As voters, as journalists, as citizens, and as writers, as participants alive in what was once considered a secure democracy, we are today living through what Masha Gessen (following Bálint Magyar) calls an “autocratic attempt.”
Let those words sink in for a moment: an autocratic attempt…”the build up to actually wielding autocratic power.”
When a political figure who has gained power tries to use that power to probe the possibilities for establishing an autocratic state, that’s an autocratic attempt. The other stages in the process are an “autocratic breakthrough,” and an “autocratic consolidation.” I hope we never get to either point. But I cannot say with confidence that we will not. Neither can Masha Gessen. (Read their book, Surviving Autocracy.)
Four weeks ago I recommended that the big national newsrooms create threat modeling teams to help organize coverage of the Trump government and the 2020 elections. My concern was that American democracy was being put at risk, and traditional campaign coverage was not capable of addressing that kind of threat.
Today I am back to develop this suggestion a little further, in hopes that some of our major news providers will take an interest. I consulted two people who have worked with threat modeling in other danger zones, and I asked them to help me imagine its possible uses in a newsroom setting.
One is Joshua Geltzer, currently a Visiting Professor of Law at Georgetown University. From 2015 to 2017 he was Senior Director for Counterterrorism on the National Security Council staff, where he particpated in what are called “table top” exercises that try to imagine how threats would play out. (This is often called “threat ideation.”) As a “customer” working on counter-terrorism for the executive branch, he used the products of threat modeling teams based in the intelligence agencies and law enforcement. He has also written about Donald Trump’s attacks on the 2020 election.
My other informant is Alex Stamos, former Chief Security Officer at Facebook, and Chief Information Security Officer at Yahoo, which he described as “the most senior person at a company who is solely tasked with defending the company’s systems, software and other technical assets from attack.” At Facebook his duties were two-fold. One involved defending the company’s IT systems against hacking: “supervising the central security team that tries to understand risk across the company and work with many other teams to mitigate that risk.” His other duty was to help prevent misuse of Facebook products to cause harm. “Exploiting a software flaw to steal data is hacking. Using a product to harass people, or plan a terrorist attack, is abuse,” he explained. (The full text of my interview with Alex was published at The Verge.)
Incorporating what I learned from Josh Geltzer and Alex Stamos — and from an off-the-record briefing about election threats put on by the Aspen Institute, which I attended last week — here is how I see it working.
The recommendation: The big national news providers — ABC, CBS, NBC, CNN, NPR, PBS, AP, Reuters, New York Times, Washington Post — should have threat modeling teams, just as they all have pollsters. These teams would try to identify the most serious threats to a free and fair election and to American democracy over the next four months, so that their newsrooms can take appropriate action.
What is threat modeling and how does it work?
“Threat modeling is the effort to articulate dangers in ways that allow us to prepare to prevent, mitigate, or respond to them,” said Josh Geltzer. “It’s a way of identifying and describing threats that helps us to address them.” Its purpose is to assess vulnerabilities and anticipate attacks in a more systematic fashion than just being worried about them. Alex Stamos put it this way.
“Threat Modeling” is a formal process by which a team maps out the potential adversaries to a system and the capabilities of those adversaries, maps the attack surfaces of the system and the potential vulnerabilities in those attack surfaces, and then matches those two sets together to build a model of likely vulnerabilities and attacks.
What does it take to do threat modeling well?
Josh Geltzer told me: “You need to have a deep sense of what you’re trying to protect in the first place.” (I will come back to this point later; it is critical.) You also need expertise in the kinds of dangers that are likely to arise. For Donald Trump as a threat to American democracy, this might mean consutling people who have devoted serious study to “how democracies die.”
For other kinds of threats newsrooms often have in-house expertise, in the form of beat reporters who know their terrain intimately, like NBC’s Brandy Zadrozny and Ben Collins, who have been tracking QAnon and other misinformatiom rabbit holes.
You need to be able to step into the shoes of your adversary, and think like they do. You need the right temperament, says Geltzer, “to take seriously dangers without inflating them (which can happen when you start thinking hard about them!) and also without underestimating them,” which cognitive bias and organizational pressures can make us do.
