Protect elections by prioritizing public awareness of cyber defenses


As state and local governments prepare for the primary and general election, Chief Information Security Officers face an increased risk of cyberattacks, as well as rising levels of misinformation and foreign interference. The Cybersecurity and Infrastructure Security Agency’s Election Protection Cybersecurity Toolkit is a collection of tools to help state and local election officials use the skills they already have to improve their cyber resilience. However, the threat of misinformation, misinformation, and malinformation (MDM) poses both a communications and cyber challenge.

At this point in the election cycle, when time and resources are running out to implement new cyber technologies, state and local politicians must work with what they have – and what they have is enough to focus on, the electorate inform site about the measures to ensure the integrity of voting. It’s important to do this before adversaries and cybercriminals claim to have attacked election infrastructure and altered votes or even election results.

In the short term, raising public awareness of cyber defenses through “pre-bunking” or preemptively debunking false claims can help prevent MDM campaigns from gaining public traction.

The growing threat of misinformation, disinformation and misinformation

In recent years, foreign opponents have escalated their efforts to disrupt the democratic process, using MDM campaigns to cause chaos, confusion and division and undermine confidence in the security of state and local elections. With the continued threat of ransomware attacks from state actors and cybercriminals, CISOs are under pressure to build voter confidence in the integrity of the voting process. These threats can be daunting for local governments trying their best with limited cyber and budgetary resources.

Cybersecurity measures are often categorized into people, process, and technology. There are several security technologies and processes, such as Zero Trust network access, that state and local governments can implement to protect their systems from attacks – both on election day and every other day of the year.

However, many states have already spent much or all of the federal funding allocated to them under the Help America Vote Act. With no funds earmarked for election security in last year’s Infrastructure Investment and Employment Act, and pending guidance from CISA on how state and local governments can use the IIJA’s cyber grants, further investment in cybersecurity technology will likely have to wait until a future election cycle .

With just a few weeks to go before the midterm elections, process-oriented measures such as cybersecurity training for election officials and public communication on existing cybersecurity measures, as well as institutional and procedural measures to ensure governments’ election security posture are expected to produce greater improvements in election integrity.

The evolving landscape of election security

The threat to US election infrastructure has changed significantly in recent years, and state and local cyber and IT leaders need to get their message to the public in kind.

Attacks on electoral infrastructure can be perpetrated by a range of threat actors with different motivations. Some, like the 2016 Democratic National Committee hack and Hillary Clinton’s presidential campaign to steal and leak secrets, are attacks on American democracy perpetrated by hostile, state-sponsored groups who typically pose as criminals or cyberactivists (“hacktivists”) camouflage.

Other attacks target the type of personal information contained in election databases, making them attractive to cybercriminals for purposes such as identity theft or fraud. For example, in August 2016, a security flaw in Georgia’s voter registration database left the records of more than 6.7 million people vulnerable to cyberattacks and data breaches. After an attack on the 2016 California primary, cybercriminals gained access to voter registration data and changed voters’ party affiliations, preventing some voters from voting and creating chaos and confusion in the election.

Lessons learned from these attacks have informed the agencies’ evolving approach to best practices for election security. Today’s election cybersecurity tools focus not only on ensuring that voter data is safe and that any changes are recorded unalterably, but also on presenting these safeguards to the public.

Build trust with voters

To counter MDM and increase public trust in elections, CISA and the Election Integrity Information Sharing and Analysis Center recommend using the TRUST model:

Tell your story, prepare your team, understand and assess MDM, plan for response and track results. When it comes to addressing voter concerns about cyberattacks on the midterm elections, much of that work can be done in advance.

Agencies must attempt to shape the cyber narrative by promoting their adherence to established cybersecurity protocols, best practices, and the use of security technologies with strong anomaly detection, tamper protection, and audit capabilities. They must demonstrate that they use the full spectrum of people, processes and technology to protect the voting process and voter information.

In addition to preparing their cyber defenses and teams, government CISOs should be prepared to communicate these capabilities to the public year-round, not just as election season approaches. They should anticipate the types of claims threat actors might make and work to anticipate them with a clear and consistent response—both internal to their employees and external to their constituents. Finally, they must provide clear post-election reporting to support the message of transparency and integrity of the election process and outcome.

For example, a jurisdiction deploying an audit trail firewall and anti-tampering technology is well positioned to counter an MDM campaign that suggests that voter registration information has been altered to include voters in the list or to alter the content of the counted ballots. Before threat actors have a chance to sow doubt in the community, a CISO or election official can lay out what an attacker cannot do given the jurisdiction’s cyber defense capabilities and repeat that message throughout election season.

Combating MDM has become a key security concern to ensure the integrity of our elections. Foreign opponents have found that conducting MDM campaigns is more effective than actually conducting successful cyberattacks on electoral infrastructure. By prioritizing public awareness of cyber defenses and communicating and validating the processes and technologies that underpin election security, state and local cyber leaders can thwart malicious foreign interference before it can prevail.


About Author

Comments are closed.