a lot of concerns about Russia and China's capabilities in space. That's because one cyber attack on a US satellite, all of a sudden we don't have navigation. You know, all of a sudden no one can send text. You know, there's certain there's certain things that can be easily taken down that our lives are thrown off course. So I think that's just, you know, not to it's kind of a depressing note to end on, but I think that's just something to bear in mind for listeners, is that it is an ever growing geopolitical topic, and don't take your eye off it.

Maggie Miller [00:49:13]:

It is the eye off it. And those who work in cyber who are listening to this, as someone that is constantly in it, thank you for your work. Keep going and keep blowing the horn on what you're seeing, because, that helps with my work. So Yeah. Send it over if you see it. Yeah. Absolutely. Yeah.

Rachael Lyon [00:49:31]:

Yeah. I know. It's, it's one of those things. It's like if, you know, you you have to be aware of it, and you have to to to think about it on some level. But then again, you know, when when you think about it, it's like and it'll it is a little overwhelming, You know? And so you kinda wanna, like, la la la la. Not not not have to, address it, but I I agree. There needs to be more awareness for folks and you know, and what what can you do to prepare? Right? I mean, if something were to happen, you know, in that way too.

Maggie Miller [00:50:04]:

It's the question. And I think, you know, as I said, I keep bringing up. I love that it's a bipartisan area, and I actually think it's really important that it remain a bipartisan area because it is an area that we really, you know, we don't wanna be arguing over whether we should strengthen our satellite cyber defense efforts. I feel like that's a pretty, you know, some things are pretty key things. I don't think I'm taking a political side to say that. You know, as an American who wants to continue to live a safe life that isn't, you know, interrupted too much, I think it's it's a good thing that it remains bipartisan, and hopefully that doesn't change into the future. But it does seem like an issue where everyone's kind of their hackles are up, and they're they're looking at it, and let's hope that continues to be the case. So

Rachael Lyon [00:50:42]:

Yeah. No. It's good when there's common ground,

Maggie Miller [00:50:45]:

right, on

Rachael Lyon [00:50:45]:

on certain themes, for sure. Mhmm. Well, I'm cognizant of time. I know we we've had a great conversation, Maggie. Thank you so much for joining us today. This has been really insightful. You know, I know our listeners enjoy, you know, when we can dive into topics really and get some meat on the bone. So thank you for providing that to

Maggie Miller [00:51:02]:

our listeners. My my pleasure. And, yeah, my pleasure. Happy to come on in the future if you ever wanna shout about anything further. But, you know, on November 5th, we'll all be, my team and I, watching things closely. And as I said, the week after, because I could be wrong, but I mean, I'm not assuming we'll have the results of the presidential race on November 5th, so we'll be watching.

Rachael Lyon [00:51:22]:

Yeah. It's exciting times ahead for sure. For sure. I can't wait to see the coverage that comes out. I'll be following you. I'll continue stalking you,

Maggie Miller [00:51:30]:

I guess, is what I'm saying. So Well, also our White House and campaign reporters that are gonna be working their butts off that day. So give them a shout out too.

Rachael Lyon [00:51:38]:

I have dogs barking in the background, if you can hear that. As we close out, because

Rachael Lyon [00:51:43]:

we talked about dogs before, to all

Rachael Lyon [00:51:45]:

of our listeners, don't forget to smash that subscription button. Get a fresh episode in your inbox every Tuesday, And until next time, everybody, stay safe. Thanks for joining us on the To the Point cybersecurity podcast brought to you by Forcepoint. For more information and show notes from today's episode, please visit www.forcepoint.com/podcast. And don't forget to subscribe and leave a review on Apple Podcasts or Google Podcasts.

About Our Guest

Maggie Miller, Cybersecurity Reporter, Politico

Maggie is a journalist based in Washington, D.C., originally hailing from Austin, TX. She currently works as a cybersecurity reporter for Politico. Her experience before this includes her time reporting on cybersecurity for The Hill, at Inside Cybersecurity at Inside Washington Publishers, the British Embassy, Voice of America, Conservation International, GRNlive in London, KXAN News in Austin, TX, which is the NBC affiliate station there, and Moment Magazine in Washington, D.C.

She did her undergraduate studies at American University, with a BA in Broadcast Journalism from the School of Communications, and a minor in International Studies from the School of International Service. She also did a semester in London, where she studied at the Boston University satellite campus while interning at GRNlive.

LinkedIn

https://www.linkedin.com/in/maggiefmmiller/