With the US presidential election less than three months away—and early voting in some states set to start in late September—security experts are warning of possible cyber disruptions to the process, both foreign and domestic.
“Things will go wrong,” CISA Director Jen Easterly told the crowd at BlackHat on August 7. “I can guarantee that.”
Easterly added that she isn’t worried about overall election security. She said she feels confident in election infrastructure—it “has never been more secure”—and that disruptions “will not affect the security or the integrity of the votes.”
State by state. Despite the CISA head’s confidence, some states are already reporting problems. In Georgia, experts found a flaw in the Secretary of State’s online portal that opened the possibility of anyone canceling a voter registration as long as they had the voter’s personal information.
“It’s shocking to have one of these bugs occur on a serious website,” Silent Push Senior Threat Researcher Zach Edwards told ProPublica.
Meanwhile, 4.6 million Illinois voters had their data exposed in 13 databases managed by Illinois-based Platinum Technology Resource. Though there was no evidence the information was used nefariously, the data could “potentially allow malicious actors to send them misleading information (about voting dates, locations, or requirements) based on their party affiliation,” researcher Jeremiah Fowler told the Cyber Express.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Overseas danger. Other than exposed info and insecure databases, of course, there is the omnipresent danger of outside actors attacking US elections. Easterly, in her remarks at Black Hat, said that “adversaries will try to sow discord, and try to undermine American confidence in democracy.”
Intelligence officials from the Office of the Director National Intelligence told reporters in July that they believe hostile governments, including Russia and Iran, are planning on disrupting the 2024 contest if they can.
Hackers at this year’s DEF CON conference in Las Vegas worked on trying to breach voting machines—but any findings won’t be released in time for the election. DEF CON “Voting Village” organizer Catherine Terranova told Politico that makes for a tense situation.
“As far as time goes, it is hard to make any real, major, systemic changes, but especially 90 days out from the election,” Terranova said.
As Easterly put it at Black Hat, it’s important to stay vigilant.
“We should be prepared for it, we should expect it and we…should not allow that,” Easterly said. “It’s up to all of us to preserve democracy.”