Mar 17, 2020

Analysis | The Cybersecurity 202: Coronavirus contingency plans may also pose election security challenges

By Joseph Marks

An election worker sorts vote-by-mail ballots for the presidential primary at King County Elections in Renton, Wash., on March 10. (Jason Redmond/AFP/Getty Images)
Coronavirus is dealing election officials across the country a serious curveball even as they strain to keep the 2020 contests secure against another threat: Russian hacking.  
Officials are now forced to contemplate contingency plans to potentially overhaul their voting systems so Americans can still cast their ballots in a pandemic – and still ensure the process is secure. 
“Cybersecurity of elections is still a very real concern, so we have to walk and chew gum at the same time,” Lawrence Norden, director of the Election Reform Program at New York University’s Brennan Center for Justice, told me. “We need to make big changes to ensure everyone can vote safely while we still have our eyes on the issue of cybersecurity.”
One major option surfacing now is surging vote-by-mail programs so citizens can avoid the polls. Democratic National Committee Chairman Tom Perez called for states to shift to widespread mail-in voting “wherever practicable” on MSNBC last night. “That's how you can solve the problem,” he said.
But this route could create security problems of its own, election experts warned especially if it’s implemented in a tight time frame. 
For example, officials would have to put safeguards in place to ensure mailed-in ballots are secure throughout their journey to election offices and to prevent U.S. adversaries or those seeking to tamper with the vote from sending in phony ballots to sow confusion. They’d also have to guard against misinformation related to the vote-by-mail process and figure out how to deliver ballots to people without street addresses.
There’s also a heightened concern about people coercing friends and family members to vote for particular candidates with write-in ballots because the voters aren’t entering a private booth or cubicle to cast their votes.
Changes this close to Election Day are also likely to create confusion among voters that could be exploited by Russia and other U.S. adversaries in disinformation campaigns.
“Any time the process changes, it increases the risk that voters will not understand what’s going on and it increases the opportunity for malicious actors to take advantage of the process to undermine operations and spread disinformation,” Maurice Turner, an election security expert at the Center for Democracy and Technology, told me.
There are just seven months to go before Election Day, but states may hold off on taking action until a clearer picture emerges of how long the pandemic will last. Already, we're seeing big differences in how states with upcoming primaries are responding to the virus. States including Kentucky, Louisiana and Georgia are delaying their primaries. But Florida, Arizona and Illinois are pressing forward with primaries today. This has raised concerns about disenfranchising voters who are still wary of going to busy polling places. Some decisions were last minute: Ohio Gov. Mike DeWine (R) is ordering a halt to his state's primary today despite a judge's order the election should go on, as my colleagues Amy Gardner, Elise Viebeck and Isaac Stanley-Becker report.
The patchwork of state responses mean a partisan battle is even more likely in Congress over whether the federal government should move ahead with a mandate.  
Sens. Ron Wyden (D-Ore.) and Amy Klobuchar (D-Minn.), two longtime election-security advocates, introduced a bill that would mandate that voters across the nation have an option to vote by mail and authorizes $325 million to help states handle the load of mail-in ballots.
“This is one key change we can make to ensure people don’t have to sacrifice their health to exercise their constitutional rights,” Wyden told me in an interview. “This is something that would have made a whole lot of sense six months ago, but now, in the face of a public health crisis, it’s just common sense.”
Those efforts are likely to face fierce resistance, however, from Senate Majority Leader Mitch McConnell (R-Ky.) who’s opposed any federal efforts to mandate how states should run their elections. 
A Senate GOP aide declined to weigh in on the Wyden-Klobuchar bill, but told me that “we want to make sure that states have the ability to work within their own systems, procedures, and protocols to protect voters and ensure every eligible voter has the ability to cast their ballot.”
And President Trump added fuel to the fire by criticizing the delayed elections, telling reporters, “I think postponing elections, it’s not a very good thing…They have lots of room in the electoral places.”
On the ground, expanding mail-in voting would also take a huge bureaucratic effort from state and local officials. “This is a big lift and we’d need to be pulling at almost every available resource we have to make this successful,” David Levine, the elections integrity fellow at the Alliance for Securing Democracy, told me.
Advocacy groups are also pushing for expanded vote-by-mail including the American Civil Liberties Union, as my colleagues Isaac Stanley-Becker and Amy Gardner report. And the National Vote at Home Institute, a group led by former Colorado election official Amber McReynolds, is also set to release a plan this week for states and local jurisdictions to scale up options for at-home voting.


Justice Department building. (J. David Ake/AP)
PINGED: The Justice Department is dropping charges against two Russian companies indicted alongside the notorious Moscow troll farm, the Internet Research agency, for spreading disinformation during the 2016 election, my colleague Spencer S. Hsu reports.
The move was prompted by concerns that the companies, Concord Management and Concord Consulting, were using the trial process to obtain confidential information from prosecutors that they could weaponize in an information warfare campaign against the U.S. government, Katie Benner and Sharon LaFraniere at the New York Times report.
In a court filing, prosecutors said the companies used the "judicial system to gather information about how the United States detects and prevents foreign election interference.”
The stunning reversal comes just weeks before the case was set to go to trial. Former Special Counsel Robert S. Mueller III indicted the companies alongside the better known Internet Research Agency but, unlike the IRA, they opted to defend themselves in court.
The Justice Department’s move could stoke anger from Democrats, who have accused Attorney General William P. Barr of trying to undo the work of the Mueller probe amid rising concerns Russia will once again interfere in the 2020 elections.

