The 2020 Elections Cybersecurity Landscape
The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.
By Malik Dulaney
November 12, 2020
The 2016 elections demonstrated the importance of election security. It was determined by United States intelligence agencies that the elections were attacked by Russian intelligence operatives. There was an effective misinformation campaign that targeted specific demographic groups. There were several breaches involving political operatives, organizations and election systems. In 2016, it was 10,000 county and state election officials versus Russian state hackers. Although concerns were warranted, the 2020 election did not suffer the same fate.
An overview of recent events demonstrates what occurred around the country. In March, Microsoft moved to take down portions of a hacker bot network called Trickbot. Trickbot is used by Russian crime gangs to infect computers with Ryuk ransomware and remotely control them. Typically, ransomware targeting is financially motivated rather than politically motivated. Microsoft raised concerns about the potential danger of the Trickbot network because it is operated by criminal gangs with nation-state affiliations. It could be used to attack, infiltrate and control election infrastructure. Over the past two months, the United States Cyber Command also launched an operation to remove newly established components of the Trickbot network.
Hall County, Georgia received a ransomware attack on its computer systems. The precinct map on the county website and the voter signature databases were a part of the targeted systems. After the county did not pay, the hackers released sample information including voter names, social security numbers, election equipment inventory and flagged provisional ballots. The county’s voting process does not appear to be affected, but this incident highlights what could have been at stake.
In Louisiana, the Louisiana State Police and the Louisiana National Guard were called in to investigate cyber attacks directed at government agencies. Investigators found a remote access tool previously associated with the North Korean government. However, the tool’s code has been publicly available online, making a definitive attribution to the North Koreans difficult.
National security officials revealed that election rolls had been stolen by Iranian hackers. In mid-October, registered voters in Florida and Alaska received threatening emails, purportedly from the far-right group the Proud Boys. The emails threatened to harm voters if they did not vote for Donald Trump. United States intelligence officials were able to quickly refute the origins of the emails and attribute its origins to Iranian hackers. By the end of October, Iranian hackers had also probed election-related websites in at least ten states.
Within the past month, Russian hackers have attacked a variety of United States targets. They accessed election systems in California and Indiana, stealing data from two servers. Russian cyber gangs have targeted a list of 400 potential hospitals with new strains of ransomware. They have been successful in infecting several hospitals in New York, Vermont, Oregon, Ohio, Missouri, Nebraska and Michigan, among others. This is significant because of the potential loss of life and due to the timing of the attacks. In September, hackers attacked a Texas software company that sells administrative software and network services to cities and counties.
There were a myriad of cyber incidents in and around the US elections. Some of these events could have been unrelated to the elections, but many were directly related. It may be possible to view these events as a wave of cyber chaos before election day or as a precursor to events planned for election day. They could have been psychological warfare tactics to delegitimize the process and the results, also known as “perception hacks.”
Cybersecurity experts entered the election season cautiously optimistic. The Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) took a visible role in protecting the 2020 elections. The U.S. Cyber Command and the National Security Agency (NSA) took an offensive role in protecting the election. Their strategy was to focus on deterrence.
The week before the elections, DHS outlined some of the actions they were taking to protect the elections. DHS and CISA nurtured partnerships and collaborated with local election departments. DHS placed intrusion detection sensors on every state elections network in the country. These sensors allowed DHS to detect attacks on election infrastructure. The U.S. Cyber Command and the NSA publicly called hackers out, as in the case of the Iranians. The agencies met nation state cyber adversaries head on by infiltrating their networks. In addition to taking out the Russian bot networks, they observed their actions to gain intelligence on their plans. In some instances, they knocked them offline to further deter their efforts.
The 2016 and 2020 elections have highlighted the need for increased scrutiny of our election processes and infrastructure. In the 2016 election, states and counties were left to fend for themselves, revealing flaws in our local systems. Those flaws stem from a lack of local funding; unequally distributed cyber expertise; and ultimately, a lack of common standards and centralized management of election infrastructure. It may be unfair to expect states and counties to shoulder the burden of protecting election infrastructure. Defending against nation-state hackers requires the breadth of resources available from the United States federal government.
According to publicly available information, the 2020 elections were uneventful because some of the flaws were addressed. The United States Cyber Command, DHS, CISA and NSA successfully collaborated with local elections officials to provide centralized protection for the election. As more election information is released, the lessons learned from the 2020 elections can be used to improve security for future elections.
Author: Malik Dulaney, PhD, CISSP is an information technology professional with the University of Dallas and an adjunct cybersecurity professor with the Gupta College of Business at the University of Dallas. He is also a public sector researcher with research interests in cybersecurity in public and nonprofit organizations, cyber warfare and information technology policy. He can be reached at [email protected].
(2 votes, average: 5.00 out of 5)
Loading...
