Election Cybersecurity: 2020 Presidential Election at Risk

Perfect Storm of Cyber Threats Puts 2020 Presidential Election at Risk

Perfect Storm of Cyber Threats Puts 2020 Presidential Election at Risk 1200 628 N2K

Mere weeks away from election day, the 2020 Presidential race is shaping up to be one of the most complicated and chaotic elections in history. With the coronavirus pandemic still raging, election officials are scrambling to ensure that Americans can cast their votes safely and secure their ballots from an ever-expanding array of cybersecurity threats.

The digital debacles of the 2016 election continue to cast a long shadow over US politics, as security and manipulation concerns from the 2016 election continue to be debated. This August, the U.S. Senate Intelligence Committee released the final volume in a series of reports detailing Russian interference in the 2016 election.

The reports document how the Russian government “engaged in an aggressive multifaceted effort” to influence the outcome of the 2016 election. These efforts included hacking networks and accounts linked to the Democratic Party as well as damaging information about Hillary Clinton and her campaign. All this while waging vast influence offerings on social media designed to sow political and racial divisions in the US, while spreading disinformation that Ukraine, not Russia, interfered in the 2016 election.

Russia shows no signs of slowing down; there are already indications that Moscow is actively meddling in the 2020 race. American intelligence officials say that Russia is leveraging a variety of techniques designed to damage Democratic presidential nominee Joe Biden. Those techniques include using a series of proxy websites to spread pro-Kremlin propaganda in the United States; laundering and amplifying anti-Biden disinformation to members of congress; and seeking to stoke racial animosity among Americans.

Russia, however, is not the only foreign nation interfering during this election cycle. U.S. intelligence officials say the Kremlin has plenty of company, with a slew of other nations — including China, Iran, Cuba, Saudi Arabia and North Korea — currently meddling in the 2020 race. These nations are all purportedly using cyberspace to spread disinformation inside the United States. Additionally, authorities say that nation-state threat actors are digitally surveilling American infrastructure.

In addition to this onslaught of threat actor activity, election officials’ previous performance during the primaries should also be cause for concern. In January, the Iowa caucuses experienced one of the biggest technological debacles in political history, when a new vote-tallying smartphone app malfunctioned due to a coding error. As a result, the Iowa Democratic Party (IDP) was forced to delay releasing the results of the caucuses. Investigations later revealed a series of problems in the app’s development process, including a lack of sufficient product testing and user training. This incident was not only a major embarrassment for the IDP, but also raised further doubts that officials could competently protect the integrity of American elections.   

At the federal level, U.S. government authorities have signaled that they are being much more aggressive in responding to election interference than they were in 2016. Paul Nakasone, the Commander of U.S. Cyber Command and Director of the National Security Agency, has detailed a new American strategy in cyberspace. This strategy shift involves moving American cyber operations from a reactive and defensive approach to a more proactive security posture — a new doctrine that Nakasone calls “persistent engagement.”

When Cyber Command was founded in 2010, it was largely focused on preventing infiltration into U.S. networks. But as adversaries’ attacks have become both more frequent and sophisticated, U.S. officials have found a passive cybersecurity posture to be inadequate. As such, the U.S. government has started to “defend forward” — that is, conduct ongoing cyber operations outside of American networks. This strategy involves actions such as capturing adversaries’ malware on hunt forward missions, and releasing it to the public so that organizations can adjust their digital defenses to protect themselves from these threats.    

The going coronavirus pandemic will only make securing the 2020 election more complicated, and create additional vulnerabilities for threat actors. Election officials have been forced to shift and close polling places. There has also been a nationwide shortage of poll workers. Election officials are scrambling to recruit and train new, younger volunteers to replace the traditional workforce — which is disproportionally made up of senior citizens, a group that is at highest risk for severe illness from coronavirus.

Perhaps the biggest change in the 2020 election will be a huge surge in the number of people voting by mail. The coronavirus pandemic is likely to keep many people away from the polls, and millions of these Americans are expected to vote via the mail for the first time. Questions are already being raised about whether the USPS can handle this influx of mail ballots. But Postmaster General Louis DeJoy has assured the American public that “the Postal Service is fully capable and committed to delivering the nation’s election mail securely and on time. This sacred duty is my number one priority between now and Election Day.”   

There are, however, already signs that mass mail voting could prove to be problematic. An investigation by the Washington Post found that more than 500,000 mail ballots, across 23 states, were rejected during primaries. Some of these ballots could not be counted by the delivery deadline. Other ballots, from first time mail voters, contained inadvertent mistakes. And still others were discarded due to uneven enforcement of rules designed to detect voter fraud.     

Officials have instituted a number of measures designed to protect the integrity of elections. These initiatives include identity verification (e.g. matching signatures to voter roles), bar codes (which track ballot processing), and secure drop-off locations and drop boxes (which prevent ballot tampering and help establish a secure chain of custody). Ultimately, however, elections are notoriously difficult to secure. Even the best people, processes, and technology are far from infallible.

As Georgetown Law professor and cybersecurity expert Matt Blaze warns, “I don’t think I’ve ever encountered a problem that’s harder than the security integrity of civil elections. In fact, every current voting system that’s been examined is terrible in some way and probably exploitable.”