With Election Day nearing, the topic of cybersecurity and cyberthreats is of growing interest. Techwire solicited brand-agnostic perspectives of industry figures who deal with these security threats, and their views are offered here. We will continue to seek out authoritative voices in this and related topics. 

Pedro Abreu, Chief Strategy Officer

ForeScout Technologies

The cybersecurity threat that election officials currently face can seem daunting. “Threat fatigue” can easily set in and cloud the big picture, as authorities assess new chatter each day about potential or known vulnerabilities that may affect voting machines, elections databases or other supporting IT. Public officials’ ultimate imperative is maintaining citizens’ confidence in elections, themselves and democratic principles.

Maintaining the confidence of voters requires that election authorities prove that nothing malicious has happened on a network. Proving inactivity has become just as important as detecting unusual or malicious activity. As government officials and citizens seek tangible assurance that elections and data have not been altered or exploited, we are likely to see states adopt a continuous network monitoring model for their elections infrastructures. The continuous network monitoring approach is based on a National Institute of Standards and Technology (NIST) recommendation advising organizations to maintain ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management. It is aimed at federal government agencies, but it very much applies to states and their elections infrastructures. 

With respect to elections systems, it means real-time monitoring and diagnostics of states’ entire elections infrastructures, including databases, workstations of employees and officials, and control consoles as well as the voting machines, which may or may not have a persistent network connection. Data yielded from a continuous network monitoring program would offer some objective measures about the types of threats and level of risk posed to states’ elections systems and could be provided to the citizenry in an appropriate form to provide transparency and trust in the respective systems.

Continuous network monitoring is a concept. There are a lot of technologies available today that would allow election officials to implement such a program utilizing the tools they may already have deployed, and there’s not a specific technology or vendor that they need to be locked into. As a result, continuous monitoring could provide powerful data to use as evidence for assuring that systems are running smoothly and/or detecting and addressing anomalies. Establishing a true understanding of network terrain and a baseline of “normal” functioning can alleviate threat fatigue, allowing state officials to focus time and resources on mitigating the most critical threats as well as sharing information with law enforcement agencies and the public. Data yielded by such a program could be shared among the states and with the federal government.

Elections officials have a highly technical and operationally intensive role, and they perform a critical function for our society. There are a lot of reasons for optimism and confidence if we apply methods and solutions like continuous network monitoring, which is proven to be effective in securing extremely critical networks. The data that can be produced can dispel uncertainty and generate public confidence that “one person, one vote” remains the law of the land.

Pedro Abreu of ForeScout was previously featured, along with fellow industry icon KPMG, as part of a Techwire report on cybersecurity, systems integration and digital transformation. 

**

Daniel Medina and Matt Shabat

Glasswall Solutions

There are a few key areas to observe during the 2018 election cycle and beyond. Key areas are the post-2016 responses by state, local, tribal and territorial (SLTT) governments and how voters themselves identify and address interference.

SLTT Government Response

Given our time in the U.S. Department of Homeland Security, it is our opinion that the American public should find confidence in SLTT government activity in advance of the 2018 elections. The difference between how election officials interpreted the cyberthreat in 2016 and now is night and day. The deployment of resources in SLTT, use of federal government resources, and public-private collaborative efforts suggest that the threat is now better understood and risk management initiatives are underway. 

It is no surprise that in government, the best variable to determine an agency’s motivation is to follow how it spends appropriated resources. In the past, federal grant funding for SLTT cybersecurity lacked emphasis and strategy. This is not an indictment of SLTT government, but a simple issue that the return on investment for cybersecurity is not as easy to observe as more tangible investments, such as first responders and their equipment.

The areas regarding SLTT that are best to keep an eye on the next couple of election cycles are spending and grant requests. This will really provide a good barometer for how seriously threats to voting systems and supporting infrastructure are taken.

It must be said that the preliminary results are positive. Congress has provided some focus and assistance to SLTT government through the fiscal year 2018 Financial Services and General Government Appropriations Bill that allocates $380 million to the Election Assistance Commission (EAC) to make payments to states for activities to improve the administration of elections for federal office, including to enhance election technology and make election security improvements. 

