The year 2016 has not been kind to people who worry about cyber attacks. In addition to penetrating the campaigns of both major presidential candidates, attackers tentatively linked to Russia have compromised the state board of elections in two states, stealing two hundred thousand voter records. America’s electoral system is under threat. Even the implication that they might be able to do this has commenters in a tailspin. If it’s true as seems likely, that Russian hackers are behind this event, then we are facing an adversary that’s skilled at using hacked information in concert with state media in order to sow fear, uncertainty, and doubt. From our most recent white paper:
“State sponsored resources (the Russian hackers), use a supposedly neutral channel (Wikileaks), to leak damaging information about a target. Russian media, such as the RT, covers the leak widely, promoted by an army of paid trolls. Legitimate media outlets, sensing the buzz, begin to pick up the story, essentially providing free ammunition for a political attack. Although this is essentially the exact outline of the DNC email breach story—to the extent that paid Russian trolls were actually diverted to impersonate Trump supporters at one point—it also fits the mold of a great many information warfare attacks that Russia has made over the years.”
The Appearance of a Threat is as Dangerous as the Threat Itself
Russian hackers clearly want to do is destabilize trust in the electoral process and embarrass at least one of the presidential candidates. Their ultimate aim is to undermine the eventual winner to the extent that they do not enjoy support from congress or the American people. This suits their motives—the more destabilized Americans are at home, the less likely that they’ll act effectively to oppose Russian interests abroad.
In order to secure the electoral process, we can’t just remove its vulnerability, we need to begin erasing the perception that it’s vulnerable. Any indication that the election results are "rigged," as Donald Trump has suggested, could lead to systemic instability and the erosion of democratic norms in America. Restoring that trust, however, is easier said than done. This starts with top election officials properly securing their environments and minimizing the risk of data compromise, which will lead to trust amongst voters. They, however, cannot just keep information compromise out of the news and away from the public by not being forthcoming.
Securing the Election Begins at the State Level
All indications are that state-level employees have their work cut out for them in terms of cybersecurity. According to a 2015 Ponemon Institute report, most state-level IT and IT security personnel view their jobs as stressful, with their tools and standards insufficient to meet the challenge of keeping their data safe.
In spite of these drawbacks, state-level cybersecurity administrators are nonetheless the individuals who are responsible for preserving the integrity of our elections, once all is said and done. Can they rise to meet this challenge?
Read the Safe-T white paper, “Election Under Threat: How States Can Secure the Electoral Process,” in order to learn about how state and government agencies can secure the electoral process. Our paper outlines a number of ways that states have successfully fortified their secure data by creating overall strategic plans, outlined their incident response, and innovated by creating robust public-private partnerships in the name of mutual defense.
The electoral system is under a very real and very severe threat. Only states have the power to turn this threat aside. To learn how they can do this, check out our white paper.