What Is Election Security?
Elections are central to maintaining free and fair societies in the United States and other countries worldwide. Therefore, election security and ensuring the processes involved are fair, resilient, and safe is paramount to maintaining public trust in the democratic function.
Election security protects all elements of election infrastructure—including election officials, federal partners, state and local government agencies, voting equipment and technology, and the vendor community. It prevents possible election cybersecurity issues and helps mitigate election security threats.
Why the Election Infrastructure Needs Security
Securing election infrastructure is vital to maintaining public trust in the election process and system. In January 2017, the Department of Homeland Security (DHS) designated election infrastructure as a "subsector of the existing Government Facilities critical infrastructure sector," a move that highlights the importance of election security. The destruction or incapacitation of election infrastructure would devastate the American way of life.
Election databases contain the personal data of the voting population within a state, making them extremely appealing to cyber criminals. Failing to prevent election cybersecurity issues can enable hackers to shut down IT systems and demand ransom fees, steal data and make it available on the dark web, and wreak havoc on local and state IT systems.
Election security issues can impact the equipment and systems voters use to register. These registration systems, such as e-poll books, contain information like driver’s license numbers, Social Security numbers, and political affiliations. Altering, hacking, or publishing these records could result in significant data breaches and potential voters being ineligible to vote on election day.
Top Cyber Attacks on Election Campaigns
Several cyber attacks that occurred during election campaigns underscore the critical role election security plays. Some of these cyberattacks include:
- 2016 U.S. election: During the 2016 U.S. election, Russian hackers known as APT28 or Fancy Bear hacked into the Democratic National Committee (DNC) and the campaign of candidate Hillary Clinton to leak secrets. The attack forced the DNC to decommission over 140 servers and 180 computers and rebuild more than 11 servers, which cost them over $1 million. The Russian hackers were able to steal several gigabytes of data and gained access to backup servers, email systems, internal chat messages, and Voice over Internet Protocol (VoIP) calls. The National Security Agency (NSA) also revealed Russian hackers targeted a voting software supplier and sent spear-phishing emails to over 100 local election officials.
- Georgia voter database: In August 2016, a security failure in the Georgia voter registration database left the records of more than 6.7 million people vulnerable to cyberattacks and data breaches.
- California primary hack: In 2016, hackers gained access to voter registration data and changed voters' party affiliations. This left people unable to vote in the California primary, causing heated exchanges with poll workers.
- McCain and Obama's campaigns: Chinese hackers gained access to internal data from Barack Obama and John McCain’s campaigns in the build-up to the 2008 U.S. election. The hackers had reportedly been searching for information about the candidates’ political positions on China. The hack led Obama’s campaign team to hire security experts to investigate the data breach, which was instigated by a highly sophisticated phishing campaign that spread a virus through malicious attachments.
Role of White Hat Hackers in Election Security
Isolating the ransomware is the first step you should take. This can prevent east-west attacks, where the ransomware spreads from one device to another through their network connections. You should first shut down the system that has been infected. Shutting it down prevents it from being used by the malware to further spread the ransomware.
You should also disconnect any network cables attached to the device. This includes anything that connects the infected device to the network itself or devices on the network. For example, your device may be connected to a printer that is linked to the local-area network (LAN). Unplugging the printer can prevent it from being used to spread the ransomware.
In addition to hardware cables, you should also turn off the Wi-Fi that serves the area infected with the ransomware. The Wi-Fi connection can be used as a conduit to spread the ransomware to other devices connected to the same Wi-Fi network. Shutting it down can stop this kind of east-west spread before it begins. However, if it has already begun by the time you realize the computer has been infected, cutting off Wi-Fi can prevent it from spreading further.
Storage devices connected to the network need to be immediately disconnected as well. The ransomware can potentially find the storage device and then infect it. If that happens, any device that connects to the storage system may get infected. This may happen immediately or at some point in the future. Therefore, if you have been a victim of a ransomware attack, it is important to assume each storage device has been infected and clean them before allowing any devices in your network to attach to them.
How To Protect the Election Infrastructure from Cyber Threats
The election infrastructure faces a multitude of challenges from cyber criminals bent on destroying the integrity of the electoral system by taking advantage of common election security issues to cause data loss and affect votes.
Challenges in Election Security
Breaches of voter registration databases and systems represent the biggest challenges in election security. These include attacks targeting the IT infrastructure used to manage election processes, storage systems that contain voting data, and polling locations.
Election Cybersecurity Considerations
Election security needs to be a partnership between federal departments, state and local government agencies, election officials, and more.
Key considerations for all these organizations include:
Election officials are often the frontline of campaigns, which makes them prime targets for cyberattacks such as targeted phishing. However, an NBC News survey found only 15% of counties (15 out of 97) in Arizona, Michigan, and Pennsylvania had provided cybersecurity training for their officials. Agencies involved in election processes should ensure all officials have regular cybersecurity training that empower them to recognize potential security risks.
Many U.S. states have established response plans that enable them to correctly handle cybersecurity incidents. However, few states enact standards that specifically address the protection of election systems. It is now essential to implement measures that safeguard voter registration systems, voting machines, and officials’ training programs.
CISA Resources and Assets
The Cybersecurity & Infrastructure Security Agency (CISA) provides a range of resources that help ensure election security. This includes:
- Providing local and state governments with cybersecurity advisors and private sector partners who help businesses prepare for and protect against threats
- Exercises to help businesses identify areas for improvement and understand election security best practices, such as software updates, patch management, and log management
- Access to technology, resources, and processes like cybersecurity assessments, cyber hygiene scanning, incident response, network baselines, network segmentation, security policies, threat hunting, detection and prevention, and vulnerability assessments
Information Awareness and Sharing
Information sharing between agencies and organizations is vital to preventing election security issues. For example, DHS provides an information network portal, and the National Cyber Awareness System (NCAS) shares advisories and specific threat alerts.
Agencies and organizations need to ensure they have access to the right security skills when they need them. CISA offers access to training and workforce development programs that help the nation become more cyber aware, including the Federal Virtual Training Environment and the National Initiative for Cybersecurity Careers and Studies Catalog.
How Does an Election Infrastructure Work?
- Registration: Registration ensures voter records are kept in databases, and this information is used to determine whether they can vote and where.
- Electronic poll books: These are connected to additional voter databases or servers and include voter information from the registration databases.
- Voting machines: These include electronic voting terminals, paper ballot scanning and tabulation devices at polling places, and equipment for scanning mail-in ballots.
- Tabulation: The tabulation element of the infrastructure comprises tools and procedures used to count the votes cast at voting machines.
- Websites: There are official election websites that provide details on how to vote and register, as well as the results of the election.
How Fortinet Can Help
Through its State and Local Government Cybersecurity solutions, Fortinet allows agencies to:
- Protect sensitive data across their entire attack surface
- Secure employee and contractor access to applications and systems
- Enhance security operations
These solutions enable agencies to protect their critical infrastructure, such as election systems, public transportation, and water and sewage systems.
Fortinet also provides industry-leading threat intelligence so local and state governments are constantly aware of the latest cyberattacks, including the risk of insider threats.
What are election security best practices?
Election security best practices help agencies detect, manage, prevent, and respond to cyber threats. They include processes and technologies like credential management, log management, network baselines, network segmentation, security policies, software updates and patch management, and threat detection and prevention.
What are election cybersecurity issues?
Election cybersecurity issues include attacks on state websites, voter registration system breaches, and theft of voter data records.