Protecting Elections: Security Beyond the Machine

Read more about this case study here.

Consider these six examples of ways in which one can interfere with an election that doesn’t require hacking (or even trying to hack) a voting machine:

• Manipulation Through Social Media
  This is spear-phishing in its ultimate form. Election day misinformation about voting machine malfunction, voter fraud via voting technology, and options to vote via text/email/online, are aimed at discouraging voting and voters’ trust in the technology used. There are articles today suggesting the 2020 election should be done via analog means. There are also articles saying that mail-based voting is subject to major risks of fraud (even though there is no evidence for this). Providing misinformation from seemingly trusted sources has been evident across multiple social media platforms. Spreading distrust in voting security to sow doubt on election results is a likely tool that will be used. Awareness and training around specific scenarios are key to combatting this trend. 
• Hacking the Election Authority’s Computers
  Particularly in light of COVID-19, many people who would be at their desks working on all aspects of the election (including election security) suddenly find themselves in a work-at-home environment. That can severely impact their ability to monitor their networks for intrusions.
• Gain Access To Election Files That Are Stored On A Cloud Storage System 
  Many governmental agencies, including election authorities are taking advantage of so-called “cloud services” which offer internet-based storage or processing. But if not configured properly, these services can expose sensitive data—including voter registration data—to unauthorized persons. Many data breaches have been traced to misconfigured cloud storage. It’s vital to validate all cloud storage and processing situations against the risks of credential exposure and unauthorized access. It’s also vital to assure that activity logs are properly maintained for audit, review and investigative purposes.
• Gaining Access to Registration Systems
  If adversaries can cause modifications of the records created for new voters, they can modify election district data, which could send a voter to the wrong voting site, cancel a registration, or any of a number of actions that can cause chaos.
• Stealing Sensitive Personal Information
  The data in voter records is sensitive. An adversary may steal the data and release it—often on the dark web—to force the voting authority to notify voters and law enforcement about the data loss. This can fulfill the adversary’s need to cause voters to question the voting authority's integrity and security.
• Securing Your Data
  One of the most frequent forms of attack we see in our work is ransomware. If cyber criminals can access an election authority’s network, they can figure out where files are stored and sometimes even gain access to backup files. They can then launch the ransomware, encrypting election data (and possibly backing up copies of the data).

Without a secure, offline backup, organizations impacted by ransomware can be in big trouble. Affected parties may end up paying millions as a ransom to obtain the data decryption key; however, even if the ransom is received, there’s no guarantee that the decryption key (assuming one is given) will be 100% effective. After all, you’re dealing with criminals. How could you run an election with registered voter data unavailable?

Assessments and Awareness - Crucial Steps

Doing the right thing starts with having an up-to-date risk assessment and education. Without this, election authorities won’t know what risks they’re facing, how to mitigate them, and this can result in “security myopia”—only seeing those risks you’re prepared to address. Unfortunately, security myopia is something we see frequently. Having a comprehensive assessment is vital for something as important as a voting system.

It’s also crucial to recognize that our adversaries work 24 hours a day, seven days a week. If your agency isn’t capable of monitoring your entire network continuously—including the portions expanded due to work-from-home arrangements —and responding to intrusions in real-time, your data is at serious risk. For governments without the capability to implement 24x7 monitoring, consider a managed detection and response solution that can be quickly deployed and fully monitored.

Working with other election authorities is important. There are economies of scale for security and monitoring services. Sharing information on attacker activity can also provide an early warning of potential problems. Understanding how attacks are being carried out helps keep your risk assessment current and lets you know when you have to adjust your security to meet evolving challenges.
Undoubtedly, 100% security doesn't exist; this is as true for election-related systems as it is for other systems. Managing the risk through limiting access, limiting people’s access to those specific activities they need to do their job, logging activity, monitoring for threats, and recognizing the risk is vital.

The stakes for an election that can’t be accomplished or with questionable results are high. Taking the right steps can mitigate this risk and demonstrate the agency’s dedication to getting it right.