Pages

Search This Blog

Translate

Search Tool




Nov 4, 2020

Analysis | The Cybersecurity 202: U.S. officials see no evidence of hacking of American voting systems


Joseph Marks

But counting in the presidential contest isn't complete. And President Trump, meanwhile, made it easier for adversaries to sow doubt about the results by declaring premature victory in an early morning speech, baselessly calling the continued vote counting “a  major fraud on our nation” and pledging to bring his case to the Supreme Court.

As Wisconsin, Michigan, Pennsylvania, Georgia and other key states continue to count votes, election security leaders are still fretting about attacks that could sow confusion or mistrust in those results –  including efforts to disrupt state and county vote reporting sites or knock them offline. Adversaries could also spread disinformation aimed at undermining confidence in the vote counting process.

“The attack surface is shifting from the actual voting process itself to the counting, the canvasing, the auditing and the certification in the next couple of weeks,” a senior CISA official told reporters during a late evening call.

Early Wednesday morning in a statement from the White House, Trump also accused Democrats on Twitter of trying to steal the election – a claim the social media company labeled as misleading and limited its spread. Trump's statements were denounced by some Republicans including Trump allies like former New Jersey Gov. Chris Christie (R). 

Though DHS officials repeatedly warned that Americans must be patient while results are tallied, they signaled yesterday they would not contradict the president's attacks on the voting process. 

“What we’re not going to do today is comment on what either campaign is going to say,” DHS acting secretary Chad Wolf said during a press conference. “We’re going to let the campaigns do what they do and the folks at CISA are going to stay focused on their mission.”

Post-Election Day attacks from adversaries could be even more effective than ones on Election Day because they could target a handful of states key to the race's outcome. They could also play on the frayed nerves of a nation that’s been split by the presidential contest and fears either a Trump or a Biden victory. 

I hope we know the results of this race soon,” Alex Halderman, a University of Michigan election security expert, told me. “The sooner we know, the smaller the window of vulnerability we’re going to be left with.”

The extended vote counting in key swing states was helped along by a few technical foul ups, but no hacking, officials said. 

Two of Georgia’s most populous counties were forced to delay counting mail ballots early Wednesday – because of a scanning problem in Gwinnett County that affected at least 80,000 absentee ballots and because of a broken water pipe at a ballot processing site in Fulton County that delayed processing thousands more ballots. 

Similar snafus delayed voting, processing ballots and announcing results earlier Tuesday in numerous other places, including in Texas where a results reporting website got knocked offline temporarily, seemingly due to a high volume of traffic, and in Franklin County, Ohio, where electronic poll books failed to operate and officials had to switch to paper backups. 

Such problems are typical of any election, but they caused extra concern during the hotly anticipated contest that was marked not only by fears of foreign interference and intense partisan rancor but also by the shift six months ago to pandemic-era voting conditions and a nationwide surge in voting by mail and early voting. 

Experts were mostly relieved there weren't more problems throughout Election Day. 

“Things have gone relatively smoothly considering all the obstacles that existed in the 2020 election cycle from civil unrest to the threat of foreign interference to a pandemic and intense polarization,” David Levine, the elections integrity fellow at the Alliance for Securing Democracy, told me. 

I’m cautiously optimistic that the 2020 election will be decided solely by American voters," he said. 

“Ironically, I think the uncertainty around the pandemic and the scrutiny it has put on election administration for many months might have been beneficial in terms of helping to educate the public about things that could happen and tempering their expectations,” Edward Perez, global director of technology development at OSET Institute, a nonprofit election technology organization, told me. 

The extended vote counting process in the crucial states of Wisconsin, Michigan and Pennsylvania, meanwhile, was largely by design — the result of laws barring counties from counting mail votes until after or soon before Election Day. 

Voting was also disrupted by a wave of roughly 10 million robocalls and texts urging voters to stay home rather than head out to cast their ballots. The calls targeted voters across the nation but especially in states with tight presidential races such as Michigan. 

