Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/3/2020
06:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Securing the 2020 Election: 'We're Not Out of the Woods Yet'

Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.

Election Day in the US followed an unprecedented season of security alerts, disinformation campaigns, and speculation as to how foreign actors could interfere in the 2020 presidential race. While Nov. 3 has been relatively calm so far, we're not out of the woods yet, a senior Cybersecurity Infrastructure and Security Agency (CISA) official said in a news briefing.

Related Content:

A Mix of Optimism and Pessimism for Security of the 2020 Election

The Changing Face of Threat Intelligence

New on The Edge: 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time

"At this point, this just looks like any other Election Day … even just another Tuesday," the official said. There has so far been no sign of foreign adversaries successfully compromising or affecting votes cast in the election. 

But the process is only getting started. One senior CISA official likened today to "halftime," warning there may still be efforts to interfere with this election in days and weeks to come. Today saw some instances of disinformation targeting voters in specific states, as well as a few technical glitches that forced some polling places to fall back on their paper pollbooks.

Michigan Attorney General Dana Nessel reports robocalls targeting residents of Flint, Michigan, with the message that "due to long lines, they should vote tomorrow." This is an obviously false statement and an effort to suppress the vote, she said. Robocalls are a voter intimidation tactic often seen in elections; the FBI is reportedly investigating this incident, the DHS says. 

In Franklin County, Ohio's largest, some voters experienced delays due to a shift to paper pollbooks. A digital file containing data on early voters was too large and could not be synced to electronic pollbooks, forcing poll workers to switch to paper. While this can be attributed to a technical glitch and not a cyberattack, the backup plan aligns with the message of resilience that officials say has been a key part of state and local partnerships leading up to the election.

Foreign activity in the 2020 election has so far been lower than in 2018, CISA officials said, citing the "improved resilience" and national conversation about issues such as disinformation. Social media companies such as Facebook and Twitter have both acted to fight fraudulent content.

"Social media platforms have taken major steps to improve their security and protection against disinformation and attacks by third-party actors," says Victoria Mosby, federal mobile security expert at Lookout. "In particular, Facebook and Twitter are seen as the largest platform for disinformation and both have gone to great lengths to counter this issue." Twitter, for example, announced measures to delete tweets calling for violence around election results.

It's Still Early, Officials Say

This election has been top-of-mind for security officials since the chaos surrounding the 2016 race. The government has improved visibility into election infrastructure and now has intrusion detection system monitors installed across all 50 states. The State Department announced a reward of up to $10 million for information leading to people engaging in election interference on behalf of a nation-state. CISA's "Rumor vs. Reality" page aims to combat mis- and dis-information.

The FBI and the DHS CISA have warned of interference attempts by Iranian and Russian actors. In one instance, Iranian attackers spoofed emails to voters and published a video meant to cause confusion and undermine confidence in the election process. Russia-backed threat group Energetic Bear has reportedly targeted dozens of US state, local, territorial, and tribal government networks since Sept. 2020, CISA reported

Government actions to secure the 2020 election also include a two-week operation against Iran, the Washington Post reports. General Paul Nakasoke, who heads the NSA and military cyber command, said in an interview on Tuesday that he was "very confident in actions" against adversaries over the past several weeks and months to protect against interference. This reportedly followed the attack in which Iranian actors sent emails to threaten voters.

While foreign activity has so far been quiet on election day, CISA officials say they're not letting their guard down. Now is the time when polls are closing; when numbers and unofficial results start going up; when we might see disruption due to defacement or denial-of-service attacks.

"A defaced or manipulated election night reporting webpage would not impact the counting or the certification of official results," CISA posted in a tweet, noting the results on election night are unofficial. Website defacements related to elections could be intended to undermine confidence in the election process, which will remain a concern as the votes are counted.

"I don't think the impact on the tabulation, and the counting of votes is going to come to fruition," says John Dickson, principal at Denim Group. "There might be influence operations, but no disruption of polling." Tonight - when all eyes are on the Web, the news, and the election reporting - is the more susceptible time for interference activity to occur, he points out.

Given the window in which malicious cyber activity could still occur, security experts urge voters to remain patient, seek news in trusted sources, and keep in mind that technical glitches occur – not every disruption might be related to a cyberattack. Voters should keep in mind how voting has been affected by the pandemic and there may not be a final result for days to come.

"Everybody is acutely and intensely focused on ensuring that this election is as secure as humanly possible," one senior official said.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24368
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.