Defending against multifaceted election attacks
- By Lavi Lazarovitz
- Feb 24, 2020
Much has been made of the vulnerabilities inherent in voting infrastructure over the past few years. DEFCON hacking villages have repeatedly found flaws in voting machines, and researchers across the country have outlined the ways attackers could infiltrate voting systems and influence an election. While these headlines generate attention, they tend to overshadow the myriad of other ways attackers could impact elections without touching a single vote.
While many of the attacks in 2016 took the form disinformation campaigns, there are many other opportunities -- direct and indirect -- for attackers to have an impact. So while it is incredibly important to continue hardening the security of the physical voting machines, we must guard against other ways attackers could influence an election outcome without ever compromising a machine.
Disenfranchisement via critical infrastructure attacks
From a security perspective, vulnerabilities have been the main talking point when it comes to elections. But while changing a vote is one thing, preventing voters from getting to the polls altogether could prove more effective.
Let’s take the 2020 U.S. presidential race for example. There are a number of key swing states that feature heavily red and blue areas, and suppressing turnout in only one or two of these areas to change the outcome of an election. Consider an attack on the public transportation system in Florida’s heavily Democratic Miami-Dade County, which could make it harder for likely blue voters to get to the polls. Could that be the difference between a blue Florida and a red? No recount could reverse that result. Alternatively, what if an attacker launched an attack on the electrical grid in a conservative suburban area, shutting down traffic lights and bringing businesses to a halt?
Why would an adversary bother trying to manipulate vote totals when shutting down trains for a few hours could get the same result? It seems far-fetched, but in today’s interconnected world, the ripple effects of a successful critical infrastructure attack are real. Attackers motivated to influence an election could do more harm with targeted attacks on critical infrastructure than a thousand nation-state bots ever could.
Creating doubt and distrust through targeted ransomware attacks
When considering election security, it’s important to remember that while some nation-state groups have specific political goals, most are simply interested in causing chaos. In fact, many potential attackers’ efforts are not actually focused on impacting the vote, but simply creating the public perception that they have. The ultimate goal of many isn’t to further a political agenda, but to erode trust in key institutions and systems.
What if, rather than manipulating vote totals or taking action to impact turnout, an attacker launched a ransomware attack, shutting down key precincts or taking control of voter registration databases? Simply the perception of manipulation could be enough to erode public trust in the results and call the validity of an election into question.
Cities and municipalities have fallen victim time and time again to ransomware attacks. New Orleans and the state of Louisiana declared states of emergencies after two recent ransomware attacks shut down school district computers, among other issues. Riviera Beach, Fla., ended up paying nearly $600,000 to attackers after a ransomware attack crippled its computer systems. Without the proper security measures in place, an attack on election day could compromise trust in the election system and subsequently cause mass disruption.
To secure elections heading into 2020, we must be prepared for “false flag” operations of this nature. Some attacks may have actual tangible goals in mind, while others will be designed to create doubt and foster distrust in our systems.
While the attack vectors outlined above have the capacity to both impact the actual vote and undercut public trust, even worse would be a sequence of such attacks. Targeting core infrastructure -- halting transportation, shutting down the electrical grid and launching an attack on voter registration databases -- could have a domino effect that negatively impacts the voting system’s ability to operate consistently with trust and reliability.
Taking a zero-trust approach
So this all feels quite unnerving. But while these attacks are entirely possible, it’s also entirely possible to stop attackers in their tracks. There are many components in the election supply chain, so securing all of them can feel like a daunting task. However, while it’s important to make sure each individual component is secure, it’s critical to ensure that if any part of the chain is compromised, the attack can be contained and the impact minimized.
The best strategy is to operate under the assumption that a breach will occur somewhere in that chain and adopt a zero-trust mindset. With zero trust, IT managers trust nothing and verify everything -- whether it comes from inside or outside the organization -- before granting access. Zero trust is all about never assuming that just because someone (or something) has gained access to one system that it should be able to access others. This practice helps restrict lateral movement, prevent escalation and limits the damage hackers can do.
Regardless of attackers' endgame, they typically need to expand their access to carry out any high-impact attack -- whether election focused or otherwise. Attackers often start their mission at a seemingly minor point of ingress, but when they can move laterally through a network and expand their access, the real trouble starts.
With all the focus on election security right now, state, local and federal agencies are working hard to fortify systems. While nothing is ever 100% fail-safe, understanding the potential targets, employing the right level of security and continually monitoring for abnormalities is a good place to start. By assuming that parts of the election chain are already compromised and securing against lateral movement, we are already in a good position to safeguard the sanctity of the vote.
Lavi Lazarovitz is head security researcher at CyberArk.