Pages

Search This Blog

Translate

Search Tool




Nov 3, 2020

Analysis | The Cybersecurity 202: The 2020 election is far more secure than four years ago. But experts are still eyeing these five things.


Joseph Marks


Those improvements — which will be tested today — are the result of dogged efforts by state and local election officials in red and blue states alike, shepherded along by more than $1 billion in funding from Congress and a major effort by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. 

Changes include attaching DHS cybersecurity sensors to election systems in all 50 states and in local election offices in 30 states. States have also transitioned away from outdated voting machines that lacked a paper record to prove voters’ ballots were recorded as intended, and they’ve vastly increased post-election audits to verify votes were tallied correctly. 

U.S. Cyber Command has launched a massive operation to find and disable hacking groups from Russia and elsewhere that are trying to disrupt U.S. elections, including significantly expanding its work with allies to see what those nations are doing on their networks, the New York Times reports. Meanwhile, cybersecurity firms and social media companies have gotten far better at spotting and exposing coordinated disinformation campaigns, and media organizations have grown savvier about not repeating such disinformation. 

The shift although short of what many election security advocates had hoped for significantly outshines what many expected following the last election. 

“No one expected that influence operations and the security of elections would be as much on the radar as it has been the past four years,” Neil Jenkins, a former DHS official who helped lead the early process, told me. “We were operating under the assumption everyone would move on and the work wouldn’t be as public as it has been. But now I don’t think it’s going to stop being as public as it has been. This isn’t going to go away as an issue.” 

There are gaps in the nation’s defense against election interference, to be sure. 

Democrats in Congress warn the $1.1 billion the federal government has spent on elections since 2016 is billions short of what’s truly needed.

But those attacks fall far short of the catastrophic incidents experts have feared — such as a hack that changes actual vote tallies or that alters or locks up voter registration data to create chaos at the polls and makes voting difficult or impossible. 

It’s also a major positive sign that more than a month of early and mail voting has concluded without any significant hacks or disruptions calling into question the legitimacy of votes. 

Here’s more from CISA Director Chris Krebs:

With that in mind, here are five election security concerns to keep an eye on this evening and until the results are clear:

1. Last-minute attacks by adversaries:

There’s still time for Russia, Iran or another U.S. adversary to launch an attack aimed at discrediting the election. Although such an attack could target voting infrastructure itself, officials are more concerned at this point about attacks targeting public-facing election websites that may be less well protected, such as those that direct voters to polling sites or report election results.  

CISA has two major concerns, Krebs told reporters during a recent tour of the agency's election war room. The first is that hackers will block access to those sites with denial of service attacks — essentially overwhelming them with digital requests so they become inaccessible. 

The second is that hackers will deface the sites to try to intimidate voters and sow anxiety. 

Such website defacements are “a tried and true tactic, especially of the Iranians,” Krebs said, pointing to an Iran-linked attack that defaced the Government Publishing Office website after a U.S. drone strike killed top Iranian military commander Maj. Gen. Qasem Soleimani in January. 

In that case, hackers defaced the GPO page with a not-so-subtle image of Trump’s bloodied face being punched across the cheek with two golden missiles emblazoned with the Iranian flag shooting across the page. 

2. Phony claims by adversaries:

Even if Russia, Iran or another adversary doesn’t succeed in compromising U.S. election infrastructure, they may simply claim they did — especially if there’s a technical foul-up such as malfunctioning voting machines, electronic pollbooks or crashing election websites they can claim credit for. 

Such snafus are common but could create widespread concern this year among voters primed with four years of anxiety about Russian hacking.

In Franklin Count, Ohio, for instance, poll workers have already had to switch to paper versions of pollbooks this morning because electronic ones failed to load early voting data, Ohio Secretary of State Frank LaRose’s office said.

CISA and state and local election officials are aiming to investigate any such problems quickly so they can sort out what’s actually nefarious and release information to the public. 

Here’s more from Georgetown University professor and election security expert Matt Blaze:

And from Edward Perez, global director of technology development at OSET Institute:

3. The rumor mill:

One of CISA’s greatest concerns is that even without any action by adversaries, rumors will simply spin out of control in ways that degrade faith in election processes, the secrecy of the ballot or the legitimacy of the outcome. 

The agency recently posted a rumor control page it plans to update and publicize until election results are final. Topics range from assuring voters it’s normal for results to be counted after Election Day to warning that bad actors might spread disinformation by spoofing emails that appear to be from a legitimate organization. 

4. Domestic disinformation:

This may be the most difficult challenge to combat — especially given Trump’s documented history of making unfounded claims and spreading false information on social media. 

