Hackers are coming for the 2020 election…And We’re Not Ready: Part I of a IV Part Series

As we embark on our final month of summer in the year of 2020, the American focus is, quite literally, all over the place.

The vast majority of people are paying attention to the spread of corona-virus and breaking news surrounding it. Some are burnt out on the overexposure to the nature of constant breaking news and are trying to keep themselves and their families centered through the thunderstorm of a polarized media and a divisive social media. A lot are turning their efforts to the movements surrounding civil unrest and racial inequality, finding that these actions are more in the realm of the populace’s control. Still others are much more focused on what “back-to-school” will mean this year for their families…unquestioningly something different from any other year in living memory.

Regardless of where your focus currently dwells, there is one thing we all have in common: We are doing our best to find respite. Respite whilst living (thus far) through five months of completely unfamiliar territory in a worldwide pandemic with an unprecedented amount of stress, anger, lack of logic and confusion. And bracing ourselves for a presidential election that will be pivotal no matter the outcome.

Here’s the reality of the situation: When it comes to the upcoming presidential election on November 3rd, we are unprepared. I really don’t think it is a question of opinion on this. It’s just the facts. Having said that…what exactly are these facts?

OBJECTIVE & OBSERVATIONS

Over the course of August, I’ll be delving into our country’s level of preparedness for this presidential election from the angle of cybersecurity. Some key points I’ll go over include our most recent election in 2016 and what happened there, how similar threats have been identified and handled in countries outside of the US, and finally what we as informed citizens can anticipate and actually control for this election in our near future.

On to the Observations: What’s the situation? Where do we stand?

This country has a multifaceted voting system across state and local levels. The way votes are collected, tallied, and officially counted is not universal by any means. Election Management Systems (EMSs) are a big part of the system’s infrastructure, and are often a target for cyber attackers.

It goes without saying that any successful election requires a foolproof voting system. Some of the most common voting methods are mail-in ballots, over-the-internet ballot submission, or in-person ballots filled out on election day. The more systems, people, and general factors that ballot information passes through on the way to its final destination, the more it opens up that information to an increasing number of threat vectors. Here are some straightforward examples of how cyber threats could interrupt the election process:

• Stopping the flow of data on election day, at any level (city, county, state, electoral)

• Making important voting or counting equipment faulty (through any type of operating system on which it may be connected)

• Ransomware/Malware attacks

• Denial-of-service attacks, making it impossible for voters to cast their ballot through the internet

• Vote flipping (A team of computer scientists in Portland, OR demonstrated how this can be done through votes cast over the internet)

• Targeted ……………………………..

And these are just a few.

At the start of 2020, we were already living in a time where digital interconnectedness and systems networking of devices was becoming commonplace is most every area of American life…and then this already increasing line was raised exponentially to hitherto unthought of heights with the outbreak and spread of COVID19. A worldwide pandemic, spurred by a deadly coronavirus that is reshaping human culture, interactions, and everyday life for every person on the planet. It raised the demand and absolute need for virtual interaction.

It quickly became (and rightfully so) a matter of life and death.

On top of that very serious reality, we face the added challenge of what goes hand-in-hand with increased globalization, virtual communication, and electronic business platforms - the security of it all! Stolen passwords to financial platforms, the spread of disinformation, identity theft, targeted political propaganda meant to play on you and your family’s psyche, foreign interference on critical infrastructure like the national grid…the list goes on. Risks are multiplying as the field constantly evolves.

The percentage of information perceived electronically went up, and with it the ability to manipulate it. It was true before, and if possible is even more poignant today - our perception is our reality.

Much of this is not new or novel concepts - I’m not the first to have thought it, not the first to have written it down. My intent is simply to evoke thoughts surrounding our current situation.

So, wrapping up this “observations” piece here at the beginning of August:

Seeking the truth has always been the best way to move forward, and sadly it has evolved into a bit more work than it used to be in previous decades. While it may take a little more time to find the truth, that time is absolutely worth it. Public confidence in the control and impartiality over the voting process and election results has already begun to erode, and that is a slippery slope that could potentially lead to a very dire place for our country.

Next week for Part 2 of 4: REFLECTION & ANALYSIS, where we’ll delve more into the past election of 2016 as it relates to our current situation, what kind of pertinent causes and effects have come to light before now, and how it brought us to where we stand today.

To learn more about ProtectedIT and how we can help please contact us here.