Podcast Summary: To The Point - Cybersecurity

Episode: Understanding Cyber Threats in Elections and Infrastructure with Maggie Miller
Date: December 9, 2025
Host: Rachel Lyon
Co-host: Vince Spina
Guest: Maggie Miller (Cybersecurity Reporter, Politico)

Overview

This episode dives deep into the intersection of cybersecurity, elections, and national infrastructure as the U.S. faces another critical presidential election. Politico's Maggie Miller brings her expertise to discuss persistent campaign security issues, evolving threats from foreign and domestic actors, the challenges of combating disinformation (including AI-driven fakes), and how recent legal, political, and global developments are influencing the broader cyber landscape. The discussion is timely, just 19 days before Election Day.

Key Discussion Points & Insights

1. Persistent Cybersecurity Challenges in Political Campaigns

Fast-Paced, Under-Resourced Campaigns:
- Campaigns operate like startups, with constant staff turnover, reliance on personal devices, and outdated tech.
- Cybersecurity is often a low priority compared to advertising and daily operations.
- “You've got a lot of...very young people...using personal devices, personal laptops, there's outdated equipment. ...Cybersecurity often really falls ...to the last priority.” — Maggie Miller [05:03]
Nation-State Involvement (New Players):
- This cycle, Iran has targeted U.S. campaigns alongside the usual activity from Russia, even leaking information to opposing campaign teams and the media.
- Iranian involvement marks a shift, expanding beyond previous norms.
- “We've actually seen Iran get really involved this season in a way that they really haven't in the past, targeting the Trump campaign and then leaking...to the Biden campaign and also to reporters...” — Maggie Miller [03:48]

2. Sources and Motivations of Election Cyberattacks

Nation-State vs. Domestic Threats:
- Primary focus from authorities is on foreign threats (Russia, Iran, China), but after every election, the domestic angle is scrutinized.
- Disinformation campaigns often use U.S.-based influencers and fake news sites to amplify impact.
- “...you had this cyber volunteer army...hundreds of people would just start, you know, hacking one country or the other.” — Rachel Lyon [06:46]
Trust and Election Integrity:
- Repeated leaks, especially involving high-profile campaigns, keep eroding public trust in voting and results.
- Both “good faith efforts” by officials and transparency struggles make it difficult to assure voters their ballots are secure.
- “...when you see things like Iran being able to get into the emails of senior Trump campaign officials and leak some of that...that does engender a little bit of a lack of trust.” — Maggie Miller [10:21]

3. Election Systems and Infrastructure Security

Diversity in U.S. Voting Systems as Both Strength and Weakness:
- Decentralization (local, state, county control with varying technology) makes mass hacking difficult.
- Still, even a single incident can be amplified online to create widespread doubt.
- “...all it takes is one machine targeted in one county, and then that being amplified specifically on social media to really cause doubt and really cause fear...” — Maggie Miller [13:16]
Real-World Vulnerabilities and Public Perception:
- DEFCON’s “voting village” repeatedly exposes vulnerabilities in real voting machines—though attacks are more practical in lab settings than in polling places.
- Technical malfunctions (e.g., voting scanner errors caused by improperly folded ballots) further complicate trust.
- “It would be quite difficult for a voter to go into a voting place and do what some of these hackers are doing at defcon...But what has been seen is you have to be careful with some of these machines...” — Maggie Miller [13:34]
Certification and Delays:
- Results certification is a multi-step, state-specific process, meaning final counts may take days or weeks post-election.
- “...whatever you see on election day, whatever the media is call it, is preliminary results. And every state goes through a different process to certify, double certify...” — Maggie Miller [16:41]

