Election security has been a key issue since the run-up to the 2016 U.S. presidential election. Over the past three years, many states have taken aggressive actions to strengthen their election infrastructure to provide enhanced security and resiliency for the 2020 primary and general elections. The global COVID-19 pandemic has added a new layer of complexity as local election authorities consider how to protect voter registration systems and rapidly pivot to a massive increase in the mail-in and absentee voting. The prevalence of election officials working from home and accessing election systems only expands opportunities for bad actors to disrupt or cause a loss of public confidence in the election system.
Election security issues range from direct threats, to the vote tally itself, to disinformation and influence operations by foreign actors. As of June 2019, we have not observed threat actors successfully altering vote tallies or results in any US election. That is the good news. The bad news is we know there are threat actors out there actively trying to influence U.S. voters, and by extension, the outcome of elections. The impact from the pandemic only exacerbates this concern.
Election security threats should be looked at as an ecosystem categorized into three principal layers. Each layer is equally important but is targeted in different ways by those trying to collect intelligence, target data, and impact the confidence of American voters. This impact would give threat actors precisely what they are looking for — the power to sway a vote or extend a political agenda. Each layer also has its own unique set of information technology, processes, and related risks that must be accounted for when planning for a robust defense.
The inner, and most critical segment is the voting infrastructure layer. This layer encompasses all of the systems and technology directly supporting the casting, recording, tallying, management, and certification of votes. The targeting of this infrastructure is the most concerning because it could have a direct impact on both the integrity and availability of the voting process. Fortunately, given the federated and generally segmented nature of voting systems in the U.S., there is a its limited attack surface presented to threat actors. Modifying or preventing the casting of enough ballots to change the outcome of national election undetected would be extremely difficult. Although we haven't directly seen vote tallies altered by malicious actors in U.S. elections, that doesn't mean they have not been trying. The U.S. Senate Intelligence Committee report on Russian targeting of U.S. election infrastructure stated that they observed adversaries conducting vulnerability scans targeted at election systems in every single state in the U.S. during the runup to the 2016 election. The larger systemic risk at this layer is an erosion of public trust in the voting process and the integrity of the results if these critical systems cannot demonstrate consistent and sustained security and resiliency against cyberattacks.
The second layer of the election ecosystem are the organizations and systems involved in supporting elections. These include infrastructure such as voter registration systems, and boards of election and election commission networks. For any adversary who intends to disrupt or influence elections, these government administrative networks represent the next most direct and impactful targets of opportunity. In the past, state and local officials, electoral registers, and commissions have all been targeted by actors in attempts to disrupt elections. While such compromises may not provide access to properly segmented election systems, threat actors compromising institutions affiliated with elections have the potential to disrupt pre-election and election day activities and more deeply damage the public's faith in the electoral process should news of such intrusions become public. Beyond the threats from nation state actors, U.S. officials are publicly concerned about the effect ransomware attacks might have on the 2020 presidential elections, as the threat from criminals utilizing disruptive malware continues to impact state and local governments.
The third and most exposed layer of the election ecosystem represents all of the individuals and organizations with some stake in the political campaigning process, from social networks and news organizations to donor groups and political parties. Threat activity that has historically been observed in this segment has included cyber espionage — and in some cases the purposeful leaking of the data obtained in that manner — as well as disinformation campaigns. While far removed from altering actual systems that votes are cast or tabulated on, this sort of threat activity presents opportunities for malicious actors to attempt to influence public perception and guide a narrative which they hope will amplify a particular message or divide voters on crucial issues, This layer is often forgotten or much less visible to voters and the media, and yet can have an impact on their decisions inside the polling booth. If threat actors can successfully manipulate information so close to the election that there isn't enough time to authenticate fabricated content being disseminated, irreversible damage may be done. Even if our adversaries are not directly successful, the fallout from foreign manipulation (actual or perceived), can have major consequences to both policy and public discourse for years after the election.
The seriousness of this threat transcends politics or policy disagreements. All stakeholders in the democratic process, from state and local election officials, to federal support functions, to campaigns and parties, have limited time and resources to adapt given new challenges posed by COVID-19. To best secure the U.S elections this year we must take an approach that understands the same threat actors and sponsors may target multiple parts of the ecosystem. Similarly, election security is not about a single candidate or one party over another. All sides are targets. This is about an attempt to divide and erode democratic institutions and confidence in our voting process. There is an urgent need to defend our democracy against these disruptive and divisive attacks. We are all much more aware and educated about the risks and threats facing our elections than we were four years ago. With a concerned and focused effort, we can ensure a safe, fair, and free election for all Americans.
Ron Bushar is a cyber security leader with over 20 years of experience in cyber defense operations, cybersecurity consulting, and incident response services in both the government and commercial sectors. Currently, Mr. Bushar serves as senior vice president and chief technology officer for government solutions at FireEye. In this role, he leads a global team of cyber experts who protect critical missions, infrastructure, and national security interests worldwide.