U.S. says it’s prepared for cyber election threats. But weaknesses remain
Haunted by Russia’s brazen effort to meddle in the last election, federal and state officials have erected what they believe are formidable barriers to thwart cyber-attacks ahead of Tuesday’s presidential vote.
Cybersecurity experts, including those authorized to deploy military cyber capabilities, have been brought together to form an ‘all of government’ effort to ensure voters decide whether Donald Trump or Joe Biden wins, without U.S. adversaries sabotaging the process. That means dozens of state, local, federal and private players, amounting to hundreds of people, will be linked to the Department of Homeland Security’s command center on election night.
The effort will be led by the DHS’s Cybersecurity and Infrastructure Security Agency, known as CISA, and will include representation from U.S. Cyber Command, the State Department, the National Security Agency, the FBI and the likes of Facebook and Twitter, as well as states, counties and private sector cyber surveillance teams.
That’s not all. Congress has distributed nearly a billion dollars to states to protect voting systems and procure paper trails — that can be audited — for each vote. And both non-profit and private sector companies have shared subsidized malware detection systems to watch for intruders seeking to topple voting systems or provoke chaos on and after Election Day.
Whether the new defenses are enough to keep nation-state hackers from disrupting the election may not be known for days, or even weeks, after the vote. But government officials and cybersecurity experts said they are optimistic the nation’s cumulative efforts can prevent a major breach.
“In 2016, when I asked government officials what they would do if Russia attempted to discredit the result of the election, they had no answer,” said Dmitri Alperovitch, then the chief technology officer of the cybersecurity company CrowdStrike. “Now, they’ve gamed out certain scenarios. They’ve at least thought about it.”
Early indicators show that the cyber barriers are working as planned, at least in larger jurisdictions with access to the tools needed to monitor their networks, Alperovitch said. What’s less known is whether smaller localities with limited resources have bought-in and sought out similar protections, he said.
There’s little doubt that Russia and other nation-state adversaries, as well as criminal hackers, are trying to disrupt the election. Iranian hackers have been particularly brazen, hacking into one state’s voter registration database and attempting to breach many more.
Protecting votes and result-reporting systems will be essential to ensuring the election’s integrity, said Suzanne Spaulding, a former DHS cybersecurity official in the Obama administration.
“CISA has done exactly what it’s equipped to do, but defending elections is about a lot more than one agency of the federal government,” said Spaulding. “What we’re about to find out is how well the rest of the country has prepared since 2016.”
Improved cyber defenses in many states illustrate the changes since 2016. For example, Washington state’s defenses were tested in September when many agencies were infected with malware. Officials worried that the attack might have implications for the election, and both the federal government and private sector threw the kitchen sink at snuffing it out. The cyber unit of the Washington National Guard was summoned to help.
Starting in July, any time a state’s National Guard cyber unit is summoned, they carry with them the weight of U.S. Cyber Command. The guard’s duty in this case was to fend off infection in the voting system by segregating the secretary of state’s network from the rest of the state, said Washington National Guard Adjutant General Gent Welsh.
The situation was dire enough for the state to contact Cyber Command using the newly instituted Cyber 9-Line, an emergency, data-sharing channel. It operates via secure email that allows participating National Guard units to diagnose a foreign attack and provide swift mitigation strategies that can be shared with the state.
“If you have Cyber Command as your phone-a-friend, you can quickly find out if this is something popping up in other states and how they’re dealing with it,” said Welsh. “We’ve found a way to get the most sophisticated cyber intelligence to support our own secretary of state. That’s a win.”
Similarly, DHS officials have been flying across the country to meet with state and local election officials in order to make them aware of their exposure to cyber-attacks. In a close election, toppling voting systems even in a small, swing-state county could have an impact, said Ben Spear, director of the Elections Infrastructure Information Sharing and Analysis Center, a non-profit organization that connects local election administrators to CISA and the FBI. Among the most damaging threats could be ransomware attacks on state and local voting systems that could slow down or halt the voting process, he said.
Potential problems will be monitored closely from DHS’s high-tech National Operations Center, located in southeast Washington D.C., according to a person familiar with the preparations. A second DHS command center in northern Virginia will monitor specifically for cyber-related issues, including meddling by nation-state adversaries. That one will include expanded staffing from multiple U.S. government agencies as well as telecommunications companies such as Verizon and AT&T, the person said.
U.S. Cyber Command, which controls the government’s arsenal of sophisticated cyber weapons, will monitor events from yet a third command center in the Washington D.C.-area.
That doesn’t mean blind spots don’t exist.
At least 11 U.S. states, including Michigan, Wisconsin, Florida and Georgia, still allow voting jurisdictions to use wireless-enabled voting equipment to transmit unofficial, election-night results, despite repeated warnings from DHS that such systems are vulnerable to attack.
“There’s so much added risk with these systems,” said Maurice Turner, a senior adviser to the Election Assistance Commission, which sets federal voluntary standards for voting machines.
With the beefed up defenses, many experts are betting that the 2020 vote will pass without a dramatic cyber attack on elections systems.
“There’s always background noise, that doesn’t stop,” said Matthew Prince, chief executive officer at Cloudflare, which supports public facing election infrastructure for 28 states in the 2020 election. “The question we’re trying to answer is where there is something systematic that’s undercutting election infrastructure generally, and we’re just not seeing it.”