4. Legal and Policy Responses

Designation as “Critical Infrastructure”:
- Since 2016, elections are officially “critical infrastructure,” unlocking resources and attention.
- Despite initial controversy, most officials across political lines see this as a positive change.
- “...over and over when I've talked to election officials, they have since said actually...they actually think that was a good call because it puts a lot more attention...” — Maggie Miller [19:26]
Federal Deadlock and State-Level Action:
- Congress has been unable to pass new mandates, funding instead channeled through grants for states to update tech, hire cyber pros, etc.
- “...Congress...has appropriated almost a billion dollars...in election security funding...States submit for these funds...” — Maggie Miller [19:54]

5. Disinformation & AI-Powered Manipulation

AI-Generated Fakes:
- Deepfakes and AI-generated text/images are increasing, with some cases linked to China, Iran, and Russia.
- Most incidents have limited reach—but some, especially on TikTok, go viral before being debunked.
- “...there's been a lot of concern about AI generated videos, AI generated audio recordings...even deep fakes...” — Maggie Miller [22:11]
Social Media’s Role & Limits:
- Platforms are struggling to detect/remove fake content quickly enough.
- Even once debunked, initial impressions “stick.”
- “...the vast majority of these posts...haven't gotten a huge audience, haven't gotten a huge uptake. But there's been a few...passed along, especially on TikTok, before they were able to be debunked.” — Maggie Miller [23:43]
Regulation Lagging Behind Pace of Innovation:
- The policy community recognizes AI’s double-edged nature but is slow to reach actionable consensus.
- AI also threatens to eliminate tells (like language errors) that previously helped spot fake communications.
- “...government moves so slowly, and it’s an area where things evolve so quickly...government’s the turtle crawling along. And it's not always easy to keep up.” — Maggie Miller [26:30]

6. Global Perspective and Treaties

UN Cyber Treaty Debate:
- Russia’s draft cybercrime treaty (2019) is controversial, possibly serving as a tool for repression.
- U.S., EU, and NGOs are divided on supporting a document that may expand state surveillance under the guise of cyber law.
- “...the product they've come out with in the end is indeed potentially going to be used by governments like China, like Russia, to surveil their citizens...” — Maggie Miller [30:02]
Implications of Adoption:
- U.S. faces a dilemma: signing could legitimize problematic elements, boycotting could cede influence to Russia/China.
- EU now signs on, signaling potential U.S. direction.
- “...cybercrime is an issue that everyone agrees on...but the way that the UN is going about it...may have been more of a victory for countries like Russia and China.” — Maggie Miller [31:22]

7. The Next U.S. Administration & Cyber Policy

Potential Shifts Post-Election:
- “Cybersecurity is a pretty bipartisan area of agreement.” But significant changes are possible depending on the president, particularly affecting CISA and the organizational structure of cyber command.
- Some protections (e.g., National Cyber Director position) are now enshrined in law.
- Ongoing challenge: massive workforce gaps in cybersecurity roles—“pretty good area for folks to go into.” — Maggie Miller [35:57]
- “...I think sees less stark differences depending on...if it’s Vice President Harris or former President Trump, but certainly an area to stay focused on.” — Maggie Miller [36:59]

8. The Geopolitical Dimension of Cyber

Cyber as a Tool of War:
- All modern conflicts now include major cyber components—for example, Ukraine’s telecoms fighting physical and cyber battles simultaneously.
- The threat of “preparatory” attacks by China on U.S. infrastructure should a Taiwan conflict arise.
- “Cyber really is a geopolitical issue...it could cause severe problems and I think...even now the international community hasn't really fully grappled with [it].” — Maggie Miller [41:57], [47:04]

