Approach towards Election Security: Cyber Resilience of Election Infrastructure & Role of People, Process ,Technology.

Innovation in Electoral Technology

By Rajiv Singh
President – IT & Security at Pentacomp Group

Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.

Elections play a vital role in a free and fair society and are a cornerstone of American democracy. We recognize the fundamental link between the trust in election infrastructure and the confidence the public places in basic democratic function. A secure and resilient electoral process is a vital national interest.

The goal to Manage and secure election infrastructure on a day-to-day basis. Reduce risks and ensure the integrity of elections at the state and local level.

Understanding the Drivers of Election Security:

C-level Geo-political Cyber View, Cyber Superpowers – World Balance, Role of Nation State Actors.

Understanding the Approach to Secure Election:

Know the Cyber Hacker’s Mindset, Implementing Technology & Frameworks to Secure Elections, Inter-Agency Co-ordination & Intelligence Sharing , Cyber Responder’s skill Training ,

Understanding the Types Of Challenges & Threats Influencing Elections (Pre & During-Elections):

Elections – Election Day/Voting Machines & Vote by Mail

Emotet Malware Infection

A state fell victim to a cyberattack. Servers were impacted, causing interruptions in computer access to several departments throughout the city. Access to email was lost, credit cards couldn’t be processed, and the website completely lost its functionality. Employees had to use temporary email accounts to perform some of their core job functions. The attack caused a major disruption and took many hours to get systems back up and running.

Another case of a state , suffered a cyberattack in which threat actors used malicious software to compromise 14 inboxes under the Department jurisdiction. The attackers gained access the emails addressed to these mailboxes. The hackers used a version of the Emotet malware. In this case the hackers used the stolen information to spread their malware. Cybercriminals sent seemingly legitimate messages to those who contacted the afflicted mailboxes, appearing to originate from the State Department, and included malicious attachments.

Distributed Denial of Service Attack

The days just before and after Election Day are the most likely time for adversaries to launch DDoS attacks. Beyond voter information portals and registration sites that give voters information about voting hours or where they can vote, prime DDoS targets include election night results websites and communications between boards of elections and polling locations. attacks on election infrastructure can hinder access to voting information.

Social Engineering

Attacks were launched against a certain customer base that claimed to be from a violent hate group, directing recipients to vote for a certain candidate in the election. The attacker had access to the recipient’s personal information as well as the ability to identify how the recipient typically votes. This sort of intimidation-based social engineering was similar to strategies seen in extortion attacks.

Another case the State voter registration ‘error’ phishing scam informs recipients that their voter’s registration applications are incomplete, luring them into sharing Social Security numbers, license data and other personal information with attackers. The fraudulent emails sent in this campaign appear to come from the Election Assistance Commission, and contain a malicious URL leading to a spoofed web page that steals a variety of personal data including name, date of birth, mailing address, email address, Social Security number and driver’s license information. The page is carefully engineered to appear legitimate, and even includes images pulled from State’s official site.

Ransomware

A state county was hit with a ransomware attack on their county and election infrastructure. The attack affected the county’s voter signature database, as well as the voting precinct map hosted on the county website. In this case, attackers did not specifically target election systems, but the loss of access to the voter signature database significantly slowed down absentee ballot processing. The attack raised concerns regarding the potential impacts of ransomware on election infrastructure systems.

A. company that sells election results software to cities and states was hit by ransomware. While the company is not responsible for tallying votes, the software is used by election officials to aggregate and report votes in at least 20 locations around the country. The company launched an investigation into the attached and ultimately paid an undisclosed ransom amount to unlock their systems.

The discussion sessions include:

Compliance with Global Security Standards -Election Security
Standards Awareness & Meeting Compliances

Understanding Election Security
Challenges & Threats to Election Security
Cyber Technologies & Frameworks – Effective Utilisation
Risk Based Technology Adoption & Best Practices

Securing Elections - Case Studies
Emerging Threats to Fair Elections
Managing Disruption -Prior & During Elections
Think Like a Hacker – To Build A Defence Strategy

Understanding Cyber Framework for Election Infrastructure
Components of Security Framework -An Overview
Building A Robust Election Infra Security Framework

Tools & Implementing Security Controls – Protecting Election Infra
Cyber Tools to Detect Threats, Protect Election Infra
Identify Existing Gaps in Compliance to Risk Controls
Design Remediation Plan & Implementation For governance

Incident Response Capability
Understanding Security Standards in Incident Response
Cyber Training for Responders -Preparing to Respond
Building Incident Response Plan and Digital Forensics

Integrated Election Security (People Process & Technology)
Avoiding Silos in Election Security
Managing Security – Preparing A Stakeholders’ Ecosystem
Building Disaster Recovery – Plan , Design & Implement

Staying Ahead of The Adversary- Election Security
Emerging Threats – Metaverse, Deep Fake
Privacy Concerns & Rising to The Challenge

Draw a Plan , Readiness to address Elections Security and Defend against Intervention:
Social Media Monitoring & Sentiment Analysis
Telecom Communication Protection
Critical Infrastructure Security Monitoring

Conclusion:

Building Cyber Resiliency with Technology and Implementing Best practices in Election Security can go a long way in Cyber deterrence capability and prevent bad actors harming a Fair Elections process.

Forthcoming Events

Sponsorship and Exhibition Opportunities

If you’re interested in promoting your company, products and/or services at our events, please drop us an email and we will contact you directly. Alternatively, please call
+44 7821 863613 for more information.

How to Book

+44 (0) 20 3137 8648
info@parlicentre.org