Could Colorado’s election security unit serve as a model for other states?
- By Stephen Moore
- Sep 03, 2020
Colorado’s Secretary of State Jena Griswold recently announced that her administration would launch a Rapid Response Election Security Cyber Unit, or RESCU for short. The goal of the unit, composed of highly trained election security specialists, is to protect the state’s elections from cyberattacks and interference from nation states as well as respond to any issues that arise during the process. As the RESCU announcement put it, the unit is “charged with securing Colorado’s elections by assisting counties with their cybersecurity in the field and combating cybersecurity incursions and disinformation.”
Looking back at the 2016 elections, which were teeming with misinformation campaigns and confirmed Russian meddling, Colorado is taking a positive step toward ensuring greater election integrity. I believe other states should take note and consider a similar approach, especially as they face resource constraints as a result of the coronavirus pandemic.
Besides much publicized voting challenges -- from outdated, vulnerable voting machines, to mail-in ballots and the manipulation of social media to share misleading information -- voter registration databases could be the target of ransomware attacks in the run-up to the election, killing confidence in the outcome. These are tangible risks, and according to an article by Reuters, “the local governments that store and update voter registration data are typically ill-equipped to defend themselves against elite hackers.”
Even as congressional funds are available for states to replace outdated, vulnerable machines and lawmakers work to ensure reliable mail-in voting, we’re seeing a long term underinvestment from the federal government. There are a few exceptions, one being work funded by the Defense Advanced Research Projects Agency, which awarded $10 million to Oregon-based company Galois in March 2019 to create a new voting machine from the ground up. With the wider goal to building an open source model for developing secure and resilient hardware, this effort represents the kind of investment and activity the voting system badly needs, but as it stands, it is too little too late.
Mail-in ballots may be a reasonable, safe path forward in the short term, but longer term, a few things must happen. Existing machines must be replaced with more modern units that employ methods that allow the unit to be monitored when atypical or likely adversarial behavior occurs.
Government entities must also standardize and improve their email security posture. While the voting machines are only rolled out periodically, continuously used state and local email is often left unprotected. If local governments are compromised by an email phishing scam or malware, hackers could move laterally through their networks and gather sensitive information about the agency and citizens. This opens the door to bad actors spreading misinformation and manipulating voter registration data, potentially impacting election integrity. To prevent this type of attack, local governments should be running adaptive authentication, which uses behavior analytics to help detect the use of compromised credentials.
While Colorado’s effort to protect the integrity of the voting system will be judged after the election when we can see whether the state’s efforts have successfully modeled how to preserve voting integrity, its plan to fight cyber attacks and disinformation is a very positive step that we hope other states will follow.
Stephen Moore is vice president and chief security strategist of Exabeam Inc.