Suppose Russia or Russia-backed hackers launched an attack in the days or weeks before the November election, disrupting power or voting systems in a close electoral state like Florida or Ohio, for example? One expert says it's not science fiction.
"You could absolutely do it," said Robert Lee, CEO of the infrastructure security firm Tragos, and a former cybersecurity analyst in the U.S. intelligence community. "The voting systems we use are very questionable. Look at companies that make them and the security. It would not take a significant amount of effort to influence that count. It's very concerning."
Lee should know. He helped Ukrainian security officials repair damage from a cyber-attack in December 2015 that shut down a regional power grid that provides electricity to 225,000 customers. While the attack only lasted a few hours, regaining control took weeks.
Ukrainian officials say Russia was behind the attack, which occurred just a few days before national elections. Russian troops annexed sections of eastern Ukraine and Crimea in 2014.
RELATED: Putin Lays Claim to North Pole
The Ukrainian grid was able to recover quickly because technicians could switch back to old-fashioned manual power control systems, explained Lee. That might not work if something were to happen here.
"At a big level, it's likely harder to get the American power grid down," Lee said. "But our ability to recover once we are down will take longer."
Lee said the Ukrainian power outage is one of several recent state-sponsored or believed state-sponsored attacks that have forced utilities to look beyond simple malware or anti-virus protection.
Fending off determined cyber-attackers is not much different than hand-to-hand combat.
"When it comes to nation states and funded teams, you need the active defense component, which is trained humans responding to their [cyber] environment," Lee said. "You need empowered and trained human defenders."
RELATED: Election 2016: The Problem with Polls
So how does the Obama administration respond to suspected Russian cyber-attacks? Lee says naming-and-shaming actually worked with the Chinese, which were held responsible for by the Department of Justice for hacking the U.S. Office of Personnel Management, as well as Sony Pictures.
"We saw the Chinese government change their approach and we've seen a lot less since the DOJ came out and did attribution and said 'we know it was you,' " Lee said. He added that it's important for U.S. intelligence officials and DOJ lawyers to put out all the evidence publicly about the cyber-trail if it is to be believed.
"We need the DOJ and Obama administration to feel comfortable say we have the national intelligence capabilities to determine that you hacked the DNC," he said.
The Council on Foreign Relations Harris says a relatively swift response is necessary, but that it doesn't necessarily have to be a tit-for-tat cyber-attack or sending U.S. warships to patrol off the Russian coastline.
Harris suggests that there are additional economic sanctions that could cause Putin to feel some pain. Until that happens, Russian-backed cyber-troublemakers may look for vulnerabilities in the U.S. electoral and power systems.
"This is exactly the game that Russia wants to play -- keeping administration officials up at night," Harris said. "Cyber[warfare] opens up a whole new playing field. We have to write a whole new rule book."