US is 'behind’ on stopping election disinfo threats, House candidate Madison Horn says

House candidate Madison Horn brings an atypical background to her campaign working to unseat Oklahoma Republican incumbent Stephanie Bice this November for a seat in Congress. Her cyber experience — including as a founding member of Siemens Energy’s global cyber practice and later leading Oklahoma-based cyber firm Critical Fault — makes her one of the few Capitol Hill candidates with extensive private sector experience in cyber and national security. 

After an unsuccessful Senate bid two years ago, Horn sees the tide turning for what she hopes to be her House seat starting next year. Nextgov/FCW spoke with Horn to get her take on recent cybersecurity news and learn what she wants to bring to Congress.

This interview has been edited for length and clarity.

Nextgov/FCW: We don’t hear a lot about people campaigning with cyber backgrounds. What’s your story?

Madison Horn: I am just a gal from the middle of nowhere Oklahoma, a small town called Stillwell. I grew up as a farm kid, my dad was an [agriculture] teacher. And I set the scene because it’s not as if I grew up just surrounded by technology. But what I did grow up with was this amazing community that really was facing a lot of hardships.

I moved to Atlanta, where I had many odd jobs in college because I was still a poor kid. One of them was a front desk person for a hotel. As I was trying to find my way in the world, I met a group of cybersecurity professionals that were staying at the hotel. After six months, they offered me a job in cyber, and that was almost 15 years ago. It offered me not just a professional track and not just an opportunity to be economically secure as an individual, but it gave me a sense of wanting to serve.

I started working in substations, oil and gas facilities. I mean, I’ve been in and out of too many of them to really learn how susceptible our critical infrastructure is. I followed a startup path and led ethical hacking and incident response teams. I helped lead Siemens Energy’s global cybersecurity practice, being a liaison with different three letter agencies and regulatory bodies helping to influence different legislation in the critical infrastructure space. With that, I saw a need for individuals with a tech and cyber background to be in Congress.

Nextgov/FCW: Talk specifically about your cybersecurity platform.

Horn: When elected, I will be the most credentialed cyber lawmaker in U.S. history.  I'm also a woman who is doing that in a space that is 11% women in [cyber] leadership. I think that speaks to both my determination, my breadth and my ability to move in spaces where I’m not “supposed to be successful.” 

My platform around cyber focuses on two areas that we can trickle into, which are economic security and national security. When you think about national security, we have to be thinking about the importance of securing our critical infrastructure, especially in a time where we're seeing a realignment of global powers that are looking to knock America off. And we are also seeing a rise in ransomware attacks. For personal privacy, I’m thinking about the UnitedHealth breach where we saw a third of Americans’ data being compromised, and obviously should be raising a lot of alarms.

On the economic security side, Chinese hacktivist groups have been sitting in Fortune 100 and Fortune 500 companies across the United States. What has been done to make [the companies] more resilient to ensure we’re not feeding the CCP’s research budget? Oh, and of course, you can’t remove election security, especially with Donald Trump on the ballot continuing to undermine our election system and now our criminal justice system. And what would that look like in the world of generative AI? It’s a lot to think about.

Nextgov/FCW: On election security, let’s fast-forward to November. How are we doing there? Are we prepared to face down election interference threats this year?

Horn: Do I believe in the integrity of the American election system? Yes. When it comes to physical manipulation of our elections, I believe that we are one of the most secure nations in the world. And if you don’t believe me, or if anyone wants to counter that, then they should volunteer and watch what happens at the polls and what those poll workers do. It’s pretty incredible.

Now, I think the biggest threat to our elections is misinformation and disinformation. Do I think that we’re in a position to counter that? No, I don’t think so, I think we’re rapidly behind. And that's where … we are going to have to rely on the public and private sector; they have to be working together. 70% of Americans get their news from social media. And so what are we doing to ensure that the information that is being pushed to everyday individuals is actually something that is legitimate?

