US Election Officials Told to Prepare for Nation-State Influence Campaigns

Written by

US election officials have been urged to take action to counter nation-state influence operations targeting this year’s election cycle.

The joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI), warned that Russia, China and Iran are engaged in influence operations designed to undermine confidence in US democratic institutions and shape public perception toward their interests.

These malicious cyber campaigns will be ramped up around the US elections taking place in November 2024, including the Presential Election.

The influence operations seek to amplify division, exploiting perceived sociopolitical divides across US society.

These actors use a variety of methods to conduct such operations and are experimenting with technologies such as generative AI and deepfakes to push their narratives, the agencies noted.

Read here: China Using AI-Generated Content to Sow Division in US, Microsoft Finds

How Hostile States Will Target US Elections

The advisory set out a range of tactics hostile nation-state actors are likely to use to target the US elections process this year.

The tactics expected are based on recent foreign malign influence campaigns and approaches used to target previous US elections.

  • Portraying ‘proxy’ media entities as trustworthy outlets. Foreign malign influence actors seek to make proxy media sources blend in with real media sources to increase the chance that target populations will believe their message. For example, Russia-linked proxy news sites have been observed masquerading as US local news outlets, mixing actual news reports with Russian disinformation.
  • Voice cloning of public figures. Deepfake technologies are making it easier for nation-state actors to create a fake recording of a public official or figure to falsely attribute statements to them.
  • Cyber-enabled information operations. Nation-state attackers have been observed coordinating information operations and cyber intrusions, such as compromising an IT system to steal sensitive internal documents, then publish those documents as ‘leaks.’
  • Manufacturing false evidence of an alleged security incident. Foreign threat actors can create and spread false ‘proof’ of cyber or physical incidents to create alarm. For example, Chinese influence actors spread fabricated documents alleged hacked from Taiwanese government systems to try and influence Taiwan’s 2024 elections.
  • Pay influencers to push their message. Nation-states will pay established internet entities, such as online influencers with an existing follower base, to push content aligned to their influence goals. The influencers in question are often unaware of the requestor’s origin.
  • Leveraging social media platforms. Fake social media accounts and personas are often created to spread disinformation and engage with other users on these platforms. These personas are sometimes intended to infiltrate targeted online communities and develop their own following.
Foreign malign influence tactics at a glance. Source: CISA
Foreign malign influence tactics at a glance. Source: CISA

How to Counter Influence Election Influence Operations

CISA, the FBI and the ODNI urged election officials and other election infrastructure stakeholders to take a number of steps to mitigate the impacts of such influence campaigns on election operations.

Read here: Only 4% of US States Fully Prepared for Cyber-Attacks Targeting Elections

Educate the Public About Trusted Sources and Disinformation

Election officials should get ahead of foreign adversaries’ efforts by proactively warning about the tactics used. Election staff should also be trained on how to respond to suspected AI-generated media, including mechanisms for notifying the organization about this activity.

Audiences should be directed to official websites and trusted sources of information via both traditional and social media communication activities.

Election officials should also establish relationships with local media and community leaders to amplify accurate information proactively and in the event of an incident.

Protect All IT Systems and Accounts from Compromise

Public officials are advised to consider making their personal social media accounts private to reduce malicious actors’ access to their image or voice. Personal and organizational social media accounts should also have the strongest security and privacy controls in place, and personally identifiable information should be removed from profiles.

Best practice cybersecurity measures like multifactor authentication (MFA) and email authentication protocols should be in place for all types of accounts.

Non-repudiation and authentication techniques, such as watermarks, should be utilized for public-facing content to mark it as verifiably originating from the organization in question.

Educate Voters and Election Staff 

Election infrastructure entities should create opportunities for voters to learn about the elections process and actions being taken to ensure its security and integrity.

Voters should also be urged to verify the sources of any resources before sharing them, including being aware of the potential for AI-based impersonation.

Influential figures should be educated on how their personal and professional social media presence may be targeted to spread foreign malign influence content.

What’s hot on Infosecurity Magazine?