Notable Quotes & Memorable Moments

On the campaign environment:
“Often…it’s a startup-like environment…and cybersecurity often really falls…to the last priority, falls to the wayside.” — Maggie Miller [05:03]
On how a single local incident can have national effects:
“All it takes is one machine targeted in one county, and then that being amplified specifically on social media to really cause doubt…” — Maggie Miller [13:16]
On trust in U.S. elections:
“You want, as an American myself, you want to have confidence that your vote is going to be counted and counted accurately and that you are not being swayed by something that may not be true.” — Maggie Miller [10:56]
On the speed gap between tech and policy:
“[With] tech, cyber, anything in that space, government moves so slowly, and it’s an area where things evolve so quickly and change and new technologies are being introduced…government’s the turtle crawling along.” — Maggie Miller [26:31]
On AI’s impact on threat actor capabilities:
“Many cybercriminals are not English speaking…it's easy to spot spam emails...That's not going to be the case in the future with AI.” — Maggie Miller [27:32]
On the “cyber as geopolitical” issue:
“Cyber really is a geopolitical issue…all modern conflicts now include major cyber components.” — Maggie Miller [47:04]

Timestamps for Important Segments

Introduction & Setup: [00:01-01:44]
Campaign Cybersecurity Challenges: [03:27-06:38]
Foreign vs. Domestic Actors: [06:38-08:43]
Impact on Trust & Voting: [08:44-11:21]
Election Systems Security: [11:34-18:16]
Legal & Policy Developments: [18:39-21:30]
Disinformation & AI: [21:30-25:20]
AI Regulation Challenges: [25:20-28:06]
Global Perspective & UN Treaty: [29:02-33:36]
Presidential Transition & Cyber Policy: [33:43-37:49]
Maggie Miller’s Career Path: [38:08-42:38]
Noteworthy Reporting & Cyber “Fun Times”: [43:07-46:33]
Cyber in Modern Geopolitics: [47:04-49:14]
Closing Thoughts: [49:31-51:31]

Closing Reflections

Maggie’s Key Advice:
Stay vigilant—cyber is not just a technical concern but central to modern geopolitics, national security, and daily trust in democracy.
“Those who work in cyber who are listening to this, as someone that is constantly in it, thank you for your work. Keep going and keep blowing the horn on what you’re seeing, because that helps with my work.” — Maggie Miller [49:15]

This episode offers a grounded, nuanced look at election security that balances technical realities, political context, and the human factors shaping the cyber threat landscape in 2025. Recommended for anyone interested in governance, security, or the integrity of democratic institutions.

Podcast Summary: To The Point - Cybersecurity

Overview

Key Discussion Points & Insights

1. Persistent Cybersecurity Challenges in Political Campaigns

Fast-Paced, Under-Resourced Campaigns:
- Campaigns operate like startups, with constant staff turnover, reliance on personal devices, and outdated tech.
- Cybersecurity is often a low priority compared to advertising and daily operations.
- “You've got a lot of...very young people...using personal devices, personal laptops, there's outdated equipment. ...Cybersecurity often really falls ...to the last priority.” — Maggie Miller [05:03]
Nation-State Involvement (New Players):
- This cycle, Iran has targeted U.S. campaigns alongside the usual activity from Russia, even leaking information to opposing campaign teams and the media.
- Iranian involvement marks a shift, expanding beyond previous norms.
- “We've actually seen Iran get really involved this season in a way that they really haven't in the past, targeting the Trump campaign and then leaking...to the Biden campaign and also to reporters...” — Maggie Miller [03:48]

2. Sources and Motivations of Election Cyberattacks

Nation-State vs. Domestic Threats:
- Primary focus from authorities is on foreign threats (Russia, Iran, China), but after every election, the domestic angle is scrutinized.
- Disinformation campaigns often use U.S.-based influencers and fake news sites to amplify impact.
- “...you had this cyber volunteer army...hundreds of people would just start, you know, hacking one country or the other.” — Rachel Lyon [06:46]
Trust and Election Integrity:
- Repeated leaks, especially involving high-profile campaigns, keep eroding public trust in voting and results.
- Both “good faith efforts” by officials and transparency struggles make it difficult to assure voters their ballots are secure.
- “...when you see things like Iran being able to get into the emails of senior Trump campaign officials and leak some of that...that does engender a little bit of a lack of trust.” — Maggie Miller [10:21]

