Tuesday, 27 October 2020

Cybersecurity and U.S. Election Infrastructure

 


FROM FP ANALYTICS: BEYOND COUNTERING DISINFORMATION, OFFICIALS AND INDIVIDUALS MUST UP THEIR GAMES TO SECURE CRITICAL INFRASTRUCTURE FROM MOUNTING CYBER THREATS


As voters head to the polls for the 2020 elections, the U.S. faces on-going security threats such as disinformation campaigns, data breaches, and ballot tampering in an effort by foreign adversaries to erode the integrity of the democratic process. Recent events from Russian and Iranian hackers stealing data to threaten and intimidate voters to Russian actors actively targeting state, local, and territorial networks demonstrate that elections rely on crucial technological tools to ensure process integrity, the disruption of which would have a debilitating impact on national security and society.

Critical infrastructure (CI) provides essential services and is the backbone of the country’s economy, security, and health. From transportation enabling personal mobility and commerce, to electricity powering our homes and businesses, to telecommunications networks fostering global connectivity—particularly amid the pandemic—CI is the lynchpin to functioning social, economic, and political systems. While these systems have long been subject to threats from terrorism and natural disasters, cyberattacks represent among the most destabilizing and underappreciated risk. With the rapid digitalization of all facets of society and increasing dependence on information and communications technologies (ICT), attackers ranging from nation-states to hacktivists to organized criminal groups can identify vulnerabilities and infiltrate seemingly disparate systems to disrupt services and damage global society—all without a physical attack. As a designated CI subsector, election systems are vital to domestic and international security (see U.N. nonbinding consensus report A/70/174) and election security risks can threaten democracies worldwide.

Cyberattacks are rising in both volume and complexity, putting private companies and average citizens at the front line of this national security challenge that we have yet to fully understand. For instance, 99 percent of voting in the US takes place through a computer system or machine, but despite the highly computerized nature of the election process, it is not garnering the attention it needs. The 2000 presidential election and controversial recount in Florida prompted the first federal initiative through the Help America Vote Act (HAVA) to upgrade voting machines in 2002 and establish the Election Assistance Commission (EAC), but cybersecurity wasn’t the focus. More than a decade later, the Presidential Commission on Election Administration warned about the “impending crisis” in outdated voting technology, but still, little was done while the risks were mounting. After several Russian-led cyberattacks aimed at exfiltrating data from state information systems and attacks made toward the 2016 elections, the U.S. finally recognized the urgency to upgrade its antiquated election infrastructure and ensure the integrity of all technological tools that facilitate a fair voting process. Not until 2017 was election infrastructure designated as part of the federal government’s CI sector, which allowed states and localities to leverage the government’s cybersecurity expertise and access unclassified and classified information to improve resiliency. However, lack of coordination in the runup to 2020 has not materially improved security.

The rapidly evolving cyber landscape and ongoing use of outdated technology for CI makes the U.S. and other countries vulnerable, largely undefended targets. With the rise of great power competition and challenges from Russia and China, the cyber arena is a geopolitical plane for actors to deploy tools to disrupt, destroy, and undermine the U.S. and advance adversaries’ foreign policy goals. As voters prepare to cast their ballot in the 2020 elections, this FP Insider Report analyzes the underreported issue of voting machine infrastructure security, derives insights from other countries’ experiences with foreign interference, and pinpoints what voters and officials can do to strengthen security on Election Day—and beyond.


No comments:

Search This Blog