There was also a barrage of disinformation beyond the president’s unfounded claim about an attempt to steal the election, including a post that Twitter removed in which a person falsely claimed to be a Pennsylvania poll worker who had thrown out hundreds of Trump ballots, Elizabeth Dwoskin, Isaac Stanley-Becker, Craig Timberg and Cat Zakrzewski report

Even with concerns still running high, the fact that voting itself appeared to be unaffected by hacking was notable four years after the 2016 contest was upended by Russian interference. 

Russia and Iran were both actively probing state and local election networks as recently as the weeks before the election and Iran managed to steal some non-public voter data and to launch a voter intimidation effort posing as the far-right group the Proud Boys. 

But on Election Day there appeared to be even less adversary activity than in 2018, which was also free of significant hacking, officials at CISA and U.S. Cyber Command said.

It’s not clear why adversaries held their fire

The preferred explanation of many election officials and experts was that four years of preparations, planning and new cybersecurity protections simply made the U.S. election a far tougher target. 

“There is such a thing as deterrence by denial,” the CISA official said. Improvements including a shift to auditable, paper-based voting systems and advanced cybersecurity protections for state and county election offices “played some role in deterring bad actor activity,” the official said.

CISA also gathered dozens of election leaders and representatives from intelligence agencies, voting machine vendors and social media companies at its headquarters to coordinate responses to any hacking or other disruptions as well as ran a virtual war room for thousands of state and local election officials throughout Election Day.

I can’t overstate how the operations in that center gave us a level of visibility I couldn’t have imaged in 2016,” Ben Hovland, chair of the Election Assistance Commission who spent much of the day at CISA, told me.

U.S. Cyber Command has also gone on offense, making it harder for adversaries to launch attacks on election systems, Ellen Nakashima reports. That includes operations in the past two weeks against hackers with Iran’s Islamic Revolutionary Guard Corps who launched the Proud Boys operation. 

Cyber Command Chief Gen. Paul Nakasone said he was “very confident in actions” taken against adversaries “over the past several weeks and the past several months to make sure that they’re not going to interfere in our elections,” Ellen reports. 

CYBERCOM’s work began after the 2018 midterms and will continue until the votes are certified, Nakasone said, pledging, “This is just the start.”

Chatroom

This was one of the weirder snafus that slowed the voting process:

The keys

A key Senate supporter of cybersecurity defenders and an antagonist of encryption will be around for another term. 

The top Democrat on the Senate Intelligence Committee Mark R. Warner (Va.) won reelection as was expected, putting him in the running to take over the committee if Democrats take control of the chamber. That prospect looked less likely as Republicans were projected to hold on to several of their endangered incumbents.

Warner, who co-founded the Senate Cybersecurity Caucus, has taken a leading role in tackling foreign disinformation and pushing legislation that will fund and secure emerging technologies such as 5G telecommunications networks. 

Also returning is Senate Judiciary Chair Lindsey O. Graham (R-S.C.), who beat a well-funded opponent Jaime Harrison in the most competitive race of his career. Earlier this year, Graham sponsored the EARN IT Act, which would strip tech companies of liability protections for what users share on their platforms if they don’t follow new rules mandated by a task force created under the bill. The act has faced heavy criticism from civil rights and privacy experts who say it could be a steppingstone to forcing tech companies to give law enforcement special access to encrypted technologies.

One member of the Senate who was defeated for reelection is Sen. Cory Gardner (R-Colo.), who co-sponsored the Internet of Things Cybersecurity Improvement Act with Warner. Former Colorado governor John Hickenlooper (D.) will take his place. Hickenlooper helped establish a national cybersecurity center in his state as governor.

Rep. Will Hurd (R-Texas), one of the few cybersecurity experts in Congress, is retiring.

A Pennsylvania court will hear a lawsuit seeking to block provisional ballots for disqualified absentee voters. 

The lawsuit led by Rep. Mike Kelly (R-Pa.) claims the state had already ruled that the practice was not protected by state law and that counties ignored the ruling, CBS Pittsburgh reports. Pennsylvania is among the states still processing its presidential ballots. 

The lawsuit could be just the first of many lawsuits launched by Republicans contesting votes, as Elise Viebeck reports.

Secure log off

(No animals actually voted in the making of this content.)

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.