Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development
Election Security: A Progress Report From CISA's Krebs
Sizing Up Efforts at the State and Local Level to Enhance ProtectionsState and local governments are better equipped to ensure election security than they were four years ago, says Christopher Krebs, director of the Cybersecurity Infrastructure and Security Agency, who calls on election officials to serve as "risk managers."
See Also: SIEM Wishlist: Top 5 Reasons Security Teams Can’t Wait to Upgrade
Speaking at Information Security Media Group's Cybersecurity Virtual Summit, Krebs said CISA has been ramping up its efforts to offer local and state government election officials technical support, training and cyber hygiene exercises needed to ensure a more secure election in November.
CISA - a unit of the Department of Homeland Security responsible for critical infrastructure and election security - is helping election officials conduct vulnerability assessments, build resiliency in voter registration databases and ensure effective back-up systems are in place, Krebs said.
"We are better off today than we were four years back," Krebs said, referring to foreign interference that marred the 2016 election. "The metrics support that conclusion. In fact, earlier this week, the Center For Election and Research report on the state of voter registration databases showed improvement across the board - logging, auditing, backing-up, [multifactor authentication], training and exercise."
On Tuesday, a Senate committee released its fifth and final report on 2016 Russian election interference.
Krebs noted that the best way to create resiliency is through older methods, such as paper ballots or names written down in a voting book. "An audit is a crucial resiliency tool," he added.
CISA’s cybersecurity plan for the 2020 presidential election, released in February, emphasized more information sharing among local government election officials and the FBI and other law enforcement agencies.
Election Security Beyond CISA
Like CISA, other federal agencies are also attempting to ensure the security of the November election.
Earlier this month, the Office of the Director of National Intelligence released an updated assessment that found while it remains difficult to physically change votes, disinformation campaigns remain an ongoing issue (see: US Intelligence Adds More Details on Election Interference).
In that report, William Evanina, the director of the National Counterintelligence and Security Center, noted that Russia, China and Iran are seeking to influence the election.
Nation-State Threats Persist
Although the security of the election infrastructure has improved, Krebs added that threats from hacking and data-leak campaigns against political parties and candidates - as well as broader disinformation campaigns - persist.
Leading these campaigns are nation-state actors from Russia, China and Iran, Krebs added, echoing the concerns found in the Office of the Director of National Intelligence report.
Krebs noted that malicious Russian actors have moved from social media platforms to Russian-controlled news outlets, such as the RT channel and the Sputnik news agency, to spread disinformation.
"This is much bigger than any single event - this is a disruptive undermining attempt to sow doubt and confusion and ultimately get American people to lose faith in our democratic system," Krebs said. "This is a tactic that has been around for decades, but it has caught steam in a hyper-connected world. Some of the tactics we are seeing involve using established media to take a little kernel of truth and amplify it and put them in a different context."
Election Safety During COVID-19
Since the beginning of the COVID-19 pandemic, CISA has seen a surge in phishing and ransomware attacks against local and state governments. Although the primary motive behind these attacks has been to demand a hefty sum as ransom from its victims, Krebs said the attackers could use these tactics to influence elections as well.
Krebs noted that a new ransomware strain called WastedLocker has become more pervasive in recent months, with the operators demanding huge ransoms (see: How WastedLocker Evades Anti-Ransomware Tools).
To help local election officials mitigate the risks posed by ransomware and phishing attacks, CISA released a Cyber Incident Notification and Planning Guide for Election Security. The agency also released a Vulnerability Detection and Reporting Guide to help officials responsible for cybersecurity better prepare for the possibility of a cyber threat close to the November election.
Krebs stressed that election officials must learn to better manage risk. “Election officials are natural risk managers," he said.
Endpoint detection and response can play a critical role, he pointed out. CISA is starting a pilot program to help smaller agencies better detect threats and protect assets, creating a better understanding of how attackers are seeking out vulnerabilities in networks.
Public-Private Partnerships
Public-private collaborations have significantly contributed to the improvement of election security infrastructure in recent months, Krebs said.
"We’ve got this huge community of actors that is supported by my team, from the cybersecurity side. This includes the Department of Defense for disrupting bad actors, and the intelligence community that is in the detection game and law enforcement, which is also that part of the detection and disruption effort."