Election security: Cybersecurity concerns for future elections

The election security landscape

APTs like Cozy Bear have a history of interfering with major elections in the U.S. and other countries. With the 2020 election season rapidly approaching, the possibility of interference by cyberthreat actors is a serious concern.

As a democracy, the United States’ electoral process can be influenced in a number of different ways. One common area of concern is the election infrastructure, since voting machines in active use have known cybersecurity vulnerabilities. Additionally, many of these voting machines lack paper trails, making it easier for attacks to go undetected.

AWS Builder Community Hub

However, external threat actors can also influence the result of U.S. elections in other ways. Strategic ransomware attacks against voting machines or other election infrastructure could influence the results in certain “swing” states or districts. The use of bots on social media are another threat because they increase the scalability of influence operations, tweaking voters’ conceptions of the current political landscape and the platforms of various candidates.

Top cybersecurity concerns for 2020

The security of voting machines is a significant cybersecurity concern for the 2020 elections. However, it is not the only one. Other concerns include ransomware and social media-based influence operations.

Challenges with pentesting voting machines

The security of the United States election infrastructure is a gray area under hacking law. While most parties agree that the security of election machines and under infrastructure is a priority, there is a lot of disagreement on how to accomplish it.

The Library of Congress took an important step to enabling security testing of election infrastructure by providing a three-year exemption to DMCA, which makes such tests illegal otherwise. However, this exemption expires this year if it is not renewed.

Voting machine manufacturers have also acknowledged that penetration testing of their products could be valuable. However, they (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: