The Nature of the Election Security Threat
Election administrators and cybersecurity officials say that one of the main threat vectors is obviously external attacks, including those from nation-state actors.
CISA is working with 8,800 election jurisdictions to put in place risk assessments and other cybersecurity procedures, CISA Director Chris Krebs said in February at the 2020 RSA conference, according to Government CIO. The agency is still emphasizing paper backups for voting machines but is also pushing state and local agencies to implement security protections for voter registration databases.
“We tried to figure out where the risk really is across these systems,” Krebs said. ”What we discovered, not surprisingly, is the areas where information is centralized, and it’s highly networked — that’s where the risk is. And where is that? Voter registration databases.” Krebs warned that the threat of ransomware attacks against voter registration databases is a key concern, according to Business Insider. CISA is working with state and local law enforcement to combat the threats. “We can figure this out together,” he said at the RSA conference, Business Insider reports.
Election officials need to make sure that they are protecting their data centers with next-generation firewalls and packet-level inspection to ensure that malicious actors are not getting through.
Another element of the threat is insider attacks. Even the best defenses can’t guarantee security against insider threats.
How DHS and Other Partners Can Help
DHS and others are offering clear solutions to these threats.
As Politico reports, newly proposed voluntary voting system guidelines from the U.S. Election Assistance Commission advisory group will “require voting machines and ballot scanners to be air-gapped from networked devices, such as e-poll books that access voter registration databases.”
In addition to cybersecurity assessments and information sharing, CISA can provide services such as Continuous Diagnostics and Mitigation services. CDM “enables network administrators to know the state of their respective networks at any given time, thus reducing the attack surface of their networks; informs on the relative risks of threats; and makes it possible for system personnel to identify and mitigate flaws at near-network speed.”
CISA also offers intrusion detection and prevention services through approved service providers; incident response, management and coordination activities for cyber incidents occurring in the critical infrastructure sectors; and dynamic analysis of malicious code.
Another way to combat insider threats is through an approach known as Security Management Infrastructure, a modular security approach that combines incident detection, analysis, correlation and reporting; behavior analysis; intrusion detection; autonomous collection, analysis and reporting; and continuous monitoring of key assets.
A dashboard summarizes security events, risks and alerts in real time and gives security analysts constant visibility into an agency’s network. The solution can alert analysts to any deviation in user behavior or system security so that analysts can respond quickly.
All state and local election officials need to be on alert ahead of November. Thankfully, they have a clear and capable partner in DHS and in private sector vendors.
Neil Jenkins, the chief analytic officer at the Cyber Threat Alliance, notes that “election officials are in a much better place in 2020 than they were in 2016.”
“It takes time to build partnerships and trust,” Jenkins says. “DHS has worked hard to be responsible stakeholders with the election community, and election officials are doing everything they can to improve their security and resilience in combination with the federal government and the EI-ISAC.”