Under attack: Flaws in US election security raise concerns around 2020 voting
Highly organized disinformation campaigns and a vulnerable voting infrastructure are propelling the United States toward what may be the most problem-plagued election cycle in the nation’s history.
That’s the inescapable conclusion based on views from a number of security experts and industry leaders who appeared at the RSA Conference on cybersecurity in San Francisco this past week.
A hint of what is coming can be found in events of the past several days. U.S. officials told the news agency AFP that Russian-linked accounts on Facebook Inc., Twitter Inc. and Instagram were claiming that the U.S. was responsible for the global coronavirus outbreak. Russia has denied involvement.
“I feel the Russian voice in that,” said Admiral James Stavridis, who previously led the NATO Alliance in global operations and is now a member of the Carlyle Group’s executive team. “Russia is going to interfere in our election in 2020.”
Disconnect between tech and government
A concern among security experts is that though there’s a growing consensus that nation-states such as Russia will attempt to interfere in the U.S. electoral process this year, the channels of communication between government and the tech industry are not always open.
At an RSA panel session this week, representatives from several social media giants discussed the threat landscape for voter manipulation. When asked whether the U.S. government had contacted their companies to share intelligence on the coronavirus disinformation allegedly being spread by Russia on their platforms, representatives indicated that neither Facebook nor Twitter had been provided any details as of Thursday afternoon.
“We have asked for any evidence they have in support of this,” said Nathaniel Gleicher, head of cybersecurity policy at Facebook. “We haven’t received anything yet.”
When it comes to manipulation of public opinion, Facebook continues to be the platform of choice based on a report issued last fall by the University of Oxford. Researchers found evidence of organized social media manipulation campaigns by at least 70 countries, more than doubling the amount found in a similar study two years ago.
“Social media hacks our attention by manufacturing outrage,” said Bruce Schneier, a lecturer on public policy at the Harvard Kennedy School of Government. “We need to better integrate tech and policy.”
Vulnerable voting machines
Amid concerns around the weaponization of social media, Congress has held hearings on the matter, yet no legislation has been passed. However, government officials have been focused on threats which could disrupt the voting infrastructure itself.
The Cybersecurity and Infrastructure Security Agency or CISA was created after 2016 to prevent a repeat of hacks by Russia which breached two county voting systems in Florida. The focus this time is to ensure there are paper backups for every voting machine used across the country in case of similar attacks.
“2016 was a wakeup call across the federal government,” said CISA Director Chis Krebs. “Everybody is on this issue as hard as any issue I’ve seen.”
The problem remains that voting machines remain no better protected now than they were in 2016, based on tests conducted by security professionals as recently as last summer. At the Las Vegas DEF CON white-hat hacker gathering in August, researchers found new and old ways to compromise every single machine available.
A year before, one 11-year-old boy was able to change election results in under 10 minutes.
“All voting machines today and all voting machines in the future will be hacked,” said Harri Hursti, founding partner of Nordic Innovation Labs and one of the world’s foremost experts on electronic voting security. “There are a lot of places where there has been no progress whatsoever in over a decade.”
Concern over phone app
Infrastructure vulnerabilities are not merely confined to existing voting machines. While a report released earlier this month by SecurityScorecard found that candidates for the Democratic presidential nomination had dramatically improved the security posture of their publicly available internet platforms, proposed new voting tools were fraught with peril.
“A voting app via phone is frightening,” said Paul Gagliardi, head of threat intelligence and CISO of SecurityScorecard, who has been assessing malware threats in mobile platforms. In an exclusive interview with SiliconANGLE, Gagliardi indicated that his firm would revisit campaign security again just prior to the November election.
RSA’s annual U.S. gathering provides an opportunity for the security community to assess the current landscape and for attendees to digest what the future may bring before the conference convenes again one year later. Elections across the country will be held by then and the security community will be called upon to determine if democracy remained properly protected or simply became roadkill on the hacking highway.
“Democracy is based on information, choice and agency and all three are under attack,” said Harvard’s Schneier. “The world’s problems will be easier to solve if everyone just understood a little more security.”
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One-click below supports our mission to provide free, deep and relevant content.
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.