The 2020 Elections: Why Cybersecurity Matters

September 17th, 2019

No matter which side of the political divide you fall on, everyone needs to prepare for the onslaught of the 2020 elections. Amid the barrage of political ads and hot takes, there are a lot of serious issues that need to be discussed. Cybersecurity is one of the most critical, although it may end up overshadowed amid other distractions.

Why Is Cybersecurity so Important Ahead of the 2020 Elections?

There are two critical reasons. The first is that as our lives and businesses have moved online. We have become more vulnerable to internet-based attacks. In recent years, attack rates have been growing rapidly, and bolstering our cyber defenses is a critical part of protecting our modern way of life.

Secondly, the 2016 election was heavily influenced by Russian cyber attacks and online propaganda. The country needs to improve its cybersecurity to keep its democratic process free from foreign influence.

How Were the Elections Influenced by Foreign Adversaries?

Russian agents targeted the 2016 elections in a multi-pronged campaign. This included setting up fake social media accounts that promoted extreme views of both the left and right. The goal was to sow discord across the country.

On top of this, there were a number of different hacks. The most damaging were attacks against the DNC and Clinton campaign, which resulted in thousands of emails being released. The leaks were prominent talking points throughout Clinton’s election bid, and arguably had an influence on the outcome.

Ahead of the elections, voting systems and databases were penetrated by Russian operatives in 39 states. At this stage, it seems that the probes were mainly focused on seeking out vulnerabilities and accessing data. There is no evidence that any votes were changed.

Russian meddling continued in the 2018 midterm elections as well. At the start of the year, Secretary of State Rex Tillerson and six US intelligence agencies acknowledged that Russia was attempting to influence the midterms.

At the start of the year, thousands of emails from senior aides of the National Republican Congressional Committee were accessed by hackers, however the attacks weren’t reported on until December. Attacks continued throughout the year, with attempts targeting the Utah voter registration database, three candidates for Congress, and others.

There were also a number of propaganda campaigns, including the launch of the new media outlet USAReally, Russian support of the WalkAway social media crusade, and continued coordination of fake accounts.

Why Should We Expect Further Election Interference?

The most obvious reasons are that the interference has never really stopped, and it also seems like the techniques have been effective in working toward the perpetrator’s aims. According to the Guardian, Steven Hall, a retired chief of the CIA’s Russian operations said, “Russia would be remiss not to try again, given how successful they were in 2016.”

As the trade war with China heats up, new election cyber threats could emerge from another powerful adversary. However, according to a 2018 quote from Homeland Security Secretary Kristjen Nielsen, there was “no indication” that China had been directly meddling with election systems at that stage.

What’s Being Done to Protect the Election?

In response to the attacks, there have been a number of different moves to increase election security. In 2018, Congress passed a bill that granted $380 million toward election defenses. Part of the funding was for state grants that covered the purchase of voting machines with enhanced security, election audits, and cybersecurity training.

The HR 1 bill included provisions for enhancing election security and would have required the director of intelligence to examine foreign threats more thoroughly. The Defending Elections Against Trolls From Enemy Regimes Act and the Defending The Integrity Of Voting Systems Act were also introduced. All three of these bills included provisions that are aimed at defending elections, but according to Senator Roy Blunt, it is unlikely that any of them will pass the Senate.

Democratic Senators also introduced a bill to revert back to paper ballots instead of using electronic voting machines. These machines are renowned for their security issues, however the bill also looks like it may not pass.

How Can Elections Be Protected?

At the national level, very little has been done to defend against Russia and other adversaries meddling in US elections. While a number of the above-mentioned bills would have been positive steps for national security, it seems like they won’t be enacted.

One of the biggest threats comes from the notoriously insecure electronic voting systems that many states use. These are difficult to secure, even in best-case scenarios. Given how severe the threat is and that these systems have already been penetrated in the past, moving back to paper-based elections would help to protect the outcome from interference.

Another key priority is to secure the emails of all key targets, including those campaigning on both sides, election officials and other high profile individuals. In the past, email accounts have been a prime target for election-related attacks.

Email attacks tend to succeed because of weak passwords or social engineering. All vulnerable parties need to make sure they are using unique and strong passwords for each of their accounts. An easy way to do this is to deploy a password management tool like LuxSci’s WebAidesTM passwords.

On top of this, politicians, officials and their staff need to be trained to recognize and avoid social engineering and phishing attacks. These attacks can involve hackers impersonating key figures and demanding credentials, emailing convincing-looking links that actually lead to malware, and other clever scams.

These two simple changes would go a long way toward keeping email accounts safe ahead of the election. They would significantly reduce the success rate of email-related attacks, reducing the opportunities that Russians have to influence the outcome.