Good News About Voting Security

The hacking attempts haven’t slowed. The disinformation campaigns are ongoing. And the warning lights have been “blinking red” for a potential foreign operation aimed at disrupting the midterm elections, but the US survived.

But if there is anything positive to take away from Russia’s election interference in 2016, it’s this: America’s election infrastructure has never been more carefully monitored in the days, weeks, and months leading up to a nationwide vote, and voters themselves are more-wary than ever of foreign propaganda, masked as a political ad, or Twitter troll.

That heightened awareness is a key takeaway from a report published just one day before the election about hacking attempts on election infrastructure. 

The Boston Globe revealed on Monday 5th November that it had obtained leaked threat reports filed by state and local election officials across the country alerting federal agencies to cyber intrusions and other suspicious activity that appeared to be targeting voter registration databases, election officials, and election networks in the days before the midterms. 

One unnamed state, the threat reports don’t name states or detail specific incidents, successfully blocked more than 51,000 login attempts from foreign countries in a 24-hour period, the documents reportedly revealed. Some hackers even had “limited success.”

Yet voting and cybersecurity experts I spoke to seemed less alarmed than one might expect. “I’m heartened by this,” said David Becker, a former trial attorney in the Voting Section of the Department of Justice’s Civil Rights Division who now runs the Center for Election Innovation & Research. 

The coordination between the various levels of government in preparation for potential meddling in Tuesday 7th November’s election represents a major leap forward since 2016, when many states declined help from the Department of Homeland Security to secure their election systems and balked at declaring such systems “critical infrastructure.” 

Such a designation, which was finally made in January 2017, puts election infrastructure in the same category as the US power grid and financial sector, and gives states quicker access to classified threat information sharing. It also means that states can participate in joint-defense exercises. 

In addition, all 50 states have now opted in to the DHS-funded program that has allowed election officials to share information with each other and with the government. Many have enrolled in a DHS program that offers states computer- vulnerability scanning for their election systems.

But aging voting machines and outdated software are still a major problem, and Congress has not allocated nearly enough money, only $380 million has been appropriated for the whole country, to help states completely revamp their infrastructure, experts say. 

Only one state, Virginia, has completely replaced its electronic voting machines since 2016. And while Illinois has bolstered its cyber defenses since hackers infiltrated its voter database in 2016, its voting machines are still outdated and vulnerable to attack. 

According to NBC News, there are still counties in 14 states, including Georgia and Florida, whose voting districts have no paper backup for their electronic voting machines. That means it would be impossible to conduct a paper recount if necessary.

That’s particularly concerning because, two years on from Russia’s unprecedented interference, there is no sign that the threats are waning. 

In a joint statement released on Monday night, the DHS, Director of National Intelligence, FBI and DOJ warned that “Americans should be aware that foreign actors, and Russia in particular, continue to try to influence public sentiment and voter perceptions through actions intended to sow discord.” 

Senior Trump administration officials, including DHS Secretary Kirstjen Nielsen, FBI Director Chris Wray, and DNI Dan Coats, issued a similar warning during a rare joint press conference in August, “Russia attempted to interfere with the last election,” Wray said, “and continues to engage in malign influence operations to this day.” 

Days earlier, Missouri Democratic Senator Claire McCaskill, who is seeking re-election in a state that went for Trump in 2016, confirmed that Russians had tried to hack her senate computer network but were unsuccessful.

So far, however, the kind of massive hacking-and-leaking operation that took the law enforcement and intelligence communities by surprise in 2016 has not materialised. And, overall, the preparation and response to irregularities in the run up to the midterms has been reassuring, experts say.

The NSA has reportedly begun sending messages directly to Russian hackers, reminding them that they are being watched.

Those seeking to sow disinformation and wage information warfare, meanwhile, continue to prey upon social media users, despite their increased awareness of organised foreign-influence operations.

The Justice Department has already charged the first Russian with interfering in the midterms: Elena Khusyaynova, a 44-year-old Russian national who allegedly managed the finances of an election-interference campaign run out of the Internet Research Agency in St. Petersburg, code-named Project Lakhta. 

Facebook, which did not discover until late 2017 that the Russians had purchased hundreds of political ads that were seen by approximately 10 million users in 2016, revealed over the summer that it shut down Russian and Iranian accounts that were waging political influence campaigns to influence the midterms, and set up a “war room” where a team will monitor fake news and disinformation on Election Day. 

The Democratic Congressional Campaign Committee, meanwhile, successfully encouraged Twitter to delete more than 10,000 “bot” accounts that were posing as Democrats while discouraging people from voting in Tuesday’s midterms.

This is an increasingly common narrative among Russian bots and trolls, according to Brett Bruen, a former US Diplomat who served as Director of Global Engagement at the White House under President Obama. 

Defense One:

You Might Also Read:

Schoolboy Hacked Mock Florida Election Site In 10 Minutes

« Darktrace Describe The Alarming Future AI Attack Scenario
Don't Underestimate The Impact Of Phishing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Group-IB

Group-IB

Group-IB is a leading provider of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

NowSecure

NowSecure

NowSecure are the experts in mobile app security testing software and services.

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

CETIC

CETIC

CETIC is an applied research centre in the field of ICT. Key technologies include Big Data, Cloud Computing, the Internet of Things, software quality, and trust and security of IT systems.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Tesorion

Tesorion

Tesorion is a fusion of different enterprises each with its own specialisation in the field of cybersecurity. We have combined these specialisations to create an integrated comprehensive solution.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

US-Africa Cybersecurity Group (USAFCG)

US-Africa Cybersecurity Group (USAFCG)

USAFCG provides cybersecurity consulting services and delivers training programs for capacity building in Africa.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

Ampliphae

Ampliphae

Ampliphae gives you an easy-to-deploy, sophisticated and affordable cloud-discovery, security and compliance platform.

Cyber Risk Institute (CRI)

Cyber Risk Institute (CRI)

CRI is a not-for-profit coalition of financial institutions and trade associations working to protect the global economy by enhancing cybersecurity and resiliency through standardization.

Censys

Censys

Our customers rely on Censys data to get the global visibility they need of their attack surfaces in order to proactively prevent nation-state attacks and emerging threats.

Peraton

Peraton

Peraton provides innovative solutions for the most sensitive and critical programs in government today, developed and executed by scientists, engineers, and other experts.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.