Lance Bellers - Fotolia
CISA chief: Ransomware could threaten election security
During a Black Hat USA 2020 session, CISA Chief Christopher Krebs said ransomware attacks on city, state and local governments are a major concern for election security.
With mounting concerns over the COVID-19 pandemic in addition to election interference, the biggest threat facing the 2020 elections may be ransomware attacks, according to Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency.
On the 90-day mark to the 2020 U.S. elections, the CISA chief spoke during a Black Hat USA 2020 session about updates to election security efforts that began following the 2016 presidential race. While the intelligence community continues to monitor Russia, China, Iran, North Korea and other countries that may try to target U.S. infrastructure or lead disinformation campaigns, it is clear ransomware attacks remain a top concern for CISA.
"When I look at the remaining time between now and November, I'm thinking about that ransomware actor. What can we do to protect those at-risk systems?" Krebs said. "Last year, we launched the voter registration ransomware initiative and this summer we are rolling out a pilot program across the country to introduce endpoint security detection capabilities in a number of jurisdictions."
Ransomware attacks on state and municipal governments have increased in recent years, causing massive disruption to government operations, including emergency services, and leading to millions of dollars in damages. Krebs said he has observed ransomware attacks occurring on a regular basis and not solely on state and local levels.
The CISA initiative to secure voter registration databases focuses on promoting "the basics" to state and local election officials, such as two-factor authentication and proper configurations for security controls. In addition to preventive steps, resilience measures such as backups are important.
"If something goes wrong, it might hit the voter registration database, or a pollbook for that matter; you can flip to that stack of paper to ensure voters can vote, whether it's early or on election day," Krebs said.
Mail-in ballots and paper trails
Krebs offered several recommendations for securing election processes, including efficient backups, as well as the importance of a paper trail to better ensure election integrity.
"The best risk management right now: paper," Krebs said. "We encourage states to shift to some system that has a paper record. Have the receipts so you can understand what transpired if you see something suspicious. We need to go back and check the records. That's what the paper ballot gives us."
Paper ballots associated with the 2020 vote have shifted from 80% to 92%, Krebs said, primarily because of COVID-19 risks for in-person voting.
Security professionals also agree on the integrity of paper ballots. According to the Black Hat USA 2020 attendee survey of 273 top security professionals from a wide variety of industries, more than two-thirds (69%) believe that any form of electronic voting is inherently risky and that paper ballots are significantly more secure.
While paper ballots help to mitigate risk, it will take time to count the votes, which is one reason Krebs stressed patience. "Because of mail in ballots, longer lines due to social distancing guidelines and so forth, on Nov. 3, it's quite possible we won't know who won the election."
During a session at RSA Conference 2020 earlier this year, Krebs told attendees he can't guarantee election security. "The American people need to understand that we are taking this seriously, and we're engaged on it," Krebs said. "But 100% security is not going to be the outcome."
Part of the problem, as Krebs said during Black Hat USA 2020, is that all forms of voting have some sort of risks associated with them.
"Whether it's in person, early, absentee or mail-in they all have types of risks and it's important for us to understand what they are, identify the security controls and provide support to state and local partners," Krebs said.
The first CISA director reiterated that while the federal government provides support, election security responsibility falls significantly on state and local officials.
In July, William Evanina, the director of the National Counterintelligence and Security Center, issued a statement about China, Russia and Iran, as well as other nation-states and nonstate actors who could harm the electoral process.
Russian interference is a top concern for cybersecurity experts as well. According to the Black Hat USA attendee survey, 69% believe that Russian cyber initiatives will have a significant impact on the outcome of the U.S. presidential election in 2020.
"That [NCSC statement] was the beginning of a conversation with the American people about the threats, but there is more coming. More details and more granular information," Krebs said.