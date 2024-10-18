COMMENTARY: Alarm bells around election security are ringing, highlighting a fundamental risk to our democracy. The new frontier for nation-state actors consists of vulnerable connected assets such as laptops, iPads, security cameras, and cloud environments that are not normally protected in a disparate and dispersed environment.

While alarms are important, it’s even more critical that the right processes and frameworks are in place to thwart any potential intrusions. By implementing security platforms that extend protection beyond traditional IT assets to include all network-connected devices, public and private organizations that connect to the nation’s voting infrastructure can reduce their level of risk and more confidently prepare for inevitable attacks. Implementing processes that insert accountability and full transparency will also give stakeholders more confidence in the election’s outcomes.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Foreign state threat actors that target election infrastructure usually want to undermine public trust in the fairness and transparency of our elections more than they seek to alter outcomes. Congress recently renewed a call for vigilance against foreign election interference. Meanwhile, 66% of U.S. IT leaders doubt the U.S. government can defend its citizens and enterprises against an act of cyberwarfare, and 40% say cyberwar could affect the integrity of the electoral process.

In addition, generative AI’s ability to produce convincing text, images and videos presents a dual-edged potential: it opens new channels for voter engagement and information dissemination while posing challenges in discerning authentic from manipulated content, amplifying concerns about misinformation’s influence on elections. However, adversaries are turning to AI to ramp up their efforts. A recent bulletin by the Department of Homeland Security warned that AI-generated robocalls or deepfake videos and photos present a major threat to election security. Therefore, it’s essential now more than ever to stay proactive and vigilant in preparing for this new reality.

Our adversaries are already extremely active. Microsoft recently noted that China used AI-generated content to disrupt a presidential poll in Taiwan as a dry run for further attempts to disrupt elections in the U.S., South Korea, and India this year. And we have already seen fake presidential endorsements by Taylor Swift as well as a fake Joe Biden robocall telling New Hampshire voters not to vote in the Democratic primary election.

AI-generated misinformation represents a problem for the private sector as well as the government. For example, bot farms sponsored by nation-states spread anti-U.S. propaganda across the country’s social media landscape – giving voters false information across a range of targeted, sensitive topics with specific political narratives intended to affect their votes. They may also create content for untrustworthy websites that falsely position themselves as authentic news sources. Any organization that shares information publicly are susceptible.

We have seen this most recently with misinformation that has been spread about relief efforts for those affected by hurricanes Helene and Milton. When misinformation originates from nation-states the intent they aim to either drive specific behaviors and outcomes or create confusion that will ultimately lead to chaos.

Network-connected election systems are particularly vulnerable. The disparity and complexity of many local and state systems introduce several components — from voter registration databases and network servers to electronic polling machines and vote counters — which expand the attack surface and make managing risks and vulnerabilities more difficult. Additionally, traditional security software used to monitor, detect and respond to attacks may not work on many election-related assets, as a number of these devices cannot accept a standard “agent” deployed on traditional IT devices.

Faced with these challenges, here are three steps to mitigate disinformation:

Maintain situational awareness: Teams need to know what should and should not reside on the election networks -- and these networks need continuous monitoring. Start by knowing what's actually touching the network, where the data gets stored, and how it behaves and interacts with other assets. Tools are needed to discover many of the devices that are hard to actively scan: IoT, building management systems, HVAC systems, and the building's physical security IP cameras. All of these “unmanaged devices” are windows and doorways into seemingly secure environments. We also must pay attention to cyber threats against voter registration databases, election management systems, voting machines, storage facilities, and cameras in polling places. Local governments should not connect election networks directly to the public internet.

Teams need to know what should and should not reside on the election networks -- and these networks need continuous monitoring. Start by knowing what's actually touching the network, where the data gets stored, and how it behaves and interacts with other assets. Tools are needed to discover many of the devices that are hard to actively scan: IoT, building management systems, HVAC systems, and the building's physical security IP cameras. All of these “unmanaged devices” are windows and doorways into seemingly secure environments. We also must pay attention to cyber threats against voter registration databases, election management systems, voting machines, storage facilities, and cameras in polling places. Local governments should not connect election networks directly to the public internet. Focus on how to prioritize and remediate: IT leaders need to identify and prioritize the threats that matter most based on which vulnerabilities are most likely to get exploited and negatively impact the organization. Then it’s time to focus on remediation efforts. Managers need to determine what to fix, how they need to fix it, who’s responsible, and how to leverage automation to accelerate these efforts. If they haven’t already, they should also retire end-of-life devices that are not patched or updated correctly as soon as possible. This includes all devices and assets that are part of the election infrastructure.

IT leaders need to identify and prioritize the threats that matter most based on which vulnerabilities are most likely to get exploited and negatively impact the organization. Then it’s time to focus on remediation efforts. Managers need to determine what to fix, how they need to fix it, who’s responsible, and how to leverage automation to accelerate these efforts. If they haven’t already, they should also retire end-of-life devices that are not patched or updated correctly as soon as possible. This includes all devices and assets that are part of the election infrastructure. Strive for transparency: IT leaders should deploy tools that log activities and retain records to counter unfounded accusations of fraud. When dealing with challenges as contentious as election security, it’s essential to document and justify all actions that have been taken in the event those actions are challenged. Protecting the U.S. from foreign adversaries requires cooperation between the public and private sectors. We’ll need collaboration between federal agencies, state and local governments, and the private sector. From the federal perspective, this means encouragement and training to support individual states if they need it without invading their right to self-govern. Outside of government, organizations that operate or manage systems and devices that can be used by bad actors to gain control of election infrastructure must take special precautions to safeguard against unauthorized access.

We must keep in mind that threats to election security are real and often directed by well-resourced adversarial nation-state actors. By applying modern technology to help defend and manage the entire attack surface, U.S. government agencies, state and local officials and private sector IT leaders can work toward safer elections now and in the future. Our nation and our citizens are counting on all of us to protect what’s most dear to us: our democratic election system.

Tom Guarente, vice president of external and government affairs, Armis

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.