Security in elections
Free and fair elections are the cornerstone of democracy worldwide
A few weeks before the election, the Attorney General launched an investigation into several cyberattacks allegedly attributed to the Russian military intelligence GRU. These include phishing attacks and disinformation campaigns to spread conspiracy theories that are intended to influence the outcome of the election.
Free and fair elections are the cornerstone of democracy worldwide. But democratic elections are increasingly threatened by foreign aggressors who seek to manipulate or undermine the process or outcome of the elections. Accordingly, the responsibility of those who have to contribute to the security of elections increases.
CrowdStrike, a global leader in the defense against cyber attacks, would like to pass on some recommendations for protection against election manipulation to the relevant responsible persons below.
When we started CrowdStrike almost 10 years ago, it was clear to us that it is just as important to know how an attacker proceeds as who the attacker is. At that time, we were sure that attackers could be identified and eliminated through careful observation and analysis. This has been confirmed to this day. Anyone who wants to develop a sound model of threats must understand their opponents and their attack practices. Without such a model, there is no clear answer to the question of how to conduct cost-benefit analysis for potentially risky actions or the use of untrusted applications or systems, how many potentially inconvenient security controls should be imposed on authorized users, and how much an organization as a whole must invest in security. More importantly, organizations that do not understand the threat they face cannot properly allocate and prioritize their resources or strategically address cybersecurity issues.
As we have focused for years on analyzing potential attackers, we have been able to build arguably the most extensive cyber threat expertise in our industry. This know-how is flanked by the CrowdStrike® Services – the reliable services for the prevention of incidents, which I am in charge of. The CrowdStrike ® Services team regularly removes attackers from the networks of those affected and prevents further activities. Together with CrowdStrike Falcon®, our benchmark endpoint security platform, we prevent security breaches in our global customer base.
Institutions and organizations from the entire public and political sector as well as organizations at the federal, state and local level therefore rely on CrowdStrike when it comes to defending against cyber attacks. In recent years, we have repeatedly prevented security incidents or responded to cyber attacks targeting political campaigns, advocacy groups or governments of all sizes. Our outreach work in the 2016 U.S. election campaign to counter threats should not obscure the ongoing commitment to elections in the United States and other parts of the world, from which we can learn more lessons.
Our work to date gives us a unique view of the threats we face in 2021 and beyond. With the following recommendations, however, we do not want to describe concrete and current threat activities. Rather, we would like to encourage organizations and institutions to fundamentally adapt to threats of this kind.
The most common type of attack on political institutions and electoral bodies continues to be the break-in of IT networks, assets and resources. At risk are organizations and individuals alike. The attacks target personal accounts and devices. In the run-up to “hack and leak”campaigns, security breaches often occur in which confidential personal information is leaked to the public. Ransomware attacks are aimed at disrupting business processes and ultimately the entire operation. In addition, attacks can be strategically planned in such a way that maximum damage occurs.
Attackers use traditional communication channels and social media to spread false or falsified information. The social media multiplier is preferably used by people with a long reach or people or groups who have received the information under false pretenses. Increasingly, these campaigns are associated with manipulated media or bots that seem credible at first glance.
Even organizations with strict security measures depend on third parties who can become victims of cyber attacks. Spectacular security breaches in recent years have shown that attackers can threaten dozens or even hundreds of users or customers by compromising a single service provider.
Recommendations and resources
Apart from a targeted planning for the defense against the mentioned threats, we recommend the following points:
Firstly, there should be a comprehensive analysis of the composition of the electoral environment as a whole. It can be assumed that those who work directly in the electoral administration know the context, sensitivity and importance of their work. But those who are supportive, or those who otherwise play an important role in the successful conduct of elections, may not see themselves as potential targets or take adequate security measures. People working in industries as diverse as television, IT services and logistics can also ultimately play a role in the successful conduct of fair elections.
Even before the COVID-19 crisis with its multitude of new and complex challenges for election logistics, strong security best practices were crucial. Today, it is even more important than ever that all participants in the entire electoral system pursue a risk-oriented defence concept.
Secondly, it is essential to have the technical skills to track down an attacker and expel him from the network before he can actively pursue his goals there. Speed is the key: we recommend applying the “1-10-60 rule”: detect threatening activities in your own environment within one minute; analyze these activities within 10 minutes; isolate the attacker or throw him out of the net within 60 minutes.
In addition, all those involved in the organization and conduct of elections should familiarize themselves with the resources that can help them in the proper conduct of the elections. Last year, we launched the CrowdStrike Cybersecurity and Election Security Resource Center. The website lists facilities we work with and programs we support. In addition, there are useful videos, lectures and materials from third parties who make a positive contribution in this area.
Many people involved in elections have become much more organized in recent years and will focus more on protecting elections in the future. In addition, both voters and election workers are now aware of the threat of disinformation and other tactics by foreign aggressors who want to influence the election process. After a long period of underinvestment, policymakers around the world now see the need for additional funds for elections in general and for election security in particular.
But there is more to do. While raising awareness is a good start, we must actually implement our strategies to mitigate the risks. The threats are real and the attackers are stronger than ever. We must all do our part to ensure that the elections in 2021 and beyond can be held worldwide without malicious interference.