2020 Predictions: Election Security

David Richardson, senior director of product management, Lookout
2020 Election Hacking Will Focus on Mobile - As cyber attacks have evolved to target mobile devices because of their nature and form factor, so will cyber attacks in the 2020 Presidential Election. Spear phishing campaigns are moving beyond the traditional email-based phishing attacks we saw in the 2016 election cycle to advanced attacks that involve encrypted messaging apps, social media and fake voice calls. Before the next election is over, we will likely see some kind of compromise as the result of a social engineering or mobile phishing attack, particularly as presidential campaigns embrace mobile devices in their canvassing efforts.

Jamil Jaffer, VP of Strategy and Partnerships, IronNet CyberSecurity
Election security is already top of mind for voters – I certainly expect some significant degree of election manipulation, but I don’t expect direct vote manipulation—at least not the kind of vote manipulation that affects the outcome of an election—for a number of reasons.  First, it is very hard to do at scale and requires fairly close-in access to systems. In addition, the systems we use for voting and the software they utilize, are fairly diverse even if they are made by a small number of manufacturers; and at least some jurisdictions are now employing systems that have some significant measure of paper backup and/or auditing (and more to come).  Finally, I think most nation-states understand—and may very well be deterred by the fact that we are almost certain to respond fairly swiftly and aggressively to any actual attempt to manipulate votes in a major election.

At the same time, there is certainly very high likelihood that we’ll see a lot more of what we saw in 2016, including efforts to undermine candidates, parties, and confidence in the system as well as to create discord and dissent between groups and individuals in the electorate.  Likewise, we may see attacks against vote databases, including through ransomware, that is designed to either extract revenue or to undermine confidence in our voting system. These types of attacks—which can be partly mitigated by the use of provisional ballots as created by the Help America Vote Act—can still achieve the goals of attacks.  Ultimately, these nation-state actors—Russia principally, but possibly including China, North Korea, and Iran—seek to create uncertainty and undermine people’s confidence in the system.