Haunted by Russia’s brazen effort to meddle in the last election, US government officials have erected what they believe are formidable barriers to thwart cyberattacks ahead of Tuesday’s presidential vote.
Cybersecurity experts, including those authorised to deploy military cyber capabilities, have been brought together to form an “all of government” effort to ensure voters decide whether Donald Trump or Joe Biden wins, without US adversaries sabotaging the process.
That means dozens of state, local, federal and private players, amounting to hundreds of people, will be linked to the department of homeland security’s command centre on election night.The effort will be led by the DHS’s Cybersecurity and Infrastructure Security Agency, known as CISA, and will include representation from US Cyber Command, the state department, the National Security Agency, the FBI and the likes of Facebook and Twitter, as well as states, counties and private-sector cyber-surveillance teams.
That’s not all. Congress has distributed nearly a billion dollars to states to protect voting systems and procure paper trails — that can be audited — for each vote. And both non-profit and private-sector companies have shared subsidised malware detection systems to watch for intruders seeking to topple voting systems or provoke chaos on and after Election Day.
Whether the new defences are enough to keep nation-state hackers from disrupting the election may not be known for days, or even weeks, after the vote. But government officials and cybersecurity experts said they are optimistic the nation’s cumulative efforts can prevent a major breach.
Gamed scenarios
“In 2016, when I asked government officials what they would do if Russia attempted to discredit the result of the election, they had no answer,” said Dmitri Alperovitch, then the chief technology officer of the cybersecurity company CrowdStrike. “Now, they’ve gamed out certain scenarios. They’ve at least thought about it.”
Early indicators show that the cyber barriers are working as planned, at least in larger jurisdictions with access to the tools needed to monitor their networks, Alperovitch said. What’s less known is whether smaller localities with limited resources have bought-in and sought out similar protections, he said.
There’s little doubt that Russia and other nation-state adversaries, as well as criminal hackers, are trying to disrupt the election. Iranian hackers have been particularly brazen, hacking into one state’s voter registration database and attempting to breach many more.
Protecting votes and result-reporting systems will be essential to ensuring the election’s integrity, said Suzanne Spaulding, a former DHS cybersecurity official in the Obama administration.
“CISA has done exactly what it’s equipped to do, but defending elections is about a lot more than one agency of the federal government,” said Spaulding. “What we’re about to find out is how well the rest of the country has prepared since 2016.”
Improved cyber defences in many states illustrate the changes since 2016. For example, Washington state’s defenses were tested in September when many agencies were infected with malware. Officials worried that the attack might have implications for the election, and both the federal government and private sector threw the kitchen sink at snuffing it out. The cyber unit of the Washington National Guard was summoned to help.
Starting in July, any time a state’s National Guard cyber unit is summoned, they carry with them the weight of US Cyber Command. The guard’s duty in this case was to fend off infection in the voting system by segregating the secretary of state’s network from the rest of the state, said Washington National Guard adjutant-general Gent Welsh.
The situation was dire enough for the state to contact Cyber Command using the newly instituted Cyber 9-Line, an emergency, data-sharing channel. It operates via secure email that allows participating National Guard units to diagnose a foreign attack and provide swift mitigation strategies that can be shared with the state.
‘Phone-a-friend’
“If you have Cyber Command as your phone-a-friend, you can quickly find out if this is something popping up in other states and how they’re dealing with it,” said Welsh. “We’ve found a way to get the most sophisticated cyber intelligence to support our own secretary of state. That’s a win.”
Similarly, DHS officials have been flying across the country to meet with state and local election officials to make them aware of their exposure to cyberattacks. In a close election, toppling voting systems even in a small, swing-state county could undermine the legitimacy of the entire election, said Ben Spear, director of the Elections Infrastructure Information Sharing and Analysis Centre, a non-profit organisation that connects local election administrators to CISA and the FBI.
Potential problems will be monitored closely from DHS’s high-tech National Operations Centre, located in southeast Washington, DC, according to a person familiar with the preparations. A second DHS command centre in northern Virginia will monitor specifically for cyber-related issues, including meddling by nation-state adversaries. That one will include expanded staffing from multiple US government agencies as well as telecommunications companies such as Verizon and AT&T, the person said.
US Cyber Command, which controls the government’s arsenal of sophisticated cyber weapons, will monitor events from yet a third command centre in the Washington, DC area.
That doesn’t mean blind spots don’t exist.
At least 11 US states, including Michigan, Wisconsin, Florida and Georgia, still allow voting jurisdictions to use wireless-enabled voting equipment to transmit unofficial, election-night results, despite repeated warnings from DHS that such systems are vulnerable to attack.
“There’s so much added risk with these systems,” said Maurice Turner, a senior adviser to the Election Assistance Commission, which sets federal voluntary standards for voting machines.
With the beefed up defences, many experts are betting that the 2020 vote will pass without a dramatic cyberattack on elections systems.
“There’s always background noise, that doesn’t stop,” said Matthew Prince, CEO at Cloudflare, which supports public=facing election infrastructure for 28 states in the 2020 election. “The question we’re trying to answer is where there is something systematic that’s undercutting election infrastructure generally, and we’re just not seeing it.” — Reported by Kartikay Mehrotra, (c) 2020 Bloomberg LP