Meanwhile, security officials have been pushing states to have multiple offline backups to prepare for potential attacks on voter registration databases and election results reporting systems.
“The primary source of resilience for voter registration databases–in addition to ensuring good network segmentation, having multi-factor authentication, patching your systems–is to have offline backups,” Brandon Wales, the executive director at the Cybersecurity and Infrastructure Security Agency (CISA), told me recently in an interview for MIT Technology Review’s Spotlight On event series. “We have seen a dramatic increase in this over the last four years. States are in much better shape now than they were four years ago.”
CISA has also pushed states to build in other security layers, including having paper backups of e-poll books and for any vote cast, and to do a risk-limiting audit after the vote, as additional election safeguards.
But let’s be clear: For all the worry and hype, no such attack against election infrastructure has yet occurred.
The disinformation threat
Even a wildly successful ransomware attack against election systems could slow voting–but they wouldn’t prevent it, senior officials have said repeatedly. Instead, the real threat to election security would come in the aftermath.
“Whether it’s a nation-state or cybercriminal, whether the attack is successful or not, the biggest concern is the disinformation that will arise,” says Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future. “It’s a worry because people already have shaky confidence.”
A ransomware attack against election systems would give fuel to unfounded conspiracy theories that the election is rigged, unreliable, or being stolen. Take the widespread conspiracies over “mail dumping,” another attempt to undermine confidence in the election.
If any ransomware attack were to happen, then widespread disinformation about the vote itself would no doubt spread. And by the time such disinformation is debunked by traditional media or removed by social media platforms, it may have already reached millions of people. The biggest offender here is the President of the United States, who has proven an adept manipulator of the traditional press to push his disinformation campaign.
This is an excerpt from The Outcome, our daily email on election integrity and security. Click here to sign up for regular updates.
