Threat Intelligence, Critical Infrastructure Security

What security pros can learn from the bad information spread during this year’s election cycle

Share
Election security

COMMENTARY: Cybersecurity leaders across all levels of government face new challenges as this year’s election approaches – hurdles that are substantially different than the ones they dealt with four years ago when the last presidential ballots were cast.

Today, heightened domestic polarization has made physical threats to the safety of election officials and poll workers a greater concern. Fueling this polarization are foreign attempts to shape the public opinion of Americans, including perceptions about the fairness of the voting process and accuracy of election results. Even if officials run a secure election, they’ll still battle trust issues if there’s public perception that the voting process or election outcome is unfair.

Mis-, dis-, and mal-information defined

When we hear the phrase “election tampering,” we may picture an individual hacking into voting machines or voter databases. However, one of the most pervasive threats impacting cybersecurity today comes in the form of mis-, dis- and mal-information (MDM). It’s a new buzzword, but this activity has existed for more than a century.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

The rise of the internet and social media has made it easier to spread MDM. Take the 2016 U.S. election when the Russian Internet Agency (RIA) employed around 500 people to masquerade as Americans online, according to reports. These content creators generated about 80,000 social media posts designed to heighten U.S. domestic polarization. Other countries have followed suit, spreading MDM with the goal of influencing subsequent elections.

The role of Generative AI

While Generative AI (GenAI) isn’t the cyber “death ray” for threat actors as some predicted, it’s lowered the barrier to entry for and enhances the capabilities of those spreading MDM, making it easily accessible to a wider range of malicious actors.

Today, a handful of people using GenAI to create content could rival the output of RIA’s social media production in 2016, and these individuals wouldn’t need to be fluent English speakers or understand American culture to do so.

Beyond elections, GenAI makes MDM accessible to a wider range of individuals, with MDM having the potential to impact all industries. For example, mal-information introduced by a threat actor as part of a retail scam meant to mislead and harm consumers seeking to take advantage of a “too good to be true” deal around the holidays. Security and IT leaders can learn critical lessons from the ways in which MDM impacts elections, and how election officials are actively managing this risk.

There are several steps security and IT practitioners should take across the public and private sectors to guard against MDM:

  • Implement cybersecurity measures that generate information organizations can use to refute MDM claims: Firewalls can capture all network traffic and generate activity logs that cannot be edited, offering solid evidence for addressing claims that an intrusion occurred and explaining why an attacker cannot evade detection by changing the contents of the log files.
  • Use cybersecurity tools that integrate easily with the organization’s existing infrastructure: Implement a robust technology stack. Taking a platform approach to security can streamline daily operations, making it easier for leaders and their teams to manage and respond to threats. Look for products that offer automation, can easily integrate with existing technologies, and ingest multiple sources of threat intelligence.
  • Focus on preventing non-recoverable errors: Security and IT teams have a lengthy list of daily responsibilities, often making it challenging to set priorities. In the case of elections, officials should focus on the greatest risks—in short, anything that directly impacts voter participation. This may mean assuring the availability and integrity of the voting rights database needed for local governments to create ballots tailored to the races happening in each precinct or ensuring that every polling station gets equipped to register walk-up voters.

Of course, MDM represents just one of many cybersecurity risks that teams must work to manage. In the election process, it’s critical to secure everything from devices to databases, as MDM functions as just one of numerous digital threats. Activities that prevent citizens from voting are a concern: What if a ransomware attack locks the registration database in the months prior to election day? The inability to access it because the data has been encrypted could prevent local jurisdictions from pulling the data they need to create ballots for the registered voters in each precinct.

These ongoing challenges underscore the importance of periodically reassessing security controls along with risk management policies and processes. Taking proactive measures now to enhance cybersecurity will go a long way in effectively protecting our organizations.

Jim Richberg, head of cyber policy, global field chief information security officer, Fortinet

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Jim Richberg

Fortinet Field CISO working to bring cybersecurity solutions to industry and the public sector following a 30+ year career driving innovation in cyber intelligence, policy and strategy for the United States Government and international partners.

Served as National Intelligence Manager for Cyber, the senior Federal Executive focused on cyber intelligence within the $80+ billion US intelligence community (IC) annual operating budget. Senior Advisor to the Director of National Intelligence (DNI) on cyber issues. Set collection and analytic priorities for the IC’s 17 departments and agencies on cyber threats.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.