3. Election Systems and Infrastructure Security

Diversity in U.S. Voting Systems as Both Strength and Weakness:
- Decentralization (local, state, county control with varying technology) makes mass hacking difficult.
- Still, even a single incident can be amplified online to create widespread doubt.
- “...all it takes is one machine targeted in one county, and then that being amplified specifically on social media to really cause doubt and really cause fear...” — Maggie Miller [13:16]
Real-World Vulnerabilities and Public Perception:
- DEFCON’s “voting village” repeatedly exposes vulnerabilities in real voting machines—though attacks are more practical in lab settings than in polling places.
- Technical malfunctions (e.g., voting scanner errors caused by improperly folded ballots) further complicate trust.
- “It would be quite difficult for a voter to go into a voting place and do what some of these hackers are doing at defcon...But what has been seen is you have to be careful with some of these machines...” — Maggie Miller [13:34]
Certification and Delays:
- Results certification is a multi-step, state-specific process, meaning final counts may take days or weeks post-election.
- “...whatever you see on election day, whatever the media is call it, is preliminary results. And every state goes through a different process to certify, double certify...” — Maggie Miller [16:41]

4. Legal and Policy Responses

Designation as “Critical Infrastructure”:
- Since 2016, elections are officially “critical infrastructure,” unlocking resources and attention.
- Despite initial controversy, most officials across political lines see this as a positive change.
- “...over and over when I've talked to election officials, they have since said actually...they actually think that was a good call because it puts a lot more attention...” — Maggie Miller [19:26]
Federal Deadlock and State-Level Action:
- Congress has been unable to pass new mandates, funding instead channeled through grants for states to update tech, hire cyber pros, etc.
- “...Congress...has appropriated almost a billion dollars...in election security funding...States submit for these funds...” — Maggie Miller [19:54]

5. Disinformation & AI-Powered Manipulation

AI-Generated Fakes:
- Deepfakes and AI-generated text/images are increasing, with some cases linked to China, Iran, and Russia.
- Most incidents have limited reach—but some, especially on TikTok, go viral before being debunked.
- “...there's been a lot of concern about AI generated videos, AI generated audio recordings...even deep fakes...” — Maggie Miller [22:11]
Social Media’s Role & Limits:
- Platforms are struggling to detect/remove fake content quickly enough.
- Even once debunked, initial impressions “stick.”
- “...the vast majority of these posts...haven't gotten a huge audience, haven't gotten a huge uptake. But there's been a few...passed along, especially on TikTok, before they were able to be debunked.” — Maggie Miller [23:43]
Regulation Lagging Behind Pace of Innovation:
- The policy community recognizes AI’s double-edged nature but is slow to reach actionable consensus.
- AI also threatens to eliminate tells (like language errors) that previously helped spot fake communications.
- “...government moves so slowly, and it’s an area where things evolve so quickly...government’s the turtle crawling along. And it's not always easy to keep up.” — Maggie Miller [26:30]

6. Global Perspective and Treaties

UN Cyber Treaty Debate:
- Russia’s draft cybercrime treaty (2019) is controversial, possibly serving as a tool for repression.
- U.S., EU, and NGOs are divided on supporting a document that may expand state surveillance under the guise of cyber law.
- “...the product they've come out with in the end is indeed potentially going to be used by governments like China, like Russia, to surveil their citizens...” — Maggie Miller [30:02]
Implications of Adoption:
- U.S. faces a dilemma: signing could legitimize problematic elements, boycotting could cede influence to Russia/China.
- EU now signs on, signaling potential U.S. direction.
- “...cybercrime is an issue that everyone agrees on...but the way that the UN is going about it...may have been more of a victory for countries like Russia and China.” — Maggie Miller [31:22]

