And large-scale controversy, increasingly, brings bad actors in cyberspace looking to capitalize. After all, cybercrime is perpetrated by opportunists looking for the simplest path to success. Take, for example, the cascade of fraudulent unemployment claims targeting the billions of dollars in CARES Act funding flowing to states from the federal government earlier this year as COVID-19 decimated entire sectors of the economy. According to cybersecurity company Agari, one Nigeria-based group used stolen personal information to take advantage of abbreviated validation periods brought on by the emergency circumstances of the pandemic. Work is ongoing to recover the hundreds of millions of dollars that were stolen.
And as Nov. 3 nears, experts are pointing to a perfect storm of vulnerabilities to American election infrastructure. Government Technology has extensively covered the rise of ransomware over the past few years, documenting devastating attacks on school districts, cities, state agencies and more. In August, authorities from the federal Cybersecurity Infrastructure Security Agency and the FBI sounded the ransomware alarm as it relates to voter registration databases.
And as we saw in 2016, an attack doesn’t have to be technically successful to cause chaos. Myriad news reports documented the fact that foreign adversaries breached voter databases in states across the country. The breaches did shake the public’s confidence in election systems more generally. And despite broad agreement from cybersecurity officials that tampering with actual vote counts is unlikely, lingering doubts from the public are harder to overcome.
The decentralized nature of elections in this country helps guard against threats, since it’s more difficult to orchestrate a large-scale attack against so many distributed targets. And elections officials across the country have been diligently working to secure every aspect of the voting process, to preserve the integrity of this most fundamental aspect of our democracy. It requires constant vigilance. But resources are scarce and levels of preparedness vary widely.
“We look at each and every system and process, no matter if it is seen as less risky or not,” Aman Bhullar, CIO of the Los Angeles County Registrar-Recorder/County Clerk, told GT recently. “Even a system as simple as email is very important during an election. We look at every threat vector as an opportunity to harden our systems [and] processes so that there is no way an attacker has an advantage.” (Bhullar spoke with Techwire over the summer in more detail about Los Angeles County’s election preparations.)
Elections officials should use every available resource — and there’s ample evidence that they are — to ensure U.S. elections infrastructure is as impenetrable as possible. This includes lining up the right private-sector partners and heeding best practices guidance from organizations like the EI-ISAC, the Elections Infrastructure organization of the Information Sharing and Analysis Center. The future of fair elections depends on it.
This story is excerpted from a report inGovernment Technology, Techwire’s sister publication.