There have been multiple reports indicating that adversaries want to interfere with U.S. elections, with the most sophisticated attacks targeting the computer systems of election authorities and leveraging “troll farms” and “bots” to foment political unrest on social media platforms. Given the discussion that HBO’s documentary “Kill Chain: The Cyber War on America's Elections” has generated around the security of our voting machines, we sought to expand the conversation toward a larger set of considerations needed to reinforce our democratic election process.
Our adversaries understand that the voting machine is only one link in the chain of systems and events that go into carrying out an election. And, they have been attacking our elections for more than a decade as you see in the video below. The video discusses our engagement during the 2008 U.S. presidential elections:
Read more about this case study here.
Consider these six examples of ways in which one can interfere with an election that doesn’t require hacking (or even trying to hack) a voting machine:
Without a secure, offline backup, organizations impacted by ransomware can be in big trouble. Affected parties may end up paying millions as a ransom to obtain the data decryption key; however, even if the ransom is received, there’s no guarantee that the decryption key (assuming one is given) will be 100% effective. After all, you’re dealing with criminals. How could you run an election with registered voter data unavailable?
Doing the right thing starts with having an up-to-date risk assessment and education. Without this, election authorities won’t know what risks they’re facing, how to mitigate them, and this can result in “security myopia”—only seeing those risks you’re prepared to address. Unfortunately, security myopia is something we see frequently. Having a comprehensive assessment is vital for something as important as a voting system.
It’s also crucial to recognize that our adversaries work 24 hours a day, seven days a week. If your agency isn’t capable of monitoring your entire network continuously—including the portions expanded due to work-from-home arrangements —and responding to intrusions in real-time, your data is at serious risk. For governments without the capability to implement 24x7 monitoring, consider a managed detection and response solution that can be quickly deployed and fully monitored.
Working with other election authorities is important. There are economies of scale for security and monitoring services. Sharing information on attacker activity can also provide an early warning of potential problems. Understanding how attacks are being carried out helps keep your risk assessment current and lets you know when you have to adjust your security to meet evolving challenges.
Undoubtedly, 100% security doesn't exist; this is as true for election-related systems as it is for other systems. Managing the risk through limiting access, limiting people’s access to those specific activities they need to do their job, logging activity, monitoring for threats, and recognizing the risk is vital.
The stakes for an election that can’t be accomplished or with questionable results are high. Taking the right steps can mitigate this risk and demonstrate the agency’s dedication to getting it right.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Proactively identify vulnerable systems and devices that may be exploited by an attacker or malicious software, often resulting in data loss or breach.
Kroll's data privacy team provide DPO consultancy services to help you become and stay compliant with regulatory mandates.