7. The Next U.S. Administration & Cyber Policy

Potential Shifts Post-Election:
- “Cybersecurity is a pretty bipartisan area of agreement.” But significant changes are possible depending on the president, particularly affecting CISA and the organizational structure of cyber command.
- Some protections (e.g., National Cyber Director position) are now enshrined in law.
- Ongoing challenge: massive workforce gaps in cybersecurity roles—“pretty good area for folks to go into.” — Maggie Miller [35:57]
- “...I think sees less stark differences depending on...if it’s Vice President Harris or former President Trump, but certainly an area to stay focused on.” — Maggie Miller [36:59]

8. The Geopolitical Dimension of Cyber

Cyber as a Tool of War:
- All modern conflicts now include major cyber components—for example, Ukraine’s telecoms fighting physical and cyber battles simultaneously.
- The threat of “preparatory” attacks by China on U.S. infrastructure should a Taiwan conflict arise.
- “Cyber really is a geopolitical issue...it could cause severe problems and I think...even now the international community hasn't really fully grappled with [it].” — Maggie Miller [41:57], [47:04]

Notable Quotes & Memorable Moments

On the campaign environment:
“Often…it’s a startup-like environment…and cybersecurity often really falls…to the last priority, falls to the wayside.” — Maggie Miller [05:03]
On how a single local incident can have national effects:
“All it takes is one machine targeted in one county, and then that being amplified specifically on social media to really cause doubt…” — Maggie Miller [13:16]
On trust in U.S. elections:
“You want, as an American myself, you want to have confidence that your vote is going to be counted and counted accurately and that you are not being swayed by something that may not be true.” — Maggie Miller [10:56]
On the speed gap between tech and policy:
“[With] tech, cyber, anything in that space, government moves so slowly, and it’s an area where things evolve so quickly and change and new technologies are being introduced…government’s the turtle crawling along.” — Maggie Miller [26:31]
On AI’s impact on threat actor capabilities:
“Many cybercriminals are not English speaking…it's easy to spot spam emails...That's not going to be the case in the future with AI.” — Maggie Miller [27:32]
On the “cyber as geopolitical” issue:
“Cyber really is a geopolitical issue…all modern conflicts now include major cyber components.” — Maggie Miller [47:04]

Timestamps for Important Segments

Introduction & Setup: [00:01-01:44]
Campaign Cybersecurity Challenges: [03:27-06:38]
Foreign vs. Domestic Actors: [06:38-08:43]
Impact on Trust & Voting: [08:44-11:21]
Election Systems Security: [11:34-18:16]
Legal & Policy Developments: [18:39-21:30]
Disinformation & AI: [21:30-25:20]
AI Regulation Challenges: [25:20-28:06]
Global Perspective & UN Treaty: [29:02-33:36]
Presidential Transition & Cyber Policy: [33:43-37:49]
Maggie Miller’s Career Path: [38:08-42:38]
Noteworthy Reporting & Cyber “Fun Times”: [43:07-46:33]
Cyber in Modern Geopolitics: [47:04-49:14]
Closing Thoughts: [49:31-51:31]

wavePod

Understanding Cyber Threats in Elections and Infrastructure with Maggie Miller

Powered by Wave AI

Summary

Podcast Summary: To The Point - Cybersecurity

Overview

Key Discussion Points & Insights

1. Persistent Cybersecurity Challenges in Political Campaigns

2. Sources and Motivations of Election Cyberattacks

3. Election Systems and Infrastructure Security

4. Legal and Policy Responses

5. Disinformation & AI-Powered Manipulation

6. Global Perspective and Treaties

7. The Next U.S. Administration & Cyber Policy

8. The Geopolitical Dimension of Cyber

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Closing Reflections

Summary

Podcast Summary: To The Point - Cybersecurity

Overview

Key Discussion Points & Insights

1. Persistent Cybersecurity Challenges in Political Campaigns

2. Sources and Motivations of Election Cyberattacks

3. Election Systems and Infrastructure Security

4. Legal and Policy Responses

5. Disinformation & AI-Powered Manipulation

6. Global Perspective and Treaties

7. The Next U.S. Administration & Cyber Policy

8. The Geopolitical Dimension of Cyber

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Closing Reflections