“If [advanced persistent threat actors] are trying to come after us, or our election, and they know that it’s near impossible to get into our voting systems and get out of it without detection, then the next easiest target is to mess with our registration system[s],” Craig Bowman, vice president of government, education and healthcare at cybersecurity company Trellix, said in the FedInsider webinar.
Adversary nations want to tamper with U.S. elections to promote candidates whose policy stances they prefer or to foment chaos that undermines the credibility of American democracy, Bowman said.
Malicious actors could try to create confusion on Election Day by creating fake or duplicative voter registrations or switching people’s registered party affiliations, he added. They might change the mailing addresses for absentee ballots so these ballots can be intercepted, or alter polling locations to send people to the wrong spot to deter voting.
“The main goal for them is going to be disruption and confusion,” Bowman said.
Elections officials can defend against such scenarios by taking steps like encrypting voter registration databases and monitoring for any suspicious changes to entries or unusual data transmission. Data loss prevention tools can help here. Intrusion detection systems can also help catch advanced persistent threat actors who try to gain remote access to a system and lurk, waiting until Election Day to suddenly encrypt voter registration data, Bowman suggested.
Cyber attackers are creative, but election officials don’t need to know every single possible attack scenario that might occur to be ready to respond and rebound, said Karen Brinson Bell, executive director of North Carolina’s State Board of Elections. Preparation means building up partnerships and working in advance to identify vulnerabilities, and developing incident response and continuity of operation plans.
“Partnerships are really, really key. I am not a cybersecurity expert; I’ve learned a lot. And I know how to ask the right questions,” Brinson Bell said.
Jonathan Brater, director of elections for the Michigan Department of State, said resiliency can mean keeping offline and paper backups to ensure voting can continue, should some election administration technology become temporarily unavailable. All staff need to know the backup procedures in advance and be ready to pivot. Plus, election teams should ensure they know who to reach out to should something go wrong and they need help with restoring Internet connections or systems, for example. They should ensure those partners know to expect such a call.
When it comes to preparatory training, “we focus on areas that are either based on things that have actually happened, with any hypothetical change to make it a little more severe, or things that would be more likely occurring that would put a lot of strain on keeping those elections going,” Brater said.
Brinson Bell’s team has prepared “Attack Response Kits” that can be used to keep elections running even if ransomware or another issue downs systems. The kits include items like clean laptops and cellphones, and devices for establishing Internet connections.
“The thing with elections is, if we are under attack — if there is a circumstance, even outside of our control, [even if] it’s not directly on elections — we can’t stop elections. You have to figure out how to proceed,” Brinson Bell said.