The approach of the US election season is a good time to reflect on cyber threats to our political process, particularly from foreign state adversaries due to their vast resources, advanced capabilities, and malign intent. Cyber threats to our election system also come from other sources, such as hacktivists and criminal organizations, but while they too can create problems, they are not on the same scale or level of competence as those posed by autocratic states like China, Russia, and Iran.
We normally think of foreign cyber threats in terms of espionage, economic competition, or disruptive attacks against military and infrastructure targets. More and more, however, we are seeing them attack our internal political processes as well. Why? The answer is that we are currently in the midst of a world-wide struggle between contrasting visions of the proper relationship between peoples and their governments, a Second Cold War if you will. China is a Communist police state; Russia broke with Communism but retained many repressive features from its Soviet and Tsarist past; and Iran is a theocracy in which ultimate political power resides with an unelected “Supreme Leader” who rules for life.
Throw in the North Korean, Cuban, and Venezuelan Marxist dictatorships for good measure. What these very different countries all have in common is an authoritarian philosophy of government. For them, the mere existence of functioning democracies in which the government derives its authority from the consent of the governed through regular, fair, and competitive elections represents a fundamental threat to their legitimacy.
These repressive state actors thus have a deep interest in undermining the democracies to portray them as chaotic, dysfunctional, and corrupt, and we see growing cyber-enabled actions by all of them to sow doubt, confusion, and discord among us. While some may also try to sway election results in one direction or another due to a perceived advantage that might be gained from particular election outcomes, their goals in this regard are often in conflict. It is their disdain for and fear of democracy itself that truly unites them.
The good news is that, at least for the United States, current safeguards and redundancies make it unlikely that any foreign actor could materially alter US election results via cyber manipulation, but that does not mean cyber threats to the democratic processes are not grave. Autocratic state actors and cyber criminal organizations aligned with them are intensely focused on compromising information networks used by the institutions administering elections, political campaigns, and election management systems, and their efforts are ongoing. The main risk is not that this will directly affect elections, but that breaches and subsequent leaked insider information and the publicity around it will be manipulated and amplified using inauthentic social media and other foreign influenced or controlled media to exacerbate our internal partisan divisions and create doubts about the election process. In democracies political and societal divisions play out in the open, often passionately. Enemies of democracy carefully study those divisions and combine hacking and covert social media to pour gasoline on the embers to inflame attitudes, cloud reason, generate anger, hate, and ultimately undermine support for democracy itself.
The solution is to be aware that this is happening and to increase our knowledge about the tricks used against us and the prudent measures we can take to spot and avoid them. The best bet is to use a dynamic cyber-security awareness training platform such as that offered by Phishfirewall. In the near-term, however, if you are involved in the election process in some fashion the guidance provided by the FBI notice linked above on recent indications of election interference are worth repeating.
Teaching your team how to be more secure isn’t Rocket Science:
- Educate employees on how to identify phishing, spear-phishing, social engineering, and spoofing attempts.
- Advise employees to be cautious when providing sensitive information – such as login credentials – electronically or over the phone, particularly if unsolicited or anomalous.
- Employees should confirm, if possible, requests for sensitive information through secondary channels.
- Create protocols for employees to send suspicious emails to IT departments for confirmation.
- Mark external emails with a banner denoting the email is from an external source to assist users in detecting spoofed emails.
- Enable strong spam filters to prevent phishing emails from reaching end users.
- Filter emails containing executable files from reaching end users.
- Advise training personnel not to open e-mail attachments from senders they do not recognize.
- Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to have strong, unique passwords.
- Passwords should not be reused across multiple accounts or stored on the system where an adversary may have access. (Note: Devices with local administrative accounts should implement a password policy that requires strong, unique passwords for each administrative account.)
- Require multi-factor authentication for all services to the extent possible, particularly for webmail, virtual private networks, and accounts that access critical systems.
- If there is evidence of system or network compromise, implement mandatory passphrase changes for all affected accounts.
- Keep all operating systems and software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.