Election Security Program Aims to Mitigate Ransomware RisksDepartment of Homeland Security to Help With Database Protections
Within a month, the U.S. Department of Homeland Security hopes to launch a program to help states protect voter registration databases and systems in advance of the 2020 presidential election, Reuters reports. Security experts say that in light of recent ransomware attacks against many units of local government, the protection effort is overdue.
The systems used to validate the eligibility of voters before they cast ballots were compromised in 2016 by Russian hackers. Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data, according to current and former U.S. officials, Reuters reports.
The Cybersecurity Infrastructure Security Agency, a new unit of DHS that will spearhead the election-related security efforts, fears the databases could be targeted by ransomware, according to Reuters.
In recent months, there has been a surge of ransomware threats against local governments, including recent attacks on municipalities in Texas.
"That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks," Christopher Krebs, CISA’s director, tells Reuters.
CISA will provide state election officials with educational materials on ransomware attack threat mitigation as well as provide remote computer penetration tests and IT infrastructure vulnerability scans, Reuters reports.
Following Russian interference in the 2016 presidential election, election agencies across the country have raised concerns regarding protecting voter data.
In July, Former Special Counsel Robert Mueller warned Congress of likely Russian interference in the 2020 elections.
A Call for More Funding
Security researcher Tom Kellermann, chief cybersecurity officer at Carbon Black and a former government adviser, tells Information Security Media Group that the government needs to take more steps, including increasing spending to modernize electoral IT infrastructure.
"CISA has the foresight to warn the states of this [ransomware] threat. I commend Brian Krebs’ leadership," Kellerman says. "The challenge remains that the states lack the funding for electoral cybersecurity. One venue of funding would be to modernize forfeiture laws per digital currencies used in cybercrime and then use these funds for electoral security."
Protecting All Components
Election procedures involve three main components: the infrastructure required for vote collection, the voter registration databases and campaign information databases.
"The problem is that most of the focus has been only on the infrastructure, which actually is not as bad as most have made it out to be," Joseph Carson, chief security scientist at the security firm Thycotic, tells ISMG.
"The government must take action to put the correct security controls in place over sensitive voter data, including encryption, privileged access management and access controls, along with multifactor authentication. This will surely help reduce the risk of voter data being abused. Of course, ransomware is a risk, and strong backup solutions will help reduce those risks.”
Carson says that voter registration data “tends to be the critical data that is forgotten. It is the highest risk during elections, and it tends to be the data that is abused with disinformation campaigns or propaganda to sway elections and votes.”
Meanwhile, an independent, not-for-profit group, U.S. CyberDome, is offering free cybersecurity services to all the presidential and Senate campaigns.