As we know, election 2020 is approaching and there are many cyber risks that come with it. Russian’s interference in the 2016 was enough to know not everyone plays fair. Their interference included misinformation, phishing attacks and hacking according to the Department of Homeland Security (DHS). Since then, election security has been included as critical infrastructure and extra protection has been implemented for the systems and processes.
Some of the extra protection include:
-Sharing timely and actionable threat intelligence
-Providing support and services
-Providing table top cyber security exercise packages
-Bi-weekly calls will be performed to touch bases on issues of the day
Cyber security and Infrastructure Security Agency (CISA) has the ability to conducted cyber security assessments on local election systems, attack detection and prevention, share information about attacks and threats, train cyber security personnel on election matters. By allowing them to perform such tasks, it can reduce officials from trying to perform an action that may not help eliminate or reduce the problem at hand which can lead to other risks. Table top exercises were created to “help increase awareness, validate plans and procedures, rehearse concepts and/or access the types of systems needs to guide the prevention of, protection from, mitigation of, response to and recovery from a defined incident”. The link below is where the table-top exercises can be found.
How they interfere:
-They phish to penetrate the state and local government systems by attempting to redirect mailing, alter voter registration data, deploy ransomware on networks in order to delay or discredit the election
-They spear phish campaign to get access to voting equipment and change the vote count
-They deface by increasing the election day registration/same-day registration requests on websites and install ransomware at state and local election offices
Ways to help:
-Get local officials to the people to help address the issues at hand
-Keep communicating what is going on between local and federal agencies to help it remain secure
-Switch from voting systems to paper records in case of an event (keep the records as back-up for audits)
-Perform audits on election results
-Use best practices (https://www.us-cert.gov/ncas/tips/ST19-002)
Voting and election infrastructure will always be a vulnerability. More states need to have paper back-up options for their ballots to help each vote count during challenging times. Officials need to ensure back-doors are not activated on machines and other election systems to help reduce the risk as well.
Americans should be concerned with election security but they should not be afraid to vote. Over $800 million dollars was set aside to help with election cyber security protection, but it’s up to the states to also to use their available resources and to ensure their systems are safe. The people need more confidence in the system and this is how you would give it to them, by ensuring the voting systems are safe and the people they voted for are put into office.
Overall, the 2016 election was filled with flaws that could have been prevented if the election systems were part of the critical infrastructure. There is always lessons to be learned as cyber security is still new to many. Who would’ve knew. Protecting the vote can mean a world of a difference. Using the DHS and the table-top resource could be extremely helpful in the 2020 election and so on. In general, officials should also obtain paper copies of ballots and keep them for auditing purposes in the event something were to happen with the election systems or process. Right now, online voting is not an option but in 5-10 years from now it could be. As of right now, mail-in ballots are available as well as being present during the November election. People please don’t be afraid to vote because we are depending on you.
References:
MillerOnCyber 