How to Protect an Election
It was approximately the size of a beach ball, yet it changed the world and peoples’ perception of safety and security forever when it was shot into orbit on 4 October 1957. Suddenly, with the launch of Sputnik, the ocean was no longer a perceived obstacle for the Soviet Union to overcome to strike Americans.
“For the first time, the Soviets had the capability to reach out and touch us,” said Christopher Krebs, director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), in an appearance at the virtual Black Hat conference. “The oceans to our west and east no longer gave us that geographic isolation that we had worked for—that had protected us for years and years. They had the ability to disrupt in 1957.”
And almost 60 years later, Russia—using technology to enhance tactics gleaned from decades of experience—did it again by targeting the 2016 U.S. presidential election through a variety of cyber intrusions and coordinated disinformation campaigns.
“Once again, they were able to reach out and touch us—and give us that uncertainty that they could use cybertechniques to destabilize and ultimately undermine democracy,” Krebs said. “Prior to that point, cybersecurity incidents were intellectual property theft, a bad movie, financial crimes. But this was something much more visceral, so we knew we had a lot at stake for 2018—that we have a lot at stake for 2020.”
The 3 November 2020 election in the United States will be unprecedented. Millions of Americans are expected to vote by mail while dealing with a global pandemic, high levels of disinformation, and nebulous cyberthreats, all during a presidential election year.
But although Americans face vast challenges in securing the 2020 election, new systems and tools have been rolled out to level the playing field.
The United States is the fourth largest country in the world, and the scale of its election infrastructure is equally large. In 2016, there were more than 8,000 jurisdictions, 178,217 precincts, and 116,990 physical polling places, which approximately 80 million people used on Election Day. A total of 138.8 million ballots were cast, including mail-in and absentee votes.
The scope of running an election in the United States, along with the inherent contradictions that come with it, makes election security one of the most difficult and complex problems security practitioners need to address, said Matt Blaze, who has studied election security for decades and is now the McDevitt chair of Computer Science and Law at Georgetown University.
Americans want secrecy; they do not want someone to know how they voted or be able to prove exactly who they voted for. But they also want transparency; they want to know that their vote counted and that the full results of the election will be made public.
“We want to be confident that our vote was counted as cast and that the whole system was doing that for everyone else,” said Blaze, who is also a cofounder of the DEF CON Voting Village and on the board of the Tor Project, in a keynote address at Black Hat.
In the past, traditional election security concerns were focused on the actions of corrupt candidates and their supporters—buying votes, adding ballots, or interfering with the official count. All of these tactics are difficult to pull off, and there are system safeguards designed to prevent and protect against them, Blaze added.
These systems, however, often relied on paper-based systems for people to cast their votes—either in person at the ballot box or by mail. With the rise of direct recording electronic (DRE) voting machines after the 2000 election, however, more votes were subsequently cast through electronic means and software was introduced at almost every step of the election process.
Software is used to define ballots, configure voting machines, manage voter registration, check-in voters, tally results, and then report them out to the public.
“Software is really hard to secure. It’s hard to generally make software correct,” Blaze said. “Complexity makes it harder, and large systems pretty much always have bugs in them…software is designed to be replaceable and to be easily changed—and that’s true, even if you’re not authorized to do that.”
One other primary difficulty with election security is that if an irregularity is discovered, it’s almost impossible to redo an election. Elections often need to be certified by a specific date, and the logistics of pulling off a statewide or national election—again—before the date the new official assumes office makes it “pretty much impossible,” Blaze added.
This dilemma has caused many to advocate for a completely paper-based election system, where votes are cast by paper and then hand counted. But with millions of Americans eligible to vote, such a system would be enormous and prone to error, as people make mistakes. So, some software is necessary, but ideally the election system would not be overly dependent on it, Blaze said.
Fortunately, two breakthroughs occurred in the beginning of the 21st century that moved the system closer towards that goal. First, cryptographer and professor at MIT Ronald Rivest crafted the idea of “software independence,” which would require voting systems to be designed in a way that an undetected change or error in the software cannot cause an undetectable change in the outcome of the election.
Although Rivest did not develop a method for implementing software independence, his idea led statistician Philip Stark, professor and associate dean of mathematical and physical sciences at University of California, Berkeley, to design a way to use it for optical scan paper ballot voting machines (where a paper ballot is scanned into a machine and results are electronically recorded).
Stark found that you could choose a sample of ballots, audit them, and compare them to the true outcome. With enough samples, you could have high confidence that can be mathematically quantified that your election results are the same as you would get if you hand counted the ballots, Blaze explained.
Some U.S. states are making progress on implementing Stark’s method through risk limiting audits, and at the national level there are several bills before Congress that would fund such a shift for future elections.
However, not all election interference happens at the ballot box. Sometimes, it can occur months before Election Day rolls around.
Following the 2016 election, the U.S. intelligence community and the U.S. Senate Select Committee on Intelligence released numerous reports detailing Russia’s intrusions into election infrastructure and disinformation and misinformation campaigns.
