U.S. state election systems are increasingly at risk of suffering cyberattacks allowing adversaries to influence particular races and delegitimize elections.
Recent data breaches, vulnerable voting machines, inconsistent security practices a complex decentralized election system provide several attack vectors for attackers looking to influence elections, according to FireEye's "Attacking the Ballot Box" report.
“Although we have not observed attacks against elections infrastructure as of March 2018, malicious actors and nation states likely already have an understanding of the flaws in the US elections infrastructure and will seek to exploit opportunities where they can,” researchers said in the report. “Ensuring a holistic approach to security that considers adversary intent and TTPs will allow forward-leaning states and municipalities to reduce their risk exposure and preserve the integrity of the election process.”
Researchers warn attackers can disrupt elections before ballots are even cast by blocking access to online registration, corrupting data to disqualify voters, and by deleting records.
Attackers could also prevent voters from going to the polls by launching DDoS attacks against sites which inform voters of their polling locations to diminish voter turnout.
Researchers warn attackers could corrupt elections by targeting Election Management Systems (EMS) are software that aggregate votes from individual voting machines across counties or even states as the machines are susceptible to remote, network-based attacks, such as from a voting machine, programmer machine or even the Internet.
In addition to the threat of the EMS's being hacked, many of the computers running them often have outdated and unpatched software as the machines seldom follow recommending security practices for authentication or encryption.
Voters themselves also face the risk of their own information being recycled as there have been several voter database breaches since the beginning of 2016. These databases often include names, dates of birth, and social security numbers leaving them vulnerable to spearphishing attacks or identity theft.
In order to combat these threats researchers recommend officials keep a regular back-up of the voter database in a secure location, track for large-scale changes to voter databases, and, maintain and regularly patch voter registration websites.
In addition, officials should ensure that the security within the organizations behind the state websites have established DDoS mitigation protocols, both within their own servers and with their ISP that include backup servers, rate limits and filters to drop packets, and heightened monitoring of website traffic.