What kinds of things do threat modelers do?
They identify weaknesses or likely points of attack, what Stamos called “attack surfaces.” For each plausible threat they try to divide the assessment of how consequential it would be from how likely it is to happen, and then carefully combine those two to determine its overall urgency. As Josh Geltzer said, they study how attacks can be prevented, how the damage can be mitigated if they do happen, and what kind of response is required if an attack succeeds.
Threat modeling also flows into exercises that help an organization prepare for threats and understand them better. At Facebook Stamos helped run “red team” exercises. “A Red Team is a team, either internal to the company or hired from external consultants, that pretends to be an adversary and acts out their behavior with as much fidelity as is possible,” he said. “At Facebook, our Red Team ran large exercises against the company twice a year. These would be composed based upon studying a real adversary— say, the Ministry of State Security of the People’s Republic of China.”
What is the product — or deliverable — of good threat modeling, and what does it help you do?
One answer: it helps you deploy scarce resources. As Stamos said to me, his security team had only so many people. They could only take on so many projects. Threat modeling can tell you how to spend your budget. The parallel to the newsroom is clear: you only have so many reporters. There is a limited number of investigations you can do before the election. With Trump in power there is always a flood of news. How do you decide what’s urgent?
Another answer: Done well, threat modeling — and what’s called threat ideation — makes your staff more alive to dangers that their routines or assumptions might have obscured. It’s an awareness tool.
Beyond raising awareness, what specific uses would threat modeling have in a newsroom setting?
In a previous post, I described a published product that could emerge: A Threat Urgency Index. It would summarize and rank the biggest dangers (to the election and to American democracy) by combining assessments of how consequential, how likely, and how immediate each threat is.
The Index would have a web address. It would be updated when there is new information, sort of like Five Thirty Eight’s Election Forecast. You could also subscribe to the Index as a newsletter. Right now, for example, the crippling of the postal service might rank highly on that list. Or the call — echoing from Trump’s Twitter feed — for armed militias to “protect” the vote count in a disputed election.
Another use might be to run excerises that raise newsroom awareness around the possible manipulation of the news system as we get closer to the election. “The obvious one is hacked documents,” said Alex Stamos. “Worked great in 2016. Why change horses?”
What problem is threat modeling supposed to solve?
As Steve Bannon famously said, Trump’s method for neutralizing the news media is to “flood the zone with shit.” There’s always too many things to pay attention to. Threat modeling could help with that by separating things that sound scary from things that really are scary— and could happen.
That’s one answer. Another comes from Kyle Pope, the editor of Columbia Journalism Review, who recently wrote:
The American people are living on the edge of death and economic despair. Those are the stakes of the 2020 election, one whose integrity is in jeopardy thanks to the hypocrisies of Silicon Valley and the influence of foreign (and domestic) actors, on top of voter suppression—by online disinformation campaigns and simpler means (including manipulating the post office). The press must look past the campaign coverage that was and embrace its role as a safeguard of democracy.
To be a safeguard of democracy you cannot just react to what explodes into the news from now until January 20. You have to zoom forward in imagination, glimpse danger, and then work your way back to decisions made today and tomorrow. Threat modeling helps you move about in time.
If threat modeling is defensive, what is it that journalists should be trying to defend?
To me this is one reason to do it. In order to deploy a threat modeling, or threat “ideation” team you have to know what you are trying to protect against. You have to own that responsibility. Which is a lot different from reporting whatever comes down the pike.
Earlier in the campagn, I wrote a post about this problem: You cannot keep from getting swept up in Trump’s agenda without a firm grasp on your own. But what should that agenda be? I think it has to be some kind of defense of American democracy and its central ritual: free and fair elections that engender trust in the outcome, and thereby make the peaceful transfer of power possible.
Earlier in the modern era, journalists covering election campaigns had been able to assume the existence of a stable system, and therefore focus on the contest itself. That doesn’t work for 2020. For it is by no means guaranteed that we will have a free and fair vote. Journalists have to plant their flag on the sacred ground of legitimate elections, and help defend it against all threats. Threat modeling can assist with that project. And that is my argument for its adoption by the big national news providers.