While the United States was aware of some of Russia’s activities prior to the election, the analyses found that this information was not often shared with election officials, individuals who could take action to deter that activity, or the American public. (See “Rebuilding Trust After the 2016 Election,” Security Management, November 2019.)
In the lead-up to the 2020 election, officials have taken a very different approach. Over the summer, National Counterintelligence and Security Center (NCSC) Director William Evanina briefed Congress and put out a public statement about what the intelligence community was monitoring. He highlighted that foreign states will attempt to use influence measures to sway voters’ preferences and perspectives, increase discord, and undermine confidence in the democratic process.
Some of this is being instigated—once again—by Russia, which has denied it engages in such activity. Based on threats the NCSC is monitoring, Evanina said Russia is using a variety of measures to denigrate Democratic nominee former Vice President Joe Biden and the anti-Russia establishment.
“This is consistent with Moscow’s public criticism of [Biden] and when he was vice president for his role in the Obama Administration’s policies on Ukraine and its support for the anti-Putin opposition inside Russia,” Evanina explained. “For example, pro-Russia Ukrainian parliamentarian Andriy Derkach is spreading claims about corruption—including through publicizing leaked phone calls—to undermine former Vice President Biden’s candidacy and the Democratic Party. Some Kremlin-linked actors are also seeking to boost President Trump’s candidacy on social media and Russian television.”
But Russia is not alone this time. China has learned from Russia’s tactics, and the U.S. intelligence community assesses that it does not prefer that Trump win reelection. China is adopting influence efforts similar to Russia’s to shape the policy environment in the United States, pressure political figures it views as opposed to China’s interests, and deflect and counter criticism of China.
“Although China will continue to weigh the risks and benefits of aggressive action, its public rhetoric over the past few months has grown increasingly critical of the current Administration’s COVID-19 response, closure of China’s Houston Consulate, and actions on other issues,” Evanina said. “For example, it has harshly criticized the Administration’s statements and actions on Hong Kong, TikTok, the legal status of the South China Sea, and China’s efforts to dominate the 5G market. Beijing recognizes that all of these efforts might affect the presidential race.”
The U.S. intelligence community is also monitoring Iran, which is also attempting to sow division ahead of the election while undermining U.S. democratic institutions and President Trump.
“Iran’s efforts along these lines probably will focus on online influence, such as spreading disinformation on social media and recirculating anti-U.S. content,” Evanina said. “Tehran’s motivation to conduct such activities is, in part, driven by a perception that President Trump’s reelection would result in a continuation of U.S. pressure on Iran in an effort to foment regime change.”
The information Evanina shared was the most up-to-date threat intelligence he could provide in an unclassified setting. But he pledged to continue to provide updates as the election approached to keep the public—and election security stakeholders—informed of the threat landscape.
“Aside from sharing information, let me assure you that the [intelligence community] is also doing everything in its power to combat both cyber and influence efforts targeting our electoral processes and continues to support [the Department of Homeland Security] and FBI in their critical roles safeguarding the election,” Evanina said. “…we are all in this together as Americans. Our election should be our own. Foreign efforts to influence or interfere with our elections are a direct threat to the fabric of our democracy.”
Russia has been extremely successful in its ability to craft disinformation campaigns—the spreading of information that is deliberately misleading—that are engaging on social media, said Renée DiResta, research manager for the Stanford Internet Observatory, in an appearance at Black Hat.
Russia is the “best in class for information operations,” she explained, adding that the country has a demonstrated commitment to agents of influence and media manipulation, as well as network infiltration.
Key to Russia’s success has been its ability to have agents of influence (individuals who work to influence an audience on behalf of someone else, but their audience is not aware of the true intent) create communities—such as Facebook groups—and share disinformation within them. Then individuals involved in those groups spread that disinformation to others, unknowingly.
These agents of influence can also spread information at the behest of the Russian government to achieve its goals, such as the hack-and-leak attacks on the Democratic Party in the lead up to the 2016 election where internal documents about the Clinton campaign were obtained by Russian threat actors, leaked to pro-Russia media outlets, and then spread online by agents of influence on Twitter and Facebook.
DiResta said she anticipates that Russia will engage in similar activity ahead of the 2020 election, along with releasing information about potential hacks of voting machines to sow distrust in the system, create division, and undermine faith in democracy.
These personas and materials will resonate because of existing “underlying societal divides” and low levels of trust in institutions and government, DiResta said.
“You can’t hack a social system if the system is resistant to attack,” she added. “And ours, unfortunately, is not.”
The Federal Response
To help coordinate a federal response and enhance election security, the U.S. Department of Homeland Security stood up CISA in the wake of the 2016 election. The agency has taken the primary role in working with state and local partners to protect election systems, part of U.S. critical infrastructure.
The beginning of this effort involved identifying stakeholders and those responsible for running and securing elections in their local jurisdictions. CISA also needed to learn about the existing infrastructure that supports elections, from voter registration systems to the methods that precincts use to report votes.
