I had the pleasure of sitting on a panel at CyberScoop’s CyberTalks event this week, which coincides this year with the RSA 2018 Conference in San Francisco. Our discussion focused on the need to protect election systems from would-be hackers seeking to change results, sow discord in our election processes, and undermine confidence in our system of government.
I’ve often made the point that information warfare is more likely to have an impact on elections than cyber warfare attacks are to have an impact on the voting infrastructure of our country.
In information warfare, malicious actors seek to polarize and divide an electorate through a manipulative information campaign along the lines of Cold War-era propaganda. This could include the carefully timed release of weaponized information intended to damage the reputations of candidates and parties just days before an election.
The decentralized nature of this country’s election systems actually protects our politics from cyber-attack campaigns.
Hackers would release authentic data and intertwine it with data that they would fabricate, giving it all the appearance of being believable, and severely damaging candidate reputations in the minds of voters. If the disclosure were to be released days prior to the vote, there might not be enough time to research and validate the information, let alone inform voters whether the information is true.
Our moderator, CyberScoop assistant editor Chris Bing, established that our CyberTalk would steer clear of information warfare as the discussion otherwise could be too broad.
First, we agreed that the decentralized nature of this country’s election systems actually protects our politics from cyber-attack campaigns. There are around 10,000 local jurisdictions running elections, using different voting systems with a v
aried mix of digital, analog and manual processes. This complexity and variety requires potentially thousands of different cyber-attack scenarios to mount a large-scale, impactful cyber-attack.
An election hacker is like a thief casing a neighborhood; it’s not like there is one door lock that he has to know how to pick. He’s faced with dozens or hundreds of doors that each require unique methods to compromise. He might have the opportunity to try many times, wiggling and examining all the doorknobs to find the easiest locks to pick. But breaking into enough of them to make his crime pay would be difficult.
In the case of cyber-attacks on voting systems, the attackers are challenged by disparate voting systems, built by different vendors with different technologies. Attackers can certainly try many times to find the weakest systems, but orchestrating a cyber-attack that manipulates the voting results broadly would be difficult.
That’s not to say that voting system decentralization and diversity means we don’t need to take the cyber-threats seriously. We absolutely do.
It may be difficult with any single attack to influence an entire national election result. The flip side of this is that a targeted attack on a specific locality could have very serious implications for the votes there. A tight congressional district in a swing state could be manipulated with dramatic results, even if the system as a whole cannot be manipulated dramatically.
Beyond technical issues, there are human issues.
Whenever we talk about election security, we need to remember that it’s not just about the mechanics of protecting the vote. It’s also about ensuring the integrity of the election process so the general population can trust the process.
Cybersecurity is inherently a complex topic, and you generally need a considerable level of skill to understand cyber-attacks and the ways to protect against them.
You need a voting system the public sees and trusts. This is why I strongly believe that any digitized, automated voting system we implement must be backed by paper trails that can be audited by normal humans.
There are other human issues.
Perhaps the best first step toward protecting against election cyber-attacks is to acknowledge the activity we did see in 2016.
As mentioned, the diversity in the number of systems an adversary has to go after to impact an election is immense. The challenge of protecting all of those systems is also immense.
Given that we have a cybersecurity labor shortage in the United States, we’re already having trouble getting world class cybersecurity professionals to protect government and the private sector. The very idea of having such pros actually on the ground in jurisdictions across the United States is impractical.
We shouldn’t make the assumption that vote manipulation won’t be possible in the future because of the challenges in hacking our decentralized electoral systems. The absence of a particular attack is no predictor of the viability of such attacks in the future.
We’ve seen numerous cases in which voting systems have been manipulated in threat research environments. We need to take all the research in this area seriously to prepare for the attacks ahead.
As we near the 2018 midterm elections, perhaps the best first step toward protecting against election cyber-attacks is to acknowledge the activity we did see in 2016.