As we edge closer to the 2024 U.S. elections, the cybersecurity landscape surrounding this crucial event is more complex and dynamic than ever. The sheer variety of targets, tactics, and threats highlights the immense challenge of securing our democratic process. From state-sponsored entities to cybercriminals and hacktivists, a multitude of actors are ready to exploit any vulnerabilities they can find. Understanding this broad landscape is essential for grasping the challenges we face and appreciating the efforts required to safeguard our elections.
To help reduce any confusion, and provide some solid guidance, we’ve put together a multipart series that we’ll be releasing over the coming weeks. The goal is to help folks understand what’s truly at-risk, along with helpful things you can do to join in the efforts to maintain and increase the cyber safety and resilience of America’s elections. We’re starting, today, with an overview of who and what is truly at risk, along with a high-level review of the adversaries and tactics in play. Over the remaining series, we’ll tackle:
- the role of state-sponsored actors in election interference
- phishing and social engineering
- the threat of deepfakes and disinformation campaigns
Let’s dive in!
The Targets
When we think about election security, our minds often jump to voting machines and voter registries. While these are certainly critical, the attack surface extends far beyond them. Political campaigns, for instance, rely heavily on digital infrastructure, including websites, email systems, and databases. These elements are prime targets for cyber intrusions and disinformation campaigns designed to disrupt operations and erode public trust. Political parties, too, are vulnerable, with adversaries seeking to steal sensitive information or create chaos within their ranks.
News and social media platforms also play a crucial role in the election process. Unfortunately, they are frequently exploited to spread disinformation and sow discord among voters. Manipulating these platforms can have far-reaching consequences, influencing public opinion and undermining the democratic process. Election management systems, responsible for counting, auditing, and reporting results, are also critical targets. Ensuring the integrity of these systems is paramount to maintaining the credibility of the electoral outcome.
The Tactics
The tactics employed by threat actors are as diverse as the targets they pursue. Traditional cyber intrusions, such as phishing and spear phishing, remain prevalent, allowing adversaries to gain unauthorized access to sensitive systems and data. Distributed denial of service (DDoS) attacks aim to disrupt the availability of critical election-related websites and services, potentially causing widespread confusion and delays. Ransomware, which involves encrypting critical data and demanding payment for its release, poses a significant threat to election infrastructure, with the potential to cripple essential operations.
While most voting machines are not directly connected to the internet, they are still vulnerable to internet-based attacks through indirect means. For example, voting machines must accept electronic input files from other computers, such as ballot definition files prepared on Election Management System (EMS) computers. If these EMS computers are compromised, they can introduce fraudulent data or malicious code into the voting machines. This indirect connection to the internet creates a potential attack vector that sophisticated adversaries could exploit.
Recently, the rise of deepfakes and disinformation has added a new layer of complexity to the cybersecurity landscape. The use of AI-generated content to mislead voters and manipulate public opinion has become increasingly sophisticated, making it harder to discern truth from falsehood. These tactics are not only disruptive, but also corrosive, eroding trust in the electoral process and the institutions that support it.
The Actors
The actors behind these threats are varied, each with distinct motivations and capabilities. State-sponsored actors, including nations such as Russia, China, Iran, and North Korea, have been identified as significant threats. These entities aim to undermine U.S. elections to destabilize the country and influence its policies. Their sophisticated operations often involve a combination of cyber intrusions, disinformation campaigns, and other tactics designed to achieve strategic objectives.
Cybercriminals, on the other hand, are typically motivated by financial gain. They may deploy ransomware or sell stolen data on the “dark web”, exploiting vulnerabilities for profit. Hacktivists, driven by ideological beliefs, seek to promote their political agendas by disrupting election processes or exposing perceived injustices. While their methods may differ, the impact of their actions can be equally damaging.
The Importance of Vigilance
Understanding the broad landscape of election cybersecurity threats plays a significant role in helping us grasp the complexity and scope of the challenges faced. This knowledge helps the public appreciate the efforts required to secure elections and underscores the importance of vigilance and proactive measures.
As we approach the 2024 elections, enhanced security measures, such as implementing multifactor authentication and conducting regular vulnerability assessments, are vital. Public awareness and education about common disinformation tactics can help mitigate the impact of false information. At the same time, collaboration and information sharing between federal, state, and local agencies, as well as private sector partners, are essential for a coordinated response to emerging threats.
By comprehending and addressing the diverse array of threats, tactics, and actors in the election cybersecurity landscape, we can better protect the integrity of our democratic processes and ensure that every vote counts.
