News reports last week revealed that US national security officials say Iran and Russia are responsible for sending threatening emails to Democratic voters ahead of next month’s presidential election.
According to the news, Russians are breaking into state and local networks and exfiltrating data, while Hall County in Georgia has reported the first known ransomware attack on election infrastructure during the current election cycle. The FBI and CISA reported in a joint statement that Russian state-sponsored hackers obtained user and administrator credentials to target the computer networks of state and local governments, successfully infiltrating data from at least two victim servers.
What’s more, after initially disclosing that an attack from earlier this month had hit “critical systems within the Hall County Government networks,” Hall County in Georgia has revealed that the ransomware attack has impacted election infrastructure, affecting a voter signature database and voting precinct map hosted on the county’s website.
More information: https://www.bbc.co.uk/news/election-us-2020-54640405
A cyberattack affecting election infrastructure this year was inevitable, and the incident in Georgia validates the concerns held by many about threat actors interfering with voting systems. This doesn’t come as a surprise, but should act as a warning for both government officials and voters that incidents like this one are a real threat to the integrity of elections. Given the proximity of this attack to the election, it’s safe to assume that other attacks are in the works that we simply aren’t aware of yet – it’s a hallmark of ransomware operators to capitalize on fear, and the heightened level of tension leading up to the election is a perfect storm for these gangs to maximize their payouts.
It isn’t too late for government IT and security pros to take proactive action to minimize disruptions on election day. Tightly integrating cybersecurity with backup and disaster recovery will be key to keeping election systems up and running. Protecting backups with the same integrity as election systems themselves will ensure they remain clean and accessible, which is particularly important in time-sensitive situations like a presidential election. Missing or inaccessible votes simply aren’t an option, so those tasked with protecting this critical data must be prepared with a ransomware response plan now.
We know that voting machines are vulnerable to foreign interference and manipulation. The 2016 election, of course, saw Russian nation-state meddling, and today’s news has revealed they are attempting to interfere once again. In 2019, cybersecurity researchers gathered to test the security of 100 voting machines, and every single device was compromised in some way. Some took minutes, some took hours, but they were all vulnerable. In addition, there isn’t a consistent managed environment for election support — it’s built up and torn down for each election. Combined, this paints a potentially grim picture for this year’s elections.
While Congressional funds are available for states to use to replace outdated, vulnerable machines, we’re seeing a long term underinvestment from the government. What we have now is too little way too late and should have started post-2016. These funds simply are not enough to cover the vast number of machines that need to be replaced.
In the long term, existing machines need to be replaced with more modern units that employ methods that allow the unit to be monitored when strange or likely adversary behaviour occurs. Government entities must also standardise and improve their email security posture. While the voting machines are only around periodically, state and local email is often left unprotected and outdated consistently. They should be running adaptive authentication at minimum. We also think security audits on voting should be mandated — whether at the state or national level — and believe there should be traceability from the voter, the vote and the candidate/topic.
We know that voting machines are vulnerable to foreign interference and manipulation. The 2016 election, of course, saw Russian nation-state meddling, and today’s news has revealed they are attempting to interfere once again. In 2019, cybersecurity researchers gathered to test the security of 100 voting machines, and every single device was compromised in some way. Some took minutes, some took hours, but they were all vulnerable. In addition, there isn’t a consistent managed environment for election support — it’s built up and torn down for each election. Combined, this paints a potentially grim picture for this year’s elections.
While Congressional funds are available for states to use to replace outdated, vulnerable machines, we’re seeing a long term underinvestment from the government. What we have now is too little way too late and should have started post-2016. These funds simply are not enough to cover the vast number of machines that need to be replaced.
In the long term, existing machines need to be replaced with more modern units that employ methods that allow the unit to be monitored when strange or likely adversary behaviour occurs. Government entities must also standardise and improve their email security posture. While the voting machines are only around periodically, state and local email is often left unprotected and outdated consistently. They should be running adaptive authentication at minimum. We also think security audits on voting should be mandated — whether at the state or national level — and believe there should be traceability from the voter, the vote and the candidate/topic.