2020 Election Security: Sizing Up PreparednessSecurity Experts Say US Is Better Prepared This Time Around
The U.S. is better prepared to respond to election interference and related cybersecurity issues than it was four years ago, several security professionals, including one of the FBI's top experts, tell Information Security Media Group.
See Also: Third-Party Risk to the Nth Degree
Improvements in communication among the FBI and Department of Homeland Security and private sector companies, including social media firms, have boosted election security in the run-up to the November presidential election, those experts say.
"We've done a much better job since 2016 of really establishing channels of communication and being able to share threat indicators with [social media firms], so that they can protect their platforms. That's really one of the good things that we've done," FBI agent Elvis Chan tells ISMG.
Nevertheless, Russia remains the most significant nation-state threat to the U.S. election thanks to trolls and hackers who have developed cheap and easy ways to influence the vote, says Juliette Kayyem, the former assistant secretary for intergovernmental affairs at the Department of Homeland Security.
Christopher Krebs, the director of the U.S. Cybersecurity and Infrastructure Security Agency, said in a keynote presentation at the recent RSA 2020 conference that the 2016 election served as a wake-up call to the threat that nation-state hackers can pose to the foundation of a democratic society (see: CISA's Krebs: 2016 US Elections Were Cyber 'Sputnik' Moment)
Unlike during the 2016 election, when communication about threats was more limited, the FBI has now established communication channels with social media firms and is sharing more threat intelligence with them to help better secure their platforms, the FBI's Chan says (see: Feds, Tech Giants Meet to Coordinate 2020 Election Security).
In addition, various government agencies have improved the way they share election-related information and intelligence among themselves, Chan says. Federal agencies are also more willing and able to provide details to their counterparts at the state and local level, he notes.
"I can report that we're doing a really good job of sharing all of each agency's reporting with each other, so everyone is really well informed of what is happening right now and what is on the horizon," Chan tells ISMG.
While the U.S. government has gotten better at coordinating and communicating about election security, concerns remain that Russia or another nation-state, such as Iran, could attempt to interfere with the 2020 election, Kayyem says.
While a series of reports from the U.S. Senate Intelligence Committee, along with the findings from Special Council Robert Mueller's investigation, found that Russia-linked attackers attempted to hack into voter databases and used social media to spread disinformation during the 2016 election, other countries may attempt similar interference this year, Kayyem says. Some security experts have warned that tensions with Tehran might cause Iran to wage cyberattacks (see: Congress Hears Warnings of Iranian Cyberthreats).
Because U.S. elections are controlled by states and local governments, Kayyem says that it would be difficult for a nation-state to successfully launch an attack that would change the outcome of the upcoming elections. "An enemy would have to be very sophisticated to impact an election," she says.
Nevertheless, Kayyem, who is now a professor at Kennedy School of Government at Harvard University, says that the risks posed by the use of technology in elections must be addressed.
In January, for example, Iowa's Democratic Party caucus was thrown into chaos after the mobile app designed to report results failed because of technical problems (see: The Iowa Caucus: No Hacking, But a Bungled Risk Matrix)
The use of paper ballots helped rescue the process, but the incident shows the limits of untested technology in such a crucial area as the democratic process, Kayyem says. "They launched a new app the day of election, without training, without understanding how it works, so that was just ridiculous," she tells ISMG.
Phil Reitinger, a former Homeland Security official who is the president of the Global Cyber Alliance, a nonprofit organization focused on eradicating systemic cybersecurity risks, tells ISMG that the best way to prepare for the election is for local officials to follow good security practices. "Cyber hygiene gives by far the highest return on investment," he says.