Safeguarding Democracy in 2024 and Beyond: Mitigating Election Cyber Threats

A key pillar of democracy is to ensure the legitimacy and effectiveness of free and fair elections. Today, almost every democratic country leverages technology to manage the voting process, increase voter engagement, and maintain election integrity.

With that said, the technology used in today’s elections may have a downside: they are susceptible to cyber threats. Cybercriminals aim to disrupt elections and the impartiality of the election itself by infiltrating voting systems to hinder operations thereby impacting the accessibility of systems to prevent participants from voting, and even change the ballot themselves to remove candidates. There are also voters who can elect their candidates and vote online, with the web as a prime target for cybercriminals attempting to obstruct the electoral process. So how can countries mitigate these potential exploits and safeguard democracy in 2024 and beyond?

The Importance of Technology in Elections

Technology has made great inroads into the modern era of elections and democracy. Today, many countries use direct recording electronic (DRE) voting systems instead of hand-counted paper ballots to improve accessibility and privacy for voters. Technology also simplifies many time-consuming election administration tasks, including voter registration, records management, content management, chains of custody, and constituent outreach.

Numerous countries are also adopting technologies to manage elections and voter information. These include:

• Voter registration databases to manage voter rolls
• Web-based portals that empower voters to conveniently manage their voting “lifecycle”, from registration to ballot casting
• Content management systems (CMS) to manage and coordinate election-related information and activities
• Automated communications such as text to share important information and reminders with constituents
• Scanners to digitize voter signatures and registration forms
• Smartphone-based voice assistants to guide and support voters with disabilities
• Social media and email newsletters to improve voter outreach and engagement
• Geographic information systems (GIS) and Global Positioning System (GPS) to simplify redistricting and voter tracking
• Emerging technologies like AI/ML, and IoT devices to help improve the efficiency, transparency, and fairness of election processes

These technologies relieve the administration burden on election officials, helping them to save time to focus on other critical tasks. Digitization reduces the reliance on manual processes, minimizes the potential for error, and ensures information availability and accessibility for officials and voters. User-friendly technologies also enhance voter convenience, which then boosts voter turnout due to expediency and efficiency with the hope of removing time-consuming barriers to voting.

Clearly, when it comes to elections, technology is here to stay. However, how do we make these technologies safe from cyber criminals and the increasing prevalence of election cyber threats?

Election Cyber Threats and Their Impact on Elections

The security of election infrastructure is a critical priority for many governing bodies, national leaders, and policymakers. This is understandable, considering the potential impact of election cyber threats and threat actors.

The election attack surface includes numerous entities that are all attractive targets for threat actors, including election systems like voting machines, voter registries, political parties, political campaigning organizations, news organizations, and social media platforms.

These election-related targets are vulnerable to numerous cyber threats in 2024, including:

• DDoS attacks
• Data breaches
• Phishing
• Malware and ransomware
• Website defacements
• Misinformation campaigns
• Vote tampering
• Cyber-espionage
• Extortion

If successful, these threats could disrupt elections or adversely impact voting outcomes. They may allow threat actors to steal sensitive data, mislead the voting populace, and potentially influence voter choices. It’s also possible that the aim is to execute these threats to create social divisions, effectuate violence (e.g., riots), or spread mistrust in leaders and the institutions of democracy, especially by nation-state attackers such as China and Russia

AI deepfakes are another serious election cyber threat affecting many countries. In the USA for example, sophisticated threat actors have recently disseminated deepfakes mimicking current President Joe Biden who appeared to be encouraging voters in New Hampshire not to vote. It’s likely that the attackers’ goal was to suppress voter turnout in the state or to change their minds about their preferred candidate.¹

The diversity of threat actors is another cybersecurity challenge to elections. Today, global elections are threatened by cybercriminals, hacktivists, and rogue insiders engaging in numerous activities that can disrupt elections and compromise election outcomes. Foreign state-sponsored actors and cyber-espionage operators are another growing threat. Often, their aim is to retaliate against a government due to an existing dispute. It may also be to disrupt a country’s peace and stability, thus promoting their own government’s national interests.

Strategies to Mitigate Election Cyber Threats

In 2024, more than 2 billion voters in almost 50 countries will be heading to the polls.² The outcomes of these polls will reshape the direction of democracy around the world, so it’s crucial that national decision-makers step up their efforts to prevent election cyber threats.

The following strategies can be very helpful:

Implement an offensive security strategy

The best defense is a great offense. Taking a proactive approach to security by adopting offensive security solutions such as Penetration Testing as a Service (PTaaS), Attack Surface Management (ASM), Continuous Penetesting, and Red Teaming is critical. These solutions enable those responsible for safeguarding election technologies to discover and remediate vulnerabilities in their systems before they can be exploited by a threat actor. By identifying their systems’ most critical attacker entry points and attack paths, security teams gain the foresight they need to prevent an attack and remediate vulnerabilities quickly. Today, there are cyber security providers that integrate all of these technologies and solutions to provide cities, counties, and states with holistic solutions to proactively safeguard the electoral process overall.

Protect critical assets

The exploitation of a critical election system like vote tabulation software can seriously compromise elections and democracy. To prevent such compromises, it’s vital to protect these assets with a multi-layered approach that includes offline backups, encryption, role-based access control (RBAC), and robust access controls.

Implement DDoS protections

A DDoS attack can render election systems unavailable for legitimate voters. To prevent attacks, it’s crucial to implement protections like blackhole routing (filtering) and web application firewalls (WAFs) to filter malicious traffic, border gateway protocol (BGP) routes to redirect traffic to a cloud-based DDoS mitigation vendor, and limiting API calls to election-related services or applications.

Enforce multi-factor authentication (MFA)

Alongside other safeguards, MFA can help protect election systems from DNS attacks, brute force attacks, password spraying attacks, and unauthorized remote access attempts using stolen credentials. Ideally, election administrators should include MFA for both on-premises and cloud-based external-facing infrastructure in addition to other security measures

Enforce lateral movement protections

Clever threat actors often gain initial access into an election system with the purpose of moving through the network and persisting within it for a long time looking for confidential data to steal or destroy. In doing so, they can cause a lot of damage to ballots, voters, and elections. Election organizations can prevent lateral movements by protecting endpoints with EDR solutions and implementing firewall policies to prevent unknown/potentially malicious inbound connections. It’s also important to restrict common lateral movement tools like PsExec and DCOM.a

About BreachLock

BreachLock is a global leader in Continuous Attack Surface Discovery and Penetration Testing. Continuously discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing and Red Teaming.

Know your risk. Contact BreachLock today!

References

1. In Arizona, election workers trained with deepfakes to prepare for 2024

2. 2024 is a record year for elections