Trust in election results begins with faith in our election systems
US mail in the spotlight
Absentee ballots, also called voting by mail, is a hot topic. The pandemic is forcing everyone to re-think what they’ll do this year. Many states expanded mail-in voting and, according to the Washington Post, up to 77% of Americans can now vote by mail. The numbers are staggering.
Voting by mail is nothing new. It’s a proven, legitimate method that our military and overseas voters used for years. Oregon and Hawaii standardized on mail-in voting throughout their states years ago.
But mail-in voting will certainly look different this year. The expected volume raised questions about how states will handle it. Unfounded allegations of voter fraud is politicizing it. And if that wasn’t enough, now there’s an emerging story about whether or not the Postal Service can deliver the mail in time. People are afraid their votes won’t count. It’s an unprecedented moment in American history.
As this unfolds within our nation, our adversaries watch constantly from the outside. The focus on mail-in voting could distract us from the other major threat: foreign interference and cyberattacks that affect election results. Election system security must be in the spotlight too.
Attacks on democracy are everywhere
Election systems are highly interconnected sets of networks, applications, databases, processes, people, and endpoints. There are no nationwide standards, so they’re different in every state. Small teams with strained budgets run and secure them. But they’re vital to our democracy. Election systems are valuable targets, ripe for cyberattack.
A Senate report on the 2016 election found that a foreign adversary compromised the Illinois Voter Registration Database (VRDB) and successfully exfiltrated data. Fortunately, no votes were changed, but the possibility remains: The report warns that they may have gathered enough knowledge to strike later.
Talos is watching too. “Everyone should understand that interference in, and attacks on, the election system are part of a larger, coordinated attack on the very concept of free democracies,” they warn in their blog Let’s Destroy Democracy.
And it doesn’t stop there. Conspiracy theories, false accusations, and divisive rhetoric — amplified by social media — sow distrust among voters. And who would’ve thought that our own Postal Service would be cause for concern? It can affect peoples’ beliefs and their votes. Faith in our election systems is already so fragile that we simply can’t allow cyberattacks to succeed.
Let’s keep election systems secure
Fortunately, progress is already being made. Talos documented four years of improvement since the last election. For instance:
- Election systems are now considered critical infrastructure, just like energy and healthcare, and CISA makes important resources and services available to election officials
- Cooperation among federal and state officials has improved considerably
- Help America Vote Act (HAVA) funds have been allocated in both 2018 and 2020, after many years of inaction
But there’s more to do. That’s why, in late 2019, MITRE published its Recommended Security Controls for Voter Registration. It outlines five important steps to secure the heart of election systems: the VRDB. Here’s the summary of their recommendations:
- Secure external communications with authentication, encryption and monitoring of all network traffic
- Strengthen external and internal network defenses using network segmentation, intrusion detection and content filtering
- Enhance access management with multifactor authentication and role-based access control
- Improve system management and monitoring with asset visibility, logging, and endpoint security
- Facilitate recovery and ensure continuity of operations with recovery plans, system backups, and failover methodology
The challenge is that these five steps aren’t just five steps. The details reveal a list of over 20 things, so their advice can begin to feel daunting.
Cisco can help
We made it fast and easy to understand and act on MITRE’s recommendations. First, we prioritized them so you know exactly where to start. Then we aligned them with our security solutions — ones that are incredibly effective, simple, and easy to deploy — so that you make progress today.
Want to see how? Check these out:
- The short overview that aligns our capabilities with MITRE’s recommendations
- This whitepaper that supports the overview with more detail
- The webinar where I’ll guide you through everything
- Our Security Stories podcast where we cover this and much more
Together, we can strengthen faith and trust in our election systems. Let’s keep them safe from cyberattacks and foreign interference. The US Mail? Maybe that’s a topic for another time.
Learn more at https://cisco.com/go/cybergov
Voting by Absentee Ballot has been around for years and has been proven but, it is my understanding that the contentious issue right now is whether or not people can simply send in a post card to cast their vote without any verification process whatsoever. This is VERY different from voting via Absentee Ballot and thus would be subject to fraud. If this is the case then I personally don’t see how we can say we have a valid election.
There are several contentious issues around mail-in voting, and your comment underscores where many heads are: On the mail topic, and not on the cybersecurity topic. The point of this blog is that we must continue to strengthen election system security, as foreign adversaries who want to impact our election haven’t simply gone away. There are easy ways to make big improvements, all discussed here. To your point, though, please know that every state has rigorous verification processes. One place (of many) to learn about it is the US Election Assistance Commission: https://www.eac.gov/election-officials/voting-by-mail-absentee-voting
Thank you, Steve.
I came across your blog in my Google alerts and your blog speaks to the work we are doing at the Civic Alliance. Founded in January 2020, the Civic Alliance is a growing, nonpartisan coalition of leading companies coming together to strengthen our democracy by supporting safe, healthy and trusted elections, and by inspiring employees and customers to participate in civic life.
The Civic Alliance’s focus is broader — to encourage civic participation. Encouraging voting is an important part of our mandate. But we’re also focused on creating a culture of active civic engagement that endures year-round. We’re asking our member companies to embrace civic participation as part of their core mission — and in their outreach to employees and consumers. And, in 2020, we’re working with our member companies to make sure elections are safe and accessible for all.
The Civic Alliance is guided by this vision:
We believe that an active democracy is good for business, and an engaged business community is good for democracy. We aspire for a future where every American participates in shaping the future of our country, and where every company empowers employees and customers to be active and engaged in civic life.
The values of Cisco are alignment with those of the Civic Alliance as it relates to safe and trusted elections. I encourage you to check us out, http://www.civicalliance.com.