Meanwhile, security officials have been pushing states to set up multiple offline backups to prepare for potential attacks on voter registration databases and election results reporting systems.
“The primary source of resilience for voter registration databases—in addition to ensuring good network segmentation, having multi-factor authentication, patching your systems—is to have offline backups,” Brandon Wales, the executive director at the Cybersecurity and Infrastructure Security Agency (CISA), told me recently in an interview for MIT Technology Review’s Spotlight On event series. “We have seen a dramatic increase in this over the last four years. States are in much better shape now than they were four years ago.”
CISA has also pushed states to build in other security layers, such as maintaining paper backups of e-poll books and all votes cast, and doing a risk-limiting audit after the vote.
But let’s be clear: for all the worry and hype, no such attack against election infrastructure has yet occurred.
The disinformation threat
Even a wildly successful ransomware attack against election systems would slow but not prevent voting, senior officials have said repeatedly. Instead, the real threat to election security would come in the aftermath.
“Whether it’s a nation-state or cybercriminal, whether the attack is successful or not, the biggest concern is the disinformation that will arise,” says Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future. “It’s a worry because people already have shaky confidence.”
A ransomware attack against election systems would give fuel to unfounded conspiracy theories that the election is rigged, unreliable, or being stolen. Take the widespread conspiracy theories over “mail dumping,” another attempt to undermine confidence in the election.
If any ransomware attack were to happen, then widespread disinformation about the vote itself would no doubt spread. And by the time such disinformation was debunked by traditional media or removed by social-media platforms, it might have reached millions of people. The biggest offender here is the president of the United States, who has proved an adept manipulator of the traditional press to push his disinformation campaign.
This is an excerpt from The Outcome, our daily email on election integrity and security. Click here to sign up for regular updates.