What Can We Learn About Cybersecurity From the 2020 Elections?

The 2020 US elections lived up to the expectations - they were vocal, temperamental, and caught the entire world’s attention. Prior to the elections, there were many rumors and speculations about the possibility of foreign powers interfering with the process via cyber means.

As far as we can tell at this moment (a week after the elections) - this did not happen. So what can we learn from these elections about cybersecurity?

Foreign Powers Can and Do Intervene in Other Nations’ Elections

Even if direct interference with voting didn’t occur this time, it is clear that it is possible to interfere and manipulate the elections using cyber means. Cyber operations against elections can be grouped into several categories:

  1. Operations aimed at influencing the voters: social media and PSYOP, targeted ads and influence, misinformation, fake news.           
  2. Operations aimed at discrediting political parties: targeted hacking of political parties and prominent politicians, the release of sensitive materials, extortion.
  3. Operations aimed at interfering or manipulating the voting process: targeted hacking of voting machines, attacks against the voting committees’ websites and servers.

The Intensity of Cyber Activity Increases Towards the Date of the Actual Elections

In the days prior to the elections, authorities announced that the Russian attack group APT2 again attacked Democratic Party accounts and that Iranian hackers sent threatening emails to thousands of voters, trying to convince them to stay home and skip their vote.

Also, President Trump's official fundraising website was defaced just before the elections. These activities were not likely linked, but they illustrate how cyber activities become more aggressive prior to the elections themselves.

Election IT Infrastructure is Vulnerable

There is evidence that the IT infrastructure used for the elections is dated and vulnerable. Voting machines have been hacked, voters registry data based were hacked, held for ransom, and released (when the ransom was refused), and the entire process could be delayed due to DDoS attacks.

Even a benign thing like an address and ballot allocation can be used to cause harm and stress, as the governor of Florida found out when he went to vote and found that his address in the voters’ registry had been changed by a hacker. This prevented him from voting in the same ballot box to which he was associated.

Authorities Can Do a Great Deal to Enhance the Security of the Elections

The FBI and CISA have stepped up their game these elections: they have made several joint public service announcements to reduce unnecessary anxiety over foreign intervention while clearly explaining what might happen. They addressed the threat of disinformation about the 2020 election results, rebuffed the rumors that foreign actors and cyber-criminals have somehow compromised election and U.S. voter registration data, and also addressed the risk of DDoS Attacks against Election Infrastructure that had the potential to hinder access to voting information, delay voting and counting.

The FBI and CISA are not the only agencies that tackle the issue of securing the election process. The House of Representatives unanimously approved legislation that would make hacking voting systems a federal crime. This follows the “Defending the Integrity of Voting Systems Act” approved by the Senate last year and will enable the federal government to play a role in helping states defend against threats to elections.

In the days leading to the elections, it was decided that DHS would open a special situation room that would operate from election day until the results were determined with certainty.

Citizens and Organizations Have Their Share of Responsibility

Reducing the risk from the operations mentioned above will require nationwide, coordinated efforts, and public-private cooperation. Some examples are emerging, such as Google’s initiative to penalize websites that distribute hacked materials or Election Cyber Surge Initiative launched by the University of Chicago’s Cyber Policy Initiative (CPI). This is a “matchmaking” service that will develop a database of technologists who are willing to volunteer their time to help advise state and local election officials and administrators on various cybersecurity issues. Moreover, each citizen can make a difference.

These Issues Are Not Unique to the US

While the US elections garnered the most attention, the issues accompanying them are by no means unique to the US. In July, the North Macedonia state election commission, SEC, suffered a DDoS attack that disabled it for several critical hours, and other countries have suffered foreign interference in their democratic process before.

Conclusion

It is impossible to determine the extent of cyber activities that accompanied these elections. However, such activities have inevitably taken place. It could be estimated that the actions taken by US authorities had a restraining effect on these cyber activities.

It would be prudent for cybersecurity authorities to conduct a thorough debrief and identify weaknesses that were not handled and improved towards the next elections- and for other nations to learn and implement these lessons learned.

What’s Hot on Infosecurity Magazine?