After that work went into effect and was largely successful for the 2018 midterm elections, CISA rolled out its Protect 2020 campaign, which consists of four prongs: protecting election infrastructure, enhancing the ability to identify threats and respond to them, engaging partisan organizations and campaigns, and engaging the American public.
Key to the initiative has been getting buy-in and support from local and state election officials, who are tasked with holding elections and are not required to enact any of the measures CISA recommends.
CISA has helped earn this support by providing security services, such as penetration testing, training and exercises, and nationwide tabletops, says Geoff Hale, director of CISA’s Election Security Initiative. The most recent tabletop exercise was conducted remotely at the end of July 2020.
Additionally, Krebs said that CISA has drastically enhanced visibility across election systems and networks. The agency gave jurisdictions in all 50 U.S. states intrusion detection systems—known as Albert monitors. Some states, such as Florida, now have Albert coverage across every county in the state.
CISA also provided a variety of resources, including guidance released in summer 2020 on creating an incident response plan. Election officials have experience with creating contingency plans for natural disasters but “2016 was a watershed moment with the introduction of cyber risks to elections,” Hale says. “We’ve worked with them to have resources and develop incident response plans—who they would communicate with in that scenario.”
CISA also released a variety of other references for election officials, such as assessments on Election Infrastructure Cyber Risk and Mail-in Voting in 2020 Infrastructure Risk, a Guide to Vulnerability Reporting for America’s Election Administrators, and a Cyber Incident Detection and Notification Planning Guide for Election Security.
The Protect 2020 campaign also emphasizes doing the basics better, which will improve systemwide security. This includes encouraging better system configuration and adopting multifactor authentication to help prevent errors or unauthorized system access.
CISA has also worked with state and local partners on hardening their infrastructure to create fail-over mechanisms and backups of their systems. This includes analog backups, Krebs said, so if something goes wrong a volunteer can easily work through a plan to ensure that voters can continue to cast their ballots.
Communication has taken on an increasingly important role as CISA works with election officials to help them prepare to conduct an election during the ongoing COVID-19 pandemic. Early on, CISA worked with the U.S. Centers for Disease Control and Prevention (CDC) and the U.S. Department of Health and Human Services to develop guidance and plans for running an election while also maintaining social distancing requirements.
That guidance was issued through elections coordinating councils and includes everything from managing lines to keeping poll workers safe to communicating to voters about the availability of their polling location, which might be in a school that is closed. CISA has also worked with federal partners to recruit as many as 1 million poll workers for the 2020 election. This is especially important for 2020 because poll workers are often elderly volunteers who are more vulnerable to COVID-19 and may choose not to volunteer this year, Hale says.
Along with additional measures to protect volunteers and in-person voters, many U.S. states are looking to increase the ability to vote by mail—which is not how most voters have cast their ballots in the past.
As of Security Management’s press time, concerns were being raised about the ability of the U.S. Postal Service to deliver completed ballots on time. Thomas J. Marshall, general counsel and executive vice president of the Postal Service, sent a letter to 46 U.S. states on 29 July warning officials that mail delays may result in disqualifying some correctly cast mail-in ballots and absentee ballots.
“Some states anticipate 10 times the normal volume of election mail. Six states and D.C. received warnings that ballots could be delayed for a narrow set of voters,” according to The Washington Post, which broke the story after obtaining copies of the letters. “But the Postal Service gave 40 others—including the key battleground states of Michigan, Pennsylvania, and Florida—more-serious warnings that their long-standing deadlines for requesting, returning, or counting ballots were ‘incongruous’ with mail service and that voters who send ballots in close to those deadlines may become disenfranchised.”
The U.S. House of Representatives Oversight Committee was scheduled to hold an emergency hearing on the mail delays, with an invitation to Postmaster General Louis DeJoy to testify on 24 August.
Despite the concerns about delivery of ballots, switching to a more paper-based system could further strengthen election security, CISA’s Krebs said. Using a paper-based system ensures that election officials have a physical means to verify their results, if they needed to.
“Auditability—you have the ability to effectively go back and check the logs,” Krebs explained. “You have the receipt, and you can understand what transpired if you see something suspicious.”
After the 2016 election, CISA recommended election officials shift to using a paper-based system. As of August, 92 percent of jurisdictions were on track to have such a system in place by November.
Another part of this effort has been to prepare voters themselves on what to expect on Election Day. Unlike previous elections, the results will likely not be verified within 24 hours. The increase in the number of mail-in and absentee ballots will result in a delayed tally of votes.
To set expectations, officials have been regularly repeating that the results may take some time to calculate—possibly even several weeks—but that does not mean the results are invalid.
“The last measure of resilience is an informed, patient voter,” Krebs said. “It’s going to take time to count the vote, whether it’s absentee ballots coming in, whether it’s longer lines. Whatever it takes, it’s going to take a bit more time.”