The 2020 Elections Cybersecurity Landscape
The views expressed are those of the author and do not necessarily reflect the views of ASPA as an organization.
By Malik Dulaney
November 12, 2020
The 2016 elections demonstrated the importance of election security. It was determined by United States intelligence agencies that the elections were attacked by Russian intelligence operatives. There was an effective misinformation campaign that targeted specific demographic groups. There were several breaches involving political operatives, organizations and election systems. In 2016, it was 10,000 county and state election officials versus Russian state hackers. Although concerns were warranted, the 2020 election did not suffer the same fate.
An overview of recent events demonstrates what occurred around the country. In March, Microsoft moved to take down portions of a hacker bot network called Trickbot. Trickbot is used by Russian crime gangs to infect computers with Ryuk ransomware and remotely control them. Typically, ransomware targeting is financially motivated rather than politically motivated. Microsoft raised concerns about the potential danger of the Trickbot network because it is operated by criminal gangs with nation-state affiliations. It could be used to attack, infiltrate and control election infrastructure. Over the past two months, the United States Cyber Command also launched an operation to remove newly established components of the Trickbot network.
Hall County, Georgia received a ransomware attack on its computer systems. The precinct map on the county website and the voter signature databases were a part of the targeted systems. After the county did not pay, the hackers released sample information including voter names, social security numbers, election equipment inventory and flagged provisional ballots. The county’s voting process does not appear to be affected, but this incident highlights what could have been at stake.
In Louisiana, the Louisiana State Police and the Louisiana National Guard were called in to investigate cyber attacks directed at government agencies. Investigators found a remote access tool previously associated with the North Korean government. However, the tool’s code has been publicly available online, making a definitive attribution to the North Koreans difficult.
National security officials revealed that election rolls had been stolen by Iranian hackers. In mid-October, registered voters in Florida and Alaska received threatening emails, purportedly from the far-right group the Proud Boys. The emails threatened to harm voters if they did not vote for Donald Trump. United States intelligence officials were able to quickly refute the origins of the emails and attribute its origins to Iranian hackers. By the end of October, Iranian hackers had also probed election-related websites in at least ten states.
Within the past month, Russian hackers have attacked a variety of United States targets. They accessed election systems in California and Indiana, stealing data from two servers. Russian cyber gangs have targeted a list of 400 potential hospitals with new strains of ransomware. They have been successful in infecting several hospitals in New York, Vermont, Oregon, Ohio, Missouri, Nebraska and Michigan, among others. This is significant because of the potential loss of life and due to the timing of the attacks. In September, hackers attacked a Texas software company that sells administrative software and network services to cities and counties.
There were a myriad of cyber incidents in and around the US elections. Some of these events could have been unrelated to the elections, but many were directly related. It may be possible to view these events as a wave of cyber chaos before election day or as a precursor to events planned for election day. They could have been psychological warfare tactics to delegitimize the process and the results, also known as “perception hacks.”
Cybersecurity experts entered the election season cautiously optimistic. The Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) took a visible role in protecting the 2020 elections. The U.S. Cyber Command and the National Security Agency (NSA) took an offensive role in protecting the election. Their strategy was to focus on deterrence.
The week before the elections, DHS outlined some of the actions they were taking to protect the elections. DHS and CISA nurtured partnerships and collaborated with local election departments. DHS placed intrusion detection sensors on every state elections network in the country. These sensors allowed DHS to detect attacks on election infrastructure. The U.S. Cyber Command and the NSA publicly called hackers out, as in the case of the Iranians. The agencies met nation state cyber adversaries head on by infiltrating their networks. In addition to taking out the Russian bot networks, they observed their actions to gain intelligence on their plans. In some instances, they knocked them offline to further deter their efforts.
The 2016 and 2020 elections have highlighted the need for increased scrutiny of our election processes and infrastructure. In the 2016 election, states and counties were left to fend for themselves, revealing flaws in our local systems. Those flaws stem from a lack of local funding; unequally distributed cyber expertise; and ultimately, a lack of common standards and centralized management of election infrastructure. It may be unfair to expect states and counties to shoulder the burden of protecting election infrastructure. Defending against nation-state hackers requires the breadth of resources available from the United States federal government.
According to publicly available information, the 2020 elections were uneventful because some of the flaws were addressed. The United States Cyber Command, DHS, CISA and NSA successfully collaborated with local elections officials to provide centralized protection for the election. As more election information is released, the lessons learned from the 2020 elections can be used to improve security for future elections.
Author: Malik Dulaney, PhD, CISSP is an information technology professional with the University of Dallas and an adjunct cybersecurity professor with the Gupta College of Business at the University of Dallas. He is also a public sector researcher with research interests in cybersecurity in public and nonprofit organizations, cyber warfare and information technology policy. He can be reached at [email protected].
Follow Us!