I’m not an alarmist. I’m just grounded in reality. And I think that there’s an entire misunderstanding of where the general public is on what they view is in the realm of possible for what misinformation and disinformation look like. When you’re looking to create unrest to destabilize a country, then the first thing is defusing public trust. There are 60 countries that are going to be facing elections this year, more than any other time in history. And it’s at a time where we’re looking at a lot of disruptive technology. And for us to think that we have it under control at the pace in which technology is innovating I think is very, very arrogant.

Nextgov/FCW: Assume Donald Trump back in the White House next year. What cyber policies are you predicting his administration would put out?

Horn: It’s not that the change is scary. It’s the culture. Donald Trump is only concerned about Donald Trump’s power and the way that he governs is by not listening to individuals who are subject matter experts. He does not like to be challenged. He does not like to be seen as someone who is inferior or someone who makes him look weak. That is ego-based politics. And that is not how we get to the best outcomes.

He has demonized agencies, whether that’d be the State Department or the CIA or the NSA. I mean, we can talk about Chris Krebs at CISA, since Krebs was basically fired over challenging claims of election fraud. I have major concerns about [Trump] becoming president, because I think he will continue to weaken our agencies.

Nextgov/FCW: Let’s picture you in office now. What cyber legislation would you author that you’d want to get sent to the president’s desk?

Horn: It’s a big question. Let’s be honest, I’m not the silver bullet. I am the most qualified individual with a cyber background that has put their name on the ballot and is going into a Congress that is sometimes a body that lacks function and cooperation. What I can best hope for at the onset of my first term is to ensure that individuals understand that I am there to be a subject matter expert to help advise on any type of legislation that has an intersection with technology, like agriculture, manufacturing or chips. I think by positioning myself as someone who wants to collaborate … then that’s how I gain respect with a number of lawmakers, no matter what political party.

A major concern is making sure our critical infrastructure is more resilient, as I mentioned before. But the other pieces are hard for me to nail down at this point. I start at our critical infrastructure, because I think it’s the number one target right now for our nation’s adversaries. But what the landscape looks like when I get elected is a little unpredictable. And so immediate and long term areas are two very different focuses.

Nextgov/FCW: On Section 702, we just got a two year extension passed there, with a set of what the Biden administration says are solid reform measures. The next time Congress decides on it, you’d be in office. What’s your stance on the spying power?

Horn: In the way that we collect intelligence — whether that be through pervasive or potentially intrusive surveillance mechanisms — it’s something that we’re going to have to very much monitor. I think in a time of war or potential conflict, there are different lines that can be crossed. Historically, we can go back to post-9/11 and talk about the privacy failures there. I support the ability for us to gain intelligence so that we can make informed decisions on foreign policy … but I think there are flaws in that [reauthorization] bill that overstep, and I think that we need to be reflective on what we’ve done in the past. 

Nextgov/FCW: Microsoft has made recent headlines for cyberattacks targeting the federal government that its technologies have been linked to. They’ve made a push to work more with competitors in the space, but other firms are skeptical as to how far these changes will allow for better protection of federal systems. Is it time for the U.S. government to rethink its IT stack?

Horn: Microsoft, Google and Amazon are the three largest companies in this space. If the U.S. government has that concern, then we need to start having conversations around … what that means for the overarching economy and the business sector as well, because it’s not just the U.S. government that is operating on Microsoft cloud. This is a question of both economic security and national security.

We need to use this as an opportunity to upscale cloud security requirements and baselines at a regulatory level. I don’t think that we're going to solve the problem by just saying, “Hey, let’s go to a different vendor.”

Nextgov/FCW: Last question — what nation-state threats are concerning you the most right now?

Horn: China, Russia and Iran in that order. Broadly speaking on nation states and generative AI, my belief is whoever harnesses AI first is going to be the country — or countries — that define the new economic system across the globe, and I think the global value system as well. I’m gonna continue to go back and forth on critical infrastructure and what type of harm can be caused to the U.S., like even in my hometown where hospitals can be taken down or water systems can be taken offline for days. I don’t even want to open the conversation up to TikTok and social media, but I do think overall data privacy and information sharing has to be a conversation as well.