Assessing the cyber threat to this year's elections
- By Sara Friedman
After the 2016 election, it took cybersecurity analysts months to pin down where the threats to elections systems where coming from. This year, even without no single national race, threats continue to multiply.
The United States' vast array of locally controlled election systems faces attacks to voter registration, election websites, voting machines and the election management systems that aggregate voting data. A new report from FireEye outlines likely attack methods and offers suggestions for securing this year’s midterm elections.
In 2016, voter registration databases were hacked in Pennsylvania, Ohio, Rhode Island, Delaware and Washington, giving malicious actors the ability to change or delete voter information. Voter registration systems are vulnerable to spearphishing and distributed denial of service attacks, the report warned. And unpatched or poorly maintained websites allow malicious actors to change or block key information on state websites that voters need to get to their polling places.
To limit these issues, state election officials must make sure that DDoS mitigation protocols such as backup servers and rate limits are part of the election security process. They should also regularly scan voter databases for unauthorized large-scale changes.
It's harder to detect attacks in voting machines, FireEye found. Those with removable hardware are especially susceptible to malware attacks via memory cards, flash drives, access cards and exposed ports.
The election management systems that aggregate the data from each polling station are also susceptible to attacks. EMS that run on PCs are often running old operating systems such as Windows 98 or Windows XP with no firewalls or antivirus software. Keeping all EMC PCs off the internet can help prevent remote attacks.
Besides targeting the IT systems elections depend on, the report states, malicious actors can also conduct disinformation attacks, targeting or mimicking state and local officials’ social media accounts to sow misinformation and mistrust.
“It is not always easy to change an outcome, but they can delegitimize a process and create doubt,” John Hultquist, director of intelligence analysis at FireEye, said at a press briefing. “The low-hanging fruit is where they can cause more chaotic problems like getting people to the polls.”
Although no attacks have been observed against elections infrastructure this cycle as of March 2018, malicious actors no doubt already "have an understanding of the flaws in the U.S. elections infrastructure and will seek to exploit opportunities where they can,” the report concluded. “Ensuring a holistic approach to security that considers adversary intent and [tactics, techniques and procedures] will allow forward-leaning states and municipalities to reduce their risk exposure and preserve the integrity of the elections process.”