People walk through the main hall of the normally busy Union Station train station during the morning rush hour. (Erik S. Lesser/EPA-EFE/Shutterstock)
PATCHED: Hackers appear to be taking advantage of the coronavirus pandemic to ramp up attacks on government agencies. Digital attacks against Pentagon networks have soared in recent days, Kevin Baron at Defense One reports, citing a virtual Town Hall for Pentagon employees.
“They’re already taking advantage of the situation and the environment that we have on hand,” Essye Miller, the Defense Department’s principal deputy chief information officer said during the town hall. There’s no evidence, however, that any adversaries have penetrated DoD networks. In response, the Pentagon has barred employees from using YouTube and other streaming services to prevent overburdening the system.
The Health and Human Services department was also hit by an unsuccessful effort to overwhelm its networks with phony traffic yesterday, MIT Technology Review’s Patrick Howell O'Neill reported. There was also no evidence agency networks were breached. 
Here’s the HHS statement on the reported incident: "we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate"
— Patrick Howell O'Neill (@HowellONeill) March 16, 2020
The attacks come amid an unprecedented surge in telework by federal workers across the Washington region and as the White House is urging telework by employees outside the area, as my colleague Lisa Rein reports. That surge in telework poses a serious test for agencies’ often outdated government computer systems, Lisa and I reported

President Trump. (Jabin Botsford/The Washington Post)
PWNED: Disinformation operations related to the coronavirus are still ramping up and U.S. adversaries are getting savvier about spreading phony information in ways that are harder for government and social media companies to track, my colleagues Craig Timberg, Ellen Nakashima and Tony Romm report.
Phony text messages claiming Trump would announce a national quarantine, for example, spread widely by email, text message, WhatsApp and TikTok -- not on Facebook and Twitter where they’d be easier to spot because of social networks' safeguards against disinformation. The falsehoods also spread via screenshots and it's more difficult for tech companies to detect keywords in images.
The personal nature of direct messages makes users more likely to trust the information they're receiving, says Graham Brookie, the director of the Atlantic Council’s Digital Forensic Research Lab, which tracks disinformation. "It’s a return to an older threat,” said Brookie. “We saw it on e-mail. This is not new. We’re going to need to figure out more mechanisms to learn about it more quickly.”
National security officials are investigating if foreign adversaries are behind the misinformation campaign, which appeared aimed at causing a rush on stores that would disrupt supply chains and create panic.
The White House’s National Security Council publicly debunked the claims on Sunday, tweeting “text message rumors of a national #quarantine are FAKE. There is no national lockdown.” Trump also addressed the viral text messages yesterday, telling the press “It could be that you have some foreign groups that are playing games.”
More than one operative may have been responsible for the text messages, one U.S. official told my colleagues, based on the sophistication of the messages. Both the Pentagon and State Department issued warnings about foreign adversaries allegedly targeting Americans with coronavirus misinformation.
Attorney General Barr urged U.S. attorneys to prioritize prosecutions and investigations of scammers and cyber criminals looking to take advantage of the COVID-19 crisis, Alex Mallin at ABC News reports.


— Cybersecurity news from the public sector:

How a presidential promise launched Verily, an Alphabet-owned health science unit, to the front lines of the pandemic
Douglas MacMillan, Heather Kelly, Elizabeth Dwoskin and Josh Dawsey

The Senate approved a short-term extension of a batch of expired domestic surveillance powers, delaying consideration of a host of privacy changes to pivot attention to the coronavirus crisis.
The Wall Street Journal


— Cybersecurity news from the private sector:

Hackers are zeroing in on government health agencies and hospitals, who are already struggling to keep pace with the coronavirus pandemic, as a way to make money and cause disruptions in the midst of a global crisis.
The Hill

You can always count on hackers to exploit a terrible situation to try to make a buck.

Shadowserver has helped keep the internet safe for 15 years. Unless it can raise funds fast, it's going to disappear.

Influencers and Russia have linked the virus sweeping the globe to the new, super-fast wireless technology. They're wrong.


— Cybersecurity news from abroad:

Online enforcers are dragging in hundreds for questioning as an assault on online speech continues. They are a sign of how Beijing has given censors a more punitive role.
New York Times

Israel’s government will invoke emergency regulations to speed up the deployment of cyber monitoring in the fight against the new coronavirus, Prime Minister Benjamin Netanyahu said on Monday.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Latest Post Published

From The Desk of Fernando Guzmán Cavero: Notification

Dear Friends:  Soon I'll be back with you with my selected financial daily News. Please, stay tuned                                     ...