Election Security: DHS Plans Are Urgently Needed to Address Identified Challenges Before the 2020 Elections
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has helped state and local election officials secure online voter registration systems, voting machines, and other election infrastructure since 2017. Elections officials we interviewed in 7 of 8 states said they were very satisfied with CISA’s support.Election primaries begin in February.
Chris Olson, CEO of The Media Trust says, “The cyber risks that presidential hopefuls face goes beyond encryption and domain management at the state and local level. Protecting our election systems and voters from hacking and disinformation campaigns requires understanding how the digital ecosystem is used to target consumers with customized messages to influence their behavior. Candidates’ websites, like all others, rely heavily on code supplied by third and Nth parties. This digital supply chain is a popular target of attacks, because digital third and Nth parties too often pay little attention to security and privacy yet can access sensitive contributor information like email and mailing addresses, employer names, and credit card details. To make matters worse, the code third parties supply to these sites aren’t within the control of candidates’ IT teams; they have no way of seeing the code without specialized tools and expertise. Our adversaries focus their efforts on this largely unmonitored third-party code on candidate websites/mobile apps to extract voter preferences and design disinformation campaigns. If candidate teams know and keep track of what code is doing what in their digital assets, they’ll stem the spread of fake news that has unfortunately become part of our everyday lives.”