The Threats Election Officials Are Considering
What could happen as voters go to the polls this fall? “Russian hackers could target election officials working from home,” The Washington Post notes. “Adversaries could spread rumors about coronavirus outbreaks at polling sites to deter people from showing up on Election Day. Or they could launch disinformation campaigns claiming elections have been delayed or canceled entirely because of the virus.”
The University of Southern California’s Election Cybersecurity Initiative spins out those scenarios, the Post notes, and is working to “conduct virtual training programs for campaign and election officials across all 50 states before November.”
“Security concerns now are more urgent in almost all cases because the virus has really exacerbated security issues,” Adam Clayton Powell III, the initiative’s executive director, tells the Post. “It’s not an abstraction. It’s very real for people that they’ll have to do this work in a more urgent climate than they anticipated.”
The USC group is holding shorter videoconferencing sessions for election officials than it did in person but is getting a larger audience, with online trainings getting an average of about 200 attendees versus about 100 for the in-person ones, Powell tells the Post.
How to Guard Election Infrastructure
States have been busy working with DHS’ Cybersecurity and Infrastructure Security Agency to help safeguard their election infrastructure. And DHS’ “tabletop in a box” exercises help state and local officials explore various scenarios to help states prepare to defend their networks.
Such scenarios may include news and social media manipulation, spear-phishing campaigns, disruption of voter registration information systems and processes, denial of service attacks and web defacements, malware infections on electronic voting machines and election management system software, and the exploitation of state and county board election networks. “A pretty broad example would be, you show up on Election Day and you don’t have internet access,” Robert Giles, director of the New Jersey Division of Elections, tells radio station NJ101.5. New Jersey ran the tabletop exercises in all 21 of its counties last September. “There will be cyber incidents, police/fire-type incidents, natural disaster incidents.”
New Jersey officials used $9.8 million obtained through Help America Vote Act provisions to pay for the exercises, another example of state-federal cooperation. The training “is an extraordinarily good thing,” Christine Hanlon, clerk for Monmouth County, N.J., tells NJ Spotlight. “This is forcing all election officials to deal with scenarios we may not have planned for. It’s critically important that we are prepared, and if it’s not in our plan, we need to add it.”
State and local election officials need to avail themselves of such training whenever possible and practice different scenarios with their staff. The fact that more of these trainings are now being held virtually should make it easier for officials to attend.
The national security blog Lawfare notes that election officials need to focus on “stress-testing and auditing existing digital election infrastructure … without a map of trouble spots, election officials will be blind to their risks in the critical months ahead.”
Additionally, “if digital election infrastructure is expanded or changed, security and resiliency measures should be an integral part of its design, not introduced after the fact.”
The blog also notes that DHS has resources to “help detect and secure digital infrastructure flaws” and that “election officials must seek out these resources early and often in the coming months.”
Election security concerns are evolving and growing more complex. State and local officials, in coordination with federal partners such as DHS, need to step up their game in the coming months to ensure a secure vote in November.