With the 2018 midterm election less than three weeks away, it is clear that while state election officials and their counterparts at the county level have taken steps to increase cybersecurity protections ahead of the vote, more needs to be done to enhance voting machine security.
States have increased their investments in cybersecurity measures for their election IT systems, including purchases of multifactor authentication, perimeter sensors, email filtering and monitoring, threat scanning, information sharing systems and more. Yet as The New York Times points out, many voting machines and the infrastructure used to program them remain vulnerable, and the machines can still be accessed via connections they use to transmit voting totals after the polls close.
And, as CNET notes, many of the election security investments states have made in the wake of the 2016 election will not materialize in time to bolster security before Election Day on Nov. 6.
There are still measures that state and local governments and election offices can make to enhance voting machine security, both for the midterms and for future elections, according to cybersecurity experts. Government officials can invest in network segmentation tools to cut off voting machines and associated servers from the wider internet and other parts of agencies’ networks. They can also invest in next-generation firewalls and other security services to bolster voting machine security.
The stakes could not be higher, as nothing less than the integrity of democratic elections hangs in the balance. Malicious actors may have different goals in attacking voting machines and election infrastructure, says Patrick Sullivan, director of security technology and strategy at content delivery network company Akamai Technologies.
They could be targeting voter registration lists to remove citizens from voter rolls, or trying to change voting outcomes, which is more difficult to do. Attackers can also target election websites with denial of service attacks to take the sites offline as voting totals roll in, he says. In the end, though, even if they do not change the outcome, the attacks can create uncertainty and undermine the elections’ integrity.
“All that an adversary needs to do is to increase some level of uncertainty about an election, that is easier to do,” Sullivan says. “Depending on those goals, you have to do more and more to achieve them. If you can compromise or release embarrassing information about a candidate, that undermines the confidence.”
Network Segmentation Can Enhance Security for Voting Machines
Sullivan notes that “anything that is online carries with it some level of risk,” and that network segmentation — the process of splitting a computer network into subnetworks, each of which is a segment —is “critical” when it comes to voting machine security.
Glenn Angstadt, CIO of Chester County, Pa., said earlier this year at the National Association of Counties’ 83rd Annual Conference and Exposition that a key piece of election security is separating — or “air-gapping” — critical infrastructure from the public internet. He noted that the county has a setup of four workstations and one server for counting election votes, and those systems are not accessible except from a local network.
Chester County does need connectivity to the internet to connect with the Pennsylvania Secretary of State’s office, Angstadt said. The county has developed a “high-technology thumb drive” that staff plug into the Election Staff Management System server to extract information, and then plug into an internet-connected device that is used one time to transmit the data. The drives are then disposed of, so “after that, nothing else is getting back into the voting processing system.”
“If you look at the pattern of breaches, seldom does the attacker land on the device with the crown jewel of data they want to compromise,” Sullivan adds.
“There is almost always some element of lateral movement,” as attackers target agency employees with phishing and social engineering tactics, get a foothold on a laptop and move across internal networks from there, he says. Network segmentation makes it more difficult to move from that initial target to other parts of the network and compromise voting machines connected to internal servers.
Karen Scarfone, the principal consultant for Scarfone Cybersecurity (and a StateTech contributor), says that network segmentation “is a valuable technique for protecting devices with different security postures.”
Voting machines should be on physically or logically separate network segments used for voting machines only, according to Scarfone, and next-generation firewalls “should be used at segment boundaries and configured to allow only the network traffic that is required.”
“By doing this, the voting machines are mostly isolated from all other devices, and this greatly reduces the opportunities for attackers to reach them,” Scarfone adds. “It also makes it much easier to monitor the network activity for just the voting machines and find anomalies. Network segmentation is a cost-effective technique for protecting voting machines.”
Sullivan said that Akamai sees network segmentation for voting machine security as “a half step to where you ultimately want to go,” which is zero-trust networks. Such architectures dissolve the elements of trust entirely; rather than having a group of different network segments, it assumes there is no trusted internal network segment. Any device connecting to a network asset must be verified. As Palo Alto Networks notes in a post on its website, under zero-trust, organizations adopt a least-privileged access strategy and strictly enforce access control.
Election authorities are unlikely to implement a zero-trust architecture for this election cycle, Sullivan says, since it can be difficult to set up, but should do so as a long-term solution.
Next-Generation Firewall Protection for Voting Machines
Next-generation firewalls also provide an avenue for agencies to protect voting machines.
As Jesse Wiener, an inside solutions architect for CDW’s security practice, notes in a CDW blog post, next-gen firewalls have features such as user identification, URL filtering, intrusion prevention systems, malware prevention and application identity and control.
IT security admins can use NGFWs to ensure that only the traffic that needs to pass to and from voting machines does so.
“Today’s best next-generation firewalls provide security beyond the perimeter, incorporating web application firewalls and internal segmentation firewalls to drive security deep into the network,” Jeff Jennings, national SLED practice director at Fortinet, writes in GCN. “This ensures government networks protect applications and secure networked resources across the distributed network, even into the cloud, while isolating sensitive voter information as it moves across the network.”
One of the unique challenges with elections, Sullivan says, is that like Super Bowl Sunday, the event involves spinning up a lot of infrastructure for a short period of time and then shutting it down. Next-gen firewalls need to be installed and can require a “pretty heavy learning curve” on election agency IT teams, which might not have security specialists, Sullivan says.
How Governments Can Secure Voting Machines Now
Given that architectural changes may take longer to implement, Sullivan says election agencies can turn to cloud-based security services that can be spun up just for the election and immediate aftermath, and for things like testing and normalizing network traffic.
Through the end of the 2018 election cycle, Akamai is providing its Enterprise Threat Protector with Akamai Cloud Security Intelligence service to election agencies on a pro bono basis. The service looks at the Domain Name System protocol requests for election sites and compares those requests to the intelligence Akamai has gathered by looking at trillions of such requests per day to determine if it is benign.
The service is also designed to protect election agencies from phishing attacks, provide data protection, and guard against malware accessing external command and control servers to tamper with election data.
Other companies are also offering cloud-based security tools to election officials. McAfee, via its Skyhigh Networks unit, announced in August that it would offer 12 months of free cloud-based free security services to election offices in all 50 states. The offering, McAfee Skyhigh Security Cloud, provides state election officials with a no-cost data security, monitoring, auditing, and remediation solution for their Infrastructure as a Service and Software as a Service environments.
Sullivan called the threats to elections “very real,” but said the flip side is that increased awareness of the threat has led to greater security enhancements. “We’re in a much better spot now,” he says.