2020 election cybersecurity: Protecting U.S. elections against cybercrime
The campaign to protect the upcoming 2020 U.S. elections against cybercrime is on.
Among the cybersecurity threats facing the presidential election year: ransomware and foreign interference. One of the possible defenses against election tampering include multimillion-dollar legislative bills to fund paper ballots for federal elections.
Here’s a look at cybersecurity issues surrounding the upcoming 2020 elections.
Ransomware has become a real threat to governments and potentially to future elections.
Hackers launched 169 ransomware attacks on government agencies from 2013 through the first four months of 2019, according to cybersecurity firm Recorded Future.
The cybercriminals infect the computers of government agencies before demanding that they pay a ransom for an encryption key that will free their locked files and records.
The frequency of these attacks appearto be on the rise. Recorded Future found evidence of 46 ransomware attacks on government agencies in 2016, 38 in 2017, and 53 in 2018. During the first four months of 2019, though, Recorded Future found reports of 21 attacks.
The threat of ransomware looms large now as the U.S. gets closer to the 2020 elections. There’s fear that cybercriminals could deploy ransomware attacks to disrupt voting in states across the nation.
How ransomware could disrupt voter databases
Cybersecurity experts — including the highest-ranking cybersecurity official at the U.S. Department of Homeland Security — worry that cyber criminals could use ransomware to lock up the voter registration databases maintained by states. That’s according to a September 2019 analysis published in the Washington Post.
If this happens, state election officials would not be able to verify that people are voting in the right districts or even if they are eligible to vote.
This isn’t an empty threat. As the Post reported, Russian hackers in the 2016 elections targeted voter registration databases. That was one of the key revelations in a report filed by former special counsel Robert Mueller.
Why are these databases so vulnerable? They’re often connected to the Internet, making them an easier target for cybercriminals and nation state hacking groups.
The Cybersecurity and Infrastructure Security Agency — part of the Department of Homeland Security — has developed a major initiative to work alongside local election officials to help protect voter registration databases against ransomware.
The Agency is also working with thousands of voter jurisdictions across the U.S. on cybersafety measures to take ahead of election season.
Members of the U.S. House of Representatives and Senate have proposed several bills designed to protect U.S. elections from hackers. The problem? None of these bills have yet been signed into law.
In June 2019, the House of Representatives passed the Securing America’s Federal Elections Act. If passed, the Act would mandate that states use voter-verified paper ballots in federal elections. Voting with a paper trail, supporters of the bill say, would offer greater protection against hackers.
The bill would provide $600 milllion that would be passed out to states to boost voting security before the 2020 elections. The bill would prohibit voting machines from being connected to the internet and from being manufactured in foreign countries.
That bill passed the House, but did not receive support from Republican lawmakers. According to a story published by The Hill, only one Republican member of the House voted in favor of the bill. Because of this, it likely stands little chance of earning passage in the Senate.
Lawmakers who opposed the bill said that paper ballots will cause longer lines at polling places. They also said that it’s easier to lose, misplace, or tamper with paper ballots. Others pointed out that there is no evidence that voting machines have ever been hacked.
Other bills have been proposed, too.
The Defending Elections from Threats by Establishing Redlines Act, sponsored by Sen. Marco Rubio, R-Fla., and Chris Van Hollen, D-Md., would require the Director of National Intelligence to inform Congress about any foreign interference in elections within 60 days of any federal election. It would also require this official to name any senior Russian political figure or oligarch who knowingly interfered or contributed to interference in a U.S. election. This bill, too, is still under consideration but has not been passed into law.
Sen. Ron Wyden, D-Ore., along with 12 other co-sponsoring senators, in May 2019 introduced the Protecting American Votes and Elections Act. This Act would require, too, that states use paper ballots in U.S. elections and ban internet, Wi-Fi, and mobile connections to voting machines. This Act would also provide a $500 million grant program for states to buy machines that scan paper ballots. This bill, too, has not yet been voted on.
The attempts of hackers to influence the 2016 presidential election generated plenty of headlines. The actual hacking, though, got its start before 2016, with CNN reporting that the FBI first contacted the Democratic National Commitee in September 2015 to warn that at least one of its computers had been accessed by Russian hackers.
In November of that same year, according to CNN, the FBI reached out to the Democratic National Committee a second time, warning the Committee that one of its computers was sending information back to Russia.
In March 2016, though, the hackers got their big break. That’s when John Podesta, chairman of Hilary Clinton’s election campaign, received a phishing email with a link that directed Podesta to a page where he could change his password. Podesta asked a staffer from the campaign’s help desk if he should trust the email. The staffer made a typo, typing that the email was legitimate instead of illegitimate. Podesta then went to the page to change his password, which gave hackers access to his email messages, according to CNN.
In June of the same year, the Washington Post reported that hackers with the Russian governent stole oppositional research on Donald Trump from the Democratic National Committee’s computer system. The hackers were able, too, to read the emails and online chats of Committee staffers.
Right before the Democratic National Convention in July 2016, WikiLeaks published nearly 20,000 emails stolen from the Democratic National Committee’s server. This included messages from the organization’s chair, Debbie Wasserman Schultz, suggesting that the organization favored Clinton over her Democratic opponent, Bernie Sanders.
In July 2018, the U.S. Justice Department indicted 12 members of Russian intelligence agency GRU as part of Robert Mueller’s investigation. As CNN reported, the indictment says that the Russians hacked the emails and computer networks of the Democratic party during the 2016 presidential campaign.
It might seem that paperless voting machines are the wave of the future. But cybersecurity experts worry that voting machines that don’t leave a paper trail could be especially vulnerable to hackers.
In August 2019, news site Politico held an online discussion with cybersecurity reporter Eric Geller and voting security expert and University of Michigan professor J. Alex Halderman.
The biggest concern raised during this event? Halderman said voting systems that are connected to the internet are vulnerable to hackers. He said it took him and his students about 48 hours to gain full control and change the votes of an online voting system built for Washington, D.C.
The smart move? Halderman recommended moving to voting systems that use paper ballots. This might seem like a step backward, but it is believed that paper ballots would be less likely to be hacked.
Halderman said he testified to Congress in 2019 that it would cost about $370 million to implement paper ballots in every U.S. jurisdiction that doesn’t have them. Once the paper ballots are in place, it has been reported that it would cost less than $25 million a year to audit federal elections.
To help protect elections against cybercriminals, Halderman and Geller recommended that every federal election be conducted with paper ballots. They also recommended a requirement that every federal election should be subjected to a risk-limiting audit to confirm that computer totals match the paper ballots. Finally, Halderman and Geller recommended the establishment of federal cybersecurity standards for election administration, including requirements to follow security best practices for voter registration systems, election management systems, and outcome reporting systems.
More than 50 million customers trust Norton with their personal information.
Your partner against cyber threats. Norton 360™ with LifeLock™, all-in-one protection against evolving threats to your connected devices, online privacy and identity.
Try Norton 360 with LifeLock. Post, bank and shop from your device. We’ll keep it secure.
Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.