Social media companies have pledged to fact-check posts from Trump and other officials making false claims about the election's legitimacy and have followed through on labeling and limiting the spread of numerous Trump posts claiming without evidence mail voting will produce massive fraud. 

As recently as Monday, Twitter labeled and blocked sharing of a Trump tweet charging without evidence that a Pennsylvania law allowing the counting of mail ballots for three days after today would “allow rampant and unchecked cheating and will undermine our entire systems of laws.” Facebook added a disclaimer to the post stating mail ballots have a “history of trustworthiness.” 

But government agencies may be less well equipped to fact-check the president they serve. Krebs told reporters CISA is committed to correcting claims that undermine confidence in the election but stopped short of saying he’d directly contradict any of Trump’s claims, saying, “It’s not my job to fact-check any candidate, certainly on the presidential ticket.” 

5. Patience:

Election officials have been warning for months that official election results probably will take longer this year because of the complex process of counting a surge of mail ballots during the pandemic. The wait may be longer in some states because they’ll be accepting ballots postmarked on or before Election Day but which arrive afterwards. They've counseled not to expect a definitive result until days or weeks after voting concludes. 

That potentially long wait creates a window where adversaries could spread loads of disinformation to undermine confidence in the counting process. And Trump, who repeatedly claims without any factual basis the result should be clear on election night, might be aiding them. 

Sen. Mark Warner (Va.), the top Democrat on the Senate Intelligence Committee:

The keys

Former acting intelligence chief Richard Grenell is under fire for spreading disinformation about Joe Biden. 

Grenell falsely claimed on Twitter that Biden wasn’t wearing a mask on a plane, but the picture he posted was taken before the coronavirus pandemic began. 

“Washington, DC phony!” Grenell tweeted. “Joe Biden doesn't wear a mask on a plane — but wears one OUTSIDE!?”

Still, the tweet racked up more than 27,000 retweets in the hours before it was labeled, CNN's Andrew Kaczynski reports. The delayed reaction raises concerns about the onslaught of misinformation Twitter could face today. 

Grenell, who was appointed by Trump and served only four months in the top intelligence position, continued to hammer Biden on his personal feed. He blew off the correction, pointing to other recent pictures of an unmasked but socially distanced Biden outdoors.

Lawmakers worry a recent Air Force purchase of dozens of Chinese-made drones could threaten national security. 

The 57 DJI drones were purchased through an exemption given to the Pentagon for training and intelligence purposes. Sens. Rick Scott (R-Fla.) and Chris Murphy (D-Conn.), who sponsored legislation restricting the purchases, expressed concerns that use of drones could allow military information to fall into the hands of the Chinese government.  

“Why would we allow the U.S. government to purchase drones from China?” Murphy said. “Doing so allows Beijing to gather sensitive data from us and rewards an adversary at the expense of our own American manufacturers.”  

The Air Force defended the use of the drones, which are often cheaper than non-Chinese alternatives, saying that they aren't used near sensitive sites or connected to military networks. DJI has rejected claims by lawmakers that the data collected by the company is sent to China. 

A U.S. judge sentenced a Russian hacker to eight years in prison for a fraud scheme that generated up to $100 million. 

The hacker, Aleksander Brovko, and his cronies used a network of infected computers called a botnet to steal financial information from other people, Tim Starks at CyberScoop reports.

Brovko’s role was to write software that sorted through the troves of information stolen by the botnet to figure out what could be used to conduct fraud.  

The hacker's scam involved more than 200,000 stolen credit cards and other payment accounts. Brovko pleaded guilty to conspiracy to commit bank and wire fraud.

Securing the ballot

A federal judge rejected Republicans' attempt to invalidate more than 100,000 Texas ballots that had already been cast via drive-through voting. 

U.S. District Judge Andrew Hanen said the conservative activist and Republican candidates who complained the drive-through voting was illegal didn't have standing to challenge the ballots, Neena Satija, Brittney Martin and Aaron Schaffer report. Two Texas state courts had already rejected the complaint against the Harris County ballots. 

The drive-through centers will remain open on Tuesday, said Harris County Clerk Chris Hollins. 

“The purpose of this litigation from the beginning has been to confuse voters, to spread misinformation,” Hollins said after the Monday afternoon ruling. “Their motive is not to win. Their motive is to delay. Their motive is to confuse. Their motive is ultimately to reduce the odds that folks are going to exercise their constitutional right to vote.” 

More election news:

Chat room

Middlebury Center on Terrorism, Extremism, and Counterterrorism researcher Alex Newhouse breaks down the relationship between QAnon and Russian trolls:

And here's Krebs's full primer on Election Day security:

Daybook

  • The Cybersecurity Coalition and the Cyber Threat Alliance will host CyberNextDC on Nov. 17-18, starting at 11 a.m.

Secure log off

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.