Election Security

It is safe to say – a few months on – that the security of the US election of 2020 was contentious, to say the least. The US Cybersecurity and Infrastructure Security Agency (CISA) has categorically denied interference in the 2020 election, which they called “the most secure in American history”.  The claim was backed up by nearly 60 election security experts but remained controversial, ultimately costing the agency chief his job. 

To understand why cyber security became such a hot button issue at this election you need to understand the context of the past few years. The interference of the 2016 US elections has served as a continuous reminder to the US and governments worldwide on the need to make sure the democratic process is secure. Furthermore, the US elections are not the only ones that have faced cyber security challenges.

In fact, government agencies, political parties, and security professionals around the world have to deal with multifaceted challenges around election security. These can range from corrupting data and hacking voting systems, launching DDoS attacks, to sewing seeds of distrust through disinformation campaigns. 

Disinformation campaigns

Disinformation and fake news campaigns are now a regular staple of the headlines. Just last year, the UK Government made a statement that it is almost certain that threat actors sought to interfere in the 2019 General Election by spreading misinformation in the form of illicitly acquired and leaked Government documents. 

Today, we as citizens and consumers are bombarded with an unprecedented amount of information across traditional and online channels. Memes, fake articles, false advertising and impersonation of candidates across social media are just a few of the methods employed regularly by nation-state hackers. Governments and online platforms need to work together to control the changing threat landscape – whether it be fact-checking and removing misleading content or tighter regulation to put an end to disinformation around elections. In response, the UK government established a parliamentary sub-committee on disinformation. 

It’s not only governments that need to be on the offensive. For example, Google also announced a new policy for its advertising platform, banning ads that promote hacked political materials ahead of the US elections. The new rule came into effect 1st September 2020. 

Hack and Leak

A famous example of this type of attack dates back to 2017, when private emails from the campaign of Emmanuel Macron, the current French president, were posted online. More recently, hackers were able to successfully access the email of UK Trade Minister Liam Fox in a nation-back spear-phishing campaign which led to the leak of US and UK trade documents. This perpetuated a disinformation campaign credited with influencing the 2019 UK election. 

Government data is highly valuable as it can lead to the downfall of nations and dangerous if critical national infrastructure is hacked. Although governments’ and political parties’ data is a political asset, compared to the private sector, the security standards are relatively weak making it easier for the data to fall into the wrong hands. Both individuals and government parties need to ensure that appropriate steps are taken to protect sensitive information such as stronger passwords and having secure processes in place of how information is stored, transferred and managed between multiple stakeholders.

Hacking of voting systems

The final act in any election attack is of course hacking the voting system itself. This targets the actual infrastructure used for voting such as voter registration, polling place identification, ballot submission, and vote counting to change the outcome of an election. Researchers at the University of Michigan and MIT found that an online voting platform had serious vulnerabilities, which could be exploited to alter votes without voters or elections officials noticing. That said, with most elections still taking place using physical ballots, this type of election hacking remains impossible in most countries.

The future of election security

While there is no evidence that cyber attacks had any material effect on the outcome of the 2020 US election, it is clear that the challenges around election security have manifested themselves in public consciousness. 

With the potential for disinformation, leaks of sensitive data, and the hacking of voting systems, this topic will undoubtedly remain at the forefront of people’s minds for elections to come. This means governments and cyber security companies will need to work hard to retain voter confidence and ensure the democratic process is not undermined by mistrust.

If you want to learn more about the cybersecurity work we do at FieldHouse click here or contact [email protected]