Enlist the security community to safeguard our elections this fall
August 27, 2020
Assume an imminent breach of integrity and develop a meaningful response plan. As data people, we’re good at being thrust into situations with few facts and expected to tell C-level folks both what could happen and how to respond to minimize impact.
Start a long-term plan to build a secure election stack. Security wonks are good at that sort of thing, too. That doesn’t mean eliminating any possibility of compromise, but we can make it far more expensive for the perpetrators to penetrate. Simply bolting on blockchain won’t work – we have to think more comprehensively.
Develop better training for the thousands of poll locations staffed with energized volunteers. Materials published in an easy-to-digest tips format can help workers spot and stop suspicious activity.
Work closely with the voting equipment manufacturers. While some organizations have started to lean into the process, there’s been a palpable fear among researchers when attempting to alert manufacturers about security. This continues to change, including new penetration testing and vulnerability disclosure programs.
Engage with voters. We still have to speak directly to voters and get them up-to-speed on the potential defenses each polling location plans to roll out. In an environment where fake security warnings are the norm, we have to put citizens on high alert to verify the authenticity of new security measures.
Infosec teams struggle to detect Linux-based threats such as Vermillion Strike due to an overemphasis on Windows malware, a lack of effective solutions for protecting data centers, and the immaturity of sandboxes.