America’s elections face a crisis of confidence. Trust in free and fair elections is the bedrock of our democracy, which places particular challenges on state and federal officials responsible for running election machinery and tracking threats to our country, respectively. In the wake of acknowledged foreign interference in the 2016 election and reports of renewed, malicious intrusion attempts this year, the burden is on officials to prove voting is secure and unaffected. As any security professional knows, it is hard to “prove a negative” – that zero intrusions of any kind are taking place. Still, the best defense against disrupted polls or shaken confidence is making sure we have comprehensive election security strategies yielding data to dispel doubts.
Fighting threat fatigue
Maintaining a big picture view is authorities’ greatest challenge, because every proven and theoretical part of the election “attack surface” has its own 24-7 news cycle. Voting machine manufacturers admit the presence of remote access software. Concerns persist over access to back-end voter databases. Poll workers’ security awareness and preparedness are in the spotlight. Of course the specter of hacks on voting machines, themselves, to change election outcomes remains a nightmare scenario in the nation’s consciousness – regardless of how feasible it is. When you diagram the anatomy of modern elections, you find a diverse collection of IT assets across office environments and deployed poll stations. The degree to which these systems have network access vary; some are permitted to touch the Internet through specific controls, others are only meant to send and receive data through temporary, isolated networks or USB devices.
If complexity is the enemy of security, each of the states’ disparate election operations amount to a vast, challenging attack surface to monitor. No two states are the same, so it is no wonder that, despite the wider availability of federal election security funds, state authorities need to weigh varying resources, risks and priorities. The danger here is falling into what is known as “threat fatigue.” In the perceived absence of a comprehensive security strategy, election authorities risk jumping from one narrow threat vector to the next – racing hard in good faith, but possibly overlooking a quieter piece of the attack surface that could upend everything. There is little margin for error; threat fatigue is already a well-established problem in many corporate security operations centers (SOCs). The difference is that when an attacker steals credit card data from a store by dodging firewalls and bouncing through a connected printer or cash register instead, the damage is to finances – not citizens’ faith in democracy and government.
Time for a flight data recorder
While jurisdictions differ dramatically in population, resources and equipment, every state should make visibility the guiding foundation of their election security strategy. At a technical level, this is achieved by taking a continuous picture of everything connecting to a network in real time and observing device behaviors continuously. Strategically, it calls for extending this posture across the entire anatomy of the election infrastructure so that blind spots commonly caused by incomplete or short-term monitoring do not obscure crucial assets that could be key to defense and investigations.
Similar to how operators of power plants and subways passively study behaviors across delicate control systems prone to disruption, a “visibility-first” approach across all manner of election IT would “do no harm” to existing legacy and miscellaneous equipment underpinning democracy. Yet, it would serve as a crucial backstop and forensic record while state authorities tirelessly work to mitigate any discovered vulnerabilities. Consider the example of an aircraft flight data recorder offering priceless, incontrovertible evidence in the event of an incident. Except that instead of being examined only in the wake of suspected problems, a visibility-based posture for elections would produce nonpartisan data after every election, to conclusively establish what proceeded normally and help authorities continuously visualize what their operations look like, year after year.
Because there are numerous ways to achieve visibility, prescribing this type of capability as a foundation would have the appeal of not locking states into any proprietary security tools or formats. It would give agencies important guidance and leeway to take immediate steps with the IT and security controls they already own, freeing them to spend budgets in whatever way helps them close any remaining network blind spots. Reviewing successive years of visibility data over election systems would help states “compare notes” within their existing information-sharing forums on what different jurisdictions discover in policing their networks, likely saving countless hours and dollars toward confronting common threats and adopting proven measures.
Countdown to November
Before we know it, we will wake up on Tuesday, Nov. 6, and head to the polls to cast votes for the 435 U.S. House seats, 35 U.S. Senate seats, 36 gubernatorial races and many more state and local offices. While there is increased public awareness about the threats to and weaknesses of our election system, we are still a long way from securing these systems and ensuring their security and our confidence in them.
No matter how unique election systems may be, at their core they share the same basic characteristics and vulnerabilities of all IT systems. Each component of an election system – the voter registration database, the vote tabulation system, and the voting machines – can be secured with many of the same techniques and tools that are used in the private sector to secure financial institutions, medical facilities and utilities.
On this note, as elections follow automated teller machines, vehicles, buildings and other formerly disconnected things now entering a range of digital attack, it is worth bearing a few principles in mind: Few things live on truly private networks anymore. As comforting as it may be to rely on air gaps and USB sticks, time and again we have seen errors and malicious code compromise these “offline” targets. Also, no software is perfect – meaning that despite well-intentioned efforts to compel voting-machine makers and others to continuously harden their code, there will always be flaws and misconfigurations and undiscovered vulnerabilities – again proving the need to invest in visibility as the surest path to a defensible high ground that oversees all the behaviors of all connected systems, period.
Exercising our rights – and confidence
The most insidious payload of cyberattacks on election systems is uncertainty. Psychologically, when voters learn their elections are the target of hacking and disinformation they worry about “who” and “what” they can trust. This is similar to incident response challenges SOC teams face when they detect an adversary in networks they cannot entirely visualize or compare to trusted norms – it can feel like running through a “hall of mirrors,” struggling to establish what belongs, versus what might have been altered or left by the intruders.
Election interference isn’t new, but our increasingly connected world forces us to question the integrity of our elections as we exercise our franchise. It falls on voters to be informed and aware of social engineering and disinformation lures that prey on political seasons and emotional, polarizing issues. At the same time, we expect our election overseers to apply proven, practical steps to ensure we have good cyber hygiene and clear vision over the health and reliability of our voter registries and polling places. When Internet scale is involved, every vulnerability point and blind spot matters, but if we focus on clear-eyed vision as the goal, we can see trouble coming before adversaries accomplish their aims.
The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email [email protected]. Our editorial guidelines can be found here.
