Facebook's ex-security chief Alex Stamos has warned that it is now "too late to protect the 2018 elections."

Stamos was in charge of Facebook's response to Russian hacking and meddling during the 2016 election, and he says it now risks happening again.

The security executive, in his first public statement since leaving the company, was highly critical of the US response to Russia's actions.

Over countries are likely to follow in Russia's footsteps, he said, and laid out four steps he believes the US should take in response.



Former Facebook security chief Alex Stamos has issued an explosive warning about the threat of further election interference and hacking, arguing that it is now "too late to protect the 2018 elections" and that the United States "risks allowing its elections to become the World Cup of information warfare."

Stamos is in a good position to know: He led Facebook's response to Russian meddling during the 2016 US presidential election,

Breaking his silence for the first time since leaving Facebook earlier this month, the high-profile executive attacked inaction by American lawmakers in response to the Russian activity in a column in legal publication Lawfare, and laid out the steps he believes are necessary to safeguard elections.

"In some ways, the United States has broadcast to the world that it doesn’t take these issues seriously and that any perpetrators of information warfare against the West will get, at most, a slap on the wrist," Stamos wrote. "While this failure has left the U.S. unprepared to protect the 2018 elections, there is still a chance to defend American democracy in 2020."

The 39-year-old security professional argues that while Russia pioneered information warfare techniques in 2016, its "playbook" is now publicly available for other nation-states and malicious actors to follow, with potentially devastating results.

Russian agents infamously used Facebook to spread misinformation and sow division in America in the run-up to the 2016 election, in support of their favored candidate, Donald Trump — as well as attempting to hack Democratic Party figures and leaking their emails.

By most accounts, the Silicon Valley company was blindsided by the covert efforts. Its executives, including CEO Mark Zuckerberg, have since said they had focused on traditional security threats like hacking but hadn't sufficiently considered how their platform could be misused.

There have since been further disclosures of influence campaigns being run on Facebook following the election with targets around the world, including four campaigns that Facebook announced discovery of this week operated by Iran and Russia.

Stamos warned that if meaningful steps are not taken, there could be more election-related hacking and influence campaigns to come: "There are many other U.S. adversaries with well-developed cyber-warfare capabilities, such as China or North Korea, that could decide to push candidates and positions amenable to them—including those supported by Democrats and opposed by Republicans.

"There are also domestic groups that could utilize the same techniques, as many kinds of manipulation might not be illegal if deployed by Americans, and friendly countries might not sit idly by as their adversaries work to choose an amenable U.S. government."

Stamos, who is now joining Stanford University, laid out four steps he argued America should take to safeguard itself:

" Congress needs to set legal standards that address online disinformation,"

"The United States must carefully reassess who in government is responsible for cybersecurity defense."

"Each of the 50 states must build capabilities on election protection."

"Americans must demand that future attacks be rapidly investigated, that the relevant facts be disclosed publicly well before an election, and that the mighty financial and cyber weapons available to the president be utilized immediately to punish those responsible."

Got a tip? Contact this reporter via Signal or WhatsApp at +1 (650) 636-6268 using a non-work phone, email at rprice@businessinsider.com, WeChat at robaeprice, or Twitter DM at @robaeprice. You can also contact Business Insider securely via SecureDrop.

Now read: