Mar 30 2020

How to Get Ahead of Election 2020 Security Threats

Ransomware attacks, disinformation campaigns and nation-state attacks threaten the November election.

With the first waves of 2020 election primaries behind us, state officials continue to face the question of whether their election systems are prepared for looming cybersecurity threats.

Foreign threat actors have shown again and again their interest in undermining one of the most sacred rights Americans hold: the vote. In Florida, it’s been reported, Russian interference in voter roll systems had the potential to alter results during the 2016 midterm elections. In Illinois, media reports show,  there’s evidence that hackers working for Russian military intelligence installed malware on the network of a voter registration technology vendor that year. In fact, all 50 states’ election systems were targeted by Russia in 2016, according to a July 2019 report from the U.S. Senate Select Committee on Intelligence.

Security experts have seen a number of potential threats to the 2020 elections, namely a significant increase in ransomware attacks, continued disinformation campaigns and more aggressive nation-state attacks within regions outside the United States.

States Need to Make Security Enhancements Now

A proactive approach will help states know their adversaries, put in place secure processes and technology, and deliver assurances to the voting public. So, how can they prepare for these potential threats?

First, state agencies need to have a clear handle on the current status of their critical election infrastructure. As demonstrated in Georgia, election ­officials must ensure that a state’s voting machines are secure or face potential lawsuits by voter advocacy groups.

Knowing the adversaries and understanding the ways attackers may breach systems will ultimately help states stop them. Election officials should also communicate the importance of identifying problems across state departments so that all vital agencies are engaged.

Another way to ensure a state is prepared for potential problems is to test existing election security plans and build and maintain a culture of continuous vigilance. Relying on an assessment may give a good baseline, but continuous improvement, exercises and education help to handle and respond to threats.

State governments need to have a rapid response plan. Knowing how to react before an attack occurs can be the key to stopping an intruder and preventing a nightmare scenario for a state. This strategy will go a long way in pinpointing flaws in the system and will allow state election officials to guarantee protections are present before a problem occurs.

To gain the upper hand against threat actors, states must also commit to the crucial act of modernizing election infrastructure. Talking with technology vendors and private sector peers can be the first step in modernization.

Finally, states shouldn’t assume their only resources for these vital protections are strained state budgets for election security upgrades and preparedness.

There are many opportunities for state governments to obtain low- or ­no-cost support and resources through the federal government. The 2002 Help America Vote Act provides financial assistance to states to strengthen their election infrastructure against today’s threats. In addition, the Cybersecurity and Infrastructure Security Agency also provides no-cost services to states, such as access to cybersecurity personnel, cybersecurity assessments and cyberthreat hunting.

READ MORE: Check out this infographic to discover how to protect election data and voter information.

States Get a Funding Boost fo Election Security 

To help relieve those strained state budgets, Congress recently approved $425 million in additional election security funding  that will give states flexibility in how to use the money. This funding will allow states to further invest in election security protections, personnel and systems ­— upgrading security and training staff. The move, a continuation of HAVA, will help states assess critical election infrastructure, replace aging voting equipment and conduct audits after elections occur.

As we look to Nov. 3, 2020, we must remember one thing: The single most important factor to a peaceful transfer of power is confidence in the results of the election.

Maintaining the integrity of our election process goes beyond technology itself. It is more akin to approaching the topic as an emergency management and response issue. The threat to our voting system is real, and states must act now to mitigate — and hopefully prevent — a threat to the nation on Election Day.

adamkaz/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT