A government report is criticizing the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) for not completing strategic and operational plans to address security election infrastructure. CISA was to develop and roll out a plan well before elections especially to address concerns about incident response.
The cyber risks that presidential hopefuls face goes beyond encryption and domain management at the state and local level. Protecting our election systems and voters from hacking and disinformation campaigns requires understanding how the digital ecosystem is used to target consumers with customized messages to influence their behavior. Candidates\’ websites, like all others, rely heavily on code supplied by third and Nth parties. This digital supply chain is a popular target of attacks because the digital third and Nth parties too often pay little attention to security and privacy yet can access sensitive contributor information like email and mailing addresses, employer names, and credit card details. To make matters worse, the code third parties supply to these sites aren\’t within the control of candidates\’ IT teams; they have no way of seeing the code without specialized tools and expertise. Our adversaries focus their efforts on this largely unmonitored third-party code on candidate websites/mobile apps to extract voter preferences and design disinformation campaigns. If candidate teams know and keep track of what code is doing what in their digital assets, they\’ll stem the spread of fake news that has unfortunately become part of our everyday lives.