Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/3/2020
06:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Securing the 2020 Election: 'We're Not Out of the Woods Yet'

Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.

Election Day in the US followed an unprecedented season of security alerts, disinformation campaigns, and speculation as to how foreign actors could interfere in the 2020 presidential race. While Nov. 3 has been relatively calm so far, we're not out of the woods yet, a senior Cybersecurity Infrastructure and Security Agency (CISA) official said in a news briefing.

Related Content:

A Mix of Optimism and Pessimism for Security of the 2020 Election

The Changing Face of Threat Intelligence

New on The Edge: 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

"At this point, this just looks like any other Election Day … even just another Tuesday," the official said. There has so far been no sign of foreign adversaries successfully compromising or affecting votes cast in the election. 

But the process is only getting started. One senior CISA official likened today to "halftime," warning there may still be efforts to interfere with this election in days and weeks to come. Today saw some instances of disinformation targeting voters in specific states, as well as a few technical glitches that forced some polling places to fall back on their paper pollbooks.

Michigan Attorney General Dana Nessel reports robocalls targeting residents of Flint, Michigan, with the message that "due to long lines, they should vote tomorrow." This is an obviously false statement and an effort to suppress the vote, she said. Robocalls are a voter intimidation tactic often seen in elections; the FBI is reportedly investigating this incident, the DHS says. 

In Franklin County, Ohio's largest, some voters experienced delays due to a shift to paper pollbooks. A digital file containing data on early voters was too large and could not be synced to electronic pollbooks, forcing poll workers to switch to paper. While this can be attributed to a technical glitch and not a cyberattack, the backup plan aligns with the message of resilience that officials say has been a key part of state and local partnerships leading up to the election.

Foreign activity in the 2020 election has so far been lower than in 2018, CISA officials said, citing the "improved resilience" and national conversation about issues such as disinformation. Social media companies such as Facebook and Twitter have both acted to fight fraudulent content.

"Social media platforms have taken major steps to improve their security and protection against disinformation and attacks by third-party actors," says Victoria Mosby, federal mobile security expert at Lookout. "In particular, Facebook and Twitter are seen as the largest platform for disinformation and both have gone to great lengths to counter this issue." Twitter, for example, announced measures to delete tweets calling for violence around election results.

It's Still Early, Officials Say

This election has been top-of-mind for security officials since the chaos surrounding the 2016 race. The government has improved visibility into election infrastructure and now has intrusion detection system monitors installed across all 50 states. The State Department announced a reward of up to $10 million for information leading to people engaging in election interference on behalf of a nation-state. CISA's "Rumor vs. Reality" page aims to combat mis- and dis-information.

The FBI and the DHS CISA have warned of interference attempts by Iranian and Russian actors. In one instance, Iranian attackers spoofed emails to voters and published a video meant to cause confusion and undermine confidence in the election process. Russia-backed threat group Energetic Bear has reportedly targeted dozens of US state, local, territorial, and tribal government networks since Sept. 2020, CISA reported

Government actions to secure the 2020 election also include a two-week operation against Iran, the Washington Post reports. General Paul Nakasoke, who heads the NSA and military cyber command, said in an interview on Tuesday that he was "very confident in actions" against adversaries over the past several weeks and months to protect against interference. This reportedly followed the attack in which Iranian actors sent emails to threaten voters.

While foreign activity has so far been quiet on election day, CISA officials say they're not letting their guard down. Now is the time when polls are closing; when numbers and unofficial results start going up; when we might see disruption due to defacement or denial-of-service attacks.

"A defaced or manipulated election night reporting webpage would not impact the counting or the certification of official results," CISA posted in a tweet, noting the results on election night are unofficial. Website defacements related to elections could be intended to undermine confidence in the election process, which will remain a concern as the votes are counted.

"I don't think the impact on the tabulation, and the counting of votes is going to come to fruition," says John Dickson, principal at Denim Group. "There might be influence operations, but no disruption of polling." Tonight - when all eyes are on the Web, the news, and the election reporting - is the more susceptible time for interference activity to occur, he points out.

Given the window in which malicious cyber activity could still occur, security experts urge voters to remain patient, seek news in trusted sources, and keep in mind that technical glitches occur – not every disruption might be related to a cyberattack. Voters should keep in mind how voting has been affected by the pandemic and there may not be a final result for days to come.

"Everybody is acutely and intensely focused on ensuring that this election is as secure as humanly possible," one senior official said.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...
CVE-2020-28348
PUBLISHED: 2020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-15928
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
CVE-2020-15929
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
CVE-2020-28991
PUBLISHED: 2020-11-24
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.