Combating Election Cybersecurity Threats

Preserving the integrity of the election process lies at the heart of any functioning democracy. However, ensuring that elections are fair and transparent is trickier than ever in today’s always-online digital landscape, with nation-state actors and other malicious parties regularly trying to compromise election security through cyber attacks. Now that the U.S. election season is in full swing, it’s the right time to promote greater awareness about election cybersecurity threats and how to deal with them. 

Key Election Cybersecurity Threats

News emerged in August 2024 that Iran has been attempting to interfere with the US election through cyber operations. This interference involved both influencing operations targeting American public opinion and direct hacks against Donald Trump’s campaign. The Iran story follows a warning back in February from Federal law enforcement that, “The threat environment, unfortunately, is very high.” 

So, how exactly does this threat environment look? Here’s a detailed run-through of specific cyber threats that could compromise election security and integrity. 

SOCIAL ENGINEERING

Elections officials, staff, and volunteers expect to receive emails related to elections throughout the election season. The same is true for those directly involved in election campaigns for political parties. This expectation creates a fertile ground for increased social engineering susceptibility, though. 

During election season, officials and campaign staff are inundated with emails, many of which are time-sensitive and related to urgent election matters. This creates an environment where people are likely to be less vigilant. Attackers exploit this urgency and the familiarity of election-related communication to craft convincing spear phishing emails that specific targets are more likely to open. 

As far as potential impacts go, successful social engineering could lead to unauthorized access to sensitive systems, such as voter databases or voting machine software by targeting election officials. More general phishing campaigns related to elections could target voters to steal their personal information. 

DDOS ATTACKS

Distributed Denial of Service (DDoS) attacks potentially threaten the availability and functionality of critical election infrastructure. In a DDoS attack, an attacker overwhelms a target system—such as a website, server, or network—by flooding it with lots of traffic from a network of computers under their control (botnet). 

As one election-related example, a DDoS attack on voter registration systems might prevent election officials from accessing or updating voter information, leading to delays and errors in voter registration. Another scenario might be targeting websites that provide crucial info about elections, such as polling locations and voter ID requirements. Taking these sites down with a DDoS attack might reduce voter turnout for people who rely on them last minute to find out where or how to vote. 

ACCESSING ELECTORAL REGISTERS

Attacks on electoral registers involve accessing and potentially manipulating information about registered voters. These attacks can impact individuals via fraud and also cause cascading impacts on the wider democratic process. Hackers could use voters’ personal info to carry out further attacks or alter voter information to prevent legitimate voters from casting their ballots and cause confusion at polling stations.

A 2023 news story highlighted this risk when the UK’s Electoral Commission revealed it was the victim of a sophisticated cyber attack that resulted in access to electoral registers.  Hackers managed to obtain info on up to 40 million voters in the UK breach. 

AI-GENERATED CONTENT

As generative AI continues to advance leaps and bounds over short timespans, the risks to democracy from AI-generated content grow. Specifically, the ability to spread disinformation is a key threat because it’s getting harder to tell what’s real and what isn’t. A couple of examples from within the last year pinpoint just how much of a threat AI-generated content poses:

• In 2023, a deepfake audio clip went viral of Keir Starmer, leader of the UK Labour Party, apparently verbally abusing party staff. 

• In January 2024, a fake robocall using Joe Biden’s voice urged New Hampshire voters to skip voting in the state’s primary election.  

Convincing content could sway voter opinion, especially as the technology gets better and dupes more people. Another possible malicious use of AI is to sow discord in the post-election window and create conflict or doubt about the integrity of the election. 

Ways to Combat Election Cybersecurity Threats

With a more nefarious threat landscape than ever, the stark warnings and dwindling optimism about election cybersecurity are understandable. However, there are some actionable ways to combat election-focused cyber attack campaigns. 

AN ELECTION-SPECIFIC INCIDENT RESPONSE PLAN

A detailed incident response plan tailored specifically for election day scenarios helps election officials quickly and effectively respond to anticipated cybersecurity incidents. This plan should include predefined roles, clear communication channels, and step-by-step processes for dealing with key threats, such as ransomware attacks, DDoS attacks on voter registration systems, or suspicious activity on voting machines. By rehearsing these in advance, officials can minimize the impact of any cyber incidents and maintain the integrity of the elections they’re overseeing.

ADVOCATE FOR MORE SHARED THREAT INTEL AMONG ELECTION STAKEHOLDERS

Establishing a network for real-time threat intelligence sharing among election officials, government agencies, and cybersecurity experts helps more quickly identify and mitigate emerging threats. This practice includes sharing information on new vulnerabilities, ongoing attack campaigns, suspicious activities, and new threat actors seeking to disrupt fair elections. The idea here is for election stakeholders to be able to proactively defend against sophisticated attacks and coordinate their responses to nationwide threats.

FOCUS ON REDUNDANCY AND FAILOVER MECHANISMS FOR ELECTION INFRASTRUCTURE

Built-in redundancy and failover mechanisms guarantee that critical systems remain operational even if a cyber attack causes a system failure or disruption. This includes having backup servers, redundant communication channels, and alternative power supplies for election infrastructure. 

HAVE THIRD PARTIES CONDUCT INDEPENDENT AUDITS AND PEN TESTS

An unbiased evaluation of the security posture of election systems drives improvements by identifying vulnerabilities or other weaknesses that internal teams might overlook. An objective outside analysis provides actionable insights that allow election officials to prioritize and address the most important issues. Third-party assessments also foster transparency and trust by demonstrating to the public and stakeholders that election security is taken seriously. 

CONDUCT SIMULATED ELECTION-SPECIFIC CYBERSECURITY TRAINING

Dedicated live-fire cybersecurity training exercises on a cyber range provide election officials, IT staff, and other stakeholders with hands-on experience in responding to simulated cyber threats. These simulations allow participants to practice detecting, responding to, and mitigating cyber attacks in a controlled environment. Crucially though, the cyber range should be election-specific, which means replicating actual election IT environments, and running scenarios like DDoS attacks on election websites, misinformation campaigns, and accessing voter information. 

Cloud Range helps reduce cybersecurity threats to elections and preserve the integrity of democratic processes with dedicated election security training. Our live-fire cyber range lets election officials, legal analysts, incident responders, and other stakeholders prepare to detect and respond to cyber threats. Preparation through realistic training is paramount in ensuring personnel aren’t caught unaware during the election season. You get playbooks for multiple technical/non-technical roles, and up-to-date, realistic simulations.

Contact us today to learn more. 

Learn more about election security and mitigating threats in our upcoming webinar, Election Cyber Security: 5 Ways to Minimize the Risk of a Cyber Attack, on September 19, 2024. Sign up here.