An interesting and perhaps concerning dynamic is that each state is developing a different strategy to solve the problem, indicating that they are perceiving and approaching the problem differently. This may be due to differences in voting infrastructure among jurisdictions and differences in relative readiness. A telling sign that lessons have been learned from 2016 is watching to determine whether election officials are coordinating and sharing best and emergent practices through the EAC or the election sector coordinating council.

Identification and acting on the real problem

The biggest lesson learned from 2016 is that the issue was vastly more complex and challenging than securing voting machines and supporting election infrastructure. The more insidious threat from foreign information operations specifically was the concerted Russian effort to “hack” domestic public opinion. In the months after the election, the extent to which threat actors used and manipulated social media, including harvesting information through spearphishing and other attack vectors to gain access to sensitive data, received greater public attention. 

While government and the private sector can work with political parties, candidates and their respective staffs to increase the security around their sensitive information, the social media perspective presents a greater challenge, and one to be tracked over the coming years. 

The balancing act in this country comes to freedom of speech, and this is where government agencies are reluctant to take action on social media content as this potentially brings them into close proximity with constitutionally protected freedoms. Even social media platform providers have expressed discomfort with regulating content. However, terms of service have given social platforms room to act. The good news is that in the last three months, Facebook, Twitter, and Microsoft have publicly identified and messaged their remediation for suspected Russian websites and taken down thousands of phony social media accounts

After 2016, there was much work to be done between the private companies and government agencies to understand how to identify, report, remediate, share actionable information, and correctly message the problems. The hope is that the work between the government and private companies results in an awareness in society that enables citizens to evolve the understanding of the information sources available — what constitutes news versus opinion, fact versus analysis, trusted versus untrusted information, and — ultimately — foreign-sponsored misinformation. We have a long way to go, but at least the initial outlook is positive.  

Glasswall's Medina, director for Strategic and Technical Engagement, and Shabat, U.S. strategy manager, are former executives in the U.S. Department of Homeland Security — Medina as chief of staff, and Shabat as strategist and performance manager. The two collaborated because they work together studying spearphishing/deceptive messages that could affect election agencies. Glasswall studies and defends against malicious attacks delivered through messaging systems like e-mail.

**

Michael Marriott, Research Analyst

Digital Shadows

Elevated awareness of digital risks to democratic elections around the world is a good thing, but the incessant headlines of Department of Justice indictments, scrutiny of voting machines’ security and other news can feel overwhelming for citizens wondering if their vote will be disrupted or miscounted. Manipulating voter records is just one way of meddling in an election; influencing the opinions of voters can be just as impactful.

Consider the latest revelations of disinformation campaigns launched through Facebook, Twitter and other social platforms. As unsettling as these persistent efforts are, nonpartisan election officials in every state and U.S. territory have an opportunity to drive faith in free and fair elections by pointing out that awareness is the best defense against propaganda and manipulation. Truth is not a partisan issue, and voters make interference irrelevant when they spot it a mile away.

Interference does not only target elections. Today hired trolls, bots and polished falsified content are available as kits or paid services to anyone looking to boost their Amazon reviews, pump-and-dump a new digital currency or incite political upheaval. Social media, popular Web forums and trusted online relationships are the venues manipulators with varying motives want to leverage. Motives vary, but disinformation follows the same “creation,” “publication” and “circulation” sequence everywhere. An attacker will create a divisive or misleading news article or meme, publish it in a series of key platforms and use phony accounts to jump-start circulation until genuine shares lend authenticity.

Human minds and psychology might be the biggest attack surface when it comes to election security. On the bright side, that means awareness and empowerment are inexpensive, effective and likewise contagious countermeasures. 

Marriott has spoken and been interviewed on a wide variety of topics related to the cyberworld. In one recent interview, he said: "In the same way that space and the sea was used for war purposes, the Internet isn’t a bad thing. It is actually just a way that people share information online, and yes, it can be misused, but I think overall it’s good and it’s there. So we just need to know how to deal with it."