The biggest story on Super Tuesday might not be whether former Vice President Joe Biden; Sen. Bernie Sanders, I-Vt.; or Elizabeth Warren, D-Mass., pick up the most delegates, but rather if polling stations or election-related entities have to fend off any hinky cybersecurity activity, tech problems or disinformation campaigns.
Recent contentions that Russia has continued its efforts to meddle in U.S. elections and upend democratic processes, and after a voting app fail threw the Democratic Iowa caucus into disarray, concerns that the 2020 elections could be fouled up have arisen.
“In a climate where most voters share concerns about cyber interference with the election process, any flaw in the voting process can have a significant impact,” said Casey Ellis, CTO and founder of Bugcrowd. “As we saw following the Iowa caucuses – with technology playing a larger role in the voting process – any issue can have an outsized impact on voter confidence.”
As the specter for election interference on the country’s biggest primary day loomed large on Tuesday, government officials from eight agencies sought to allay concerns while encouraging vigilance. “Americans must also remain aware that foreign actors continue to try to influence public sentiment and shape voter perceptions. They spread false information and propaganda about political processes and candidates on social media in hopes to cause confusion and create doubt in our system,” U.S. Attorney General William P. Barr, Secretary of State Mike Pompeo, Secretary of Defense Mark Esper, Acting Secretary of Homeland Security Chad Wolf, Acting Director of National Intelligence Richard Grenell, Federal Bureau of Investigation Director Christopher Wray, U.S. Cyber Command Commander and National Security Agency Director Gen. Paul Nakasone and Cybersecurity and Infrastructure Security Agency Director Christopher Krebs said in a joint statement. “We remain alert and ready to respond to any efforts to disrupt the 2020 elections. We continue to make it clear to foreign actors that any effort to undermine our democratic processes will be met with sharp consequences.”
Noting “the level of coordination and communication between the federal government and state, local and private sector partners is stronger than it’s ever been,” the multiagency group said their departments were working in concert to protect the elections “and to counter malign foreign influence, but voters have a role to play, too.”
Super Tuesday, when voters in one U.S. territory and 14 states — comprising tenfold the population of the states that voted earlier in Iowa, New Hampshire, Nevada and South Carolina — head to the polls, makes for fertile ground for hackers and other miscreants, prompting the need for heightened security.
“While the burden of voting machine security falls mostly on the states running the elections, both states and localities should place extra resources on monitoring voting system networks to ensure there aren’t any intrusions or issues observed on Super Tuesday,” said Thomas Richards, principal security consultant at Synopsis. “Those working at the polls can be sure that the machines are calibrated and in proper working order by following the voting machine deployment guide. Be observant to ensure that machines aren’t being tampered with by voters. Those who are casting votes should visually inspect the voting machines to be sure that the tamper evident seals are in place before casting your vote.”
Potential problems extend beyond voting machines: The rise of voting apps like the one used in Iowa to tally votes essentially expand the attack surface. “The time-bound nature of voting applications makes them susceptible to sideways attacks – a particularly dangerous hacking method used by nation-state attackers,” said Illusive Networks CEO Ofer Israeli. “In a sideways attack, the hacker bypasses traditional firewall defenses, lurks in the shadows for weeks or months undetected, unleashes their attack at a specific time to inflict maximum damage, and disappears leaving no trace. Many aspects of critical infrastructure – from power distribution to voter administration systems – remain vulnerable to sideways attack.”
As Russia’s assault on the U.S elections in 2016 and beyond has demonstrated, disinformation campaigns can cause as much or more damage than hacking voting machines. “A population that is fearful of interference in ways they don’t understand is more vulnerable to manipulation through disinformation strategies,” said Ellis. “A tweet of a voting machine that ‘looks like’ it’s infected by ransomware could be as effective at deterring voter turnout and confidence as the real deal, which is a cost-effective and asymmetric means to manipulate the result.”
Many disinformation campaigns aim “to curb the number of people who turn out to vote in the places that would affect the vote in favor of the attacker,” he said. “These campaigns are far more effective when they are tied to issues about which the population is already fearful, and the current fears concerning the Coronavirus could be an issue which is harnessed by those wanting to disrupt the election process.”
He urged voters to make sure they get news and updates from legitimate outlets and verified social handles and tasked organizations with “continually providing accurate updates to reassure everyone that it is safe to vote.” While voters might be swayed by information they’re reading on the internet, Ellis said that “the only way to ensure the credibility of the election is to go vote.”