Critical Need for Election Cybersecurity

This week’s topic is election cybersecurity.  Given issues in prior elections and our current COVID-19 challenges, we need to be on red alert regarding the cyber threat to the November election.  If you think about foreign actors, whether they are nations or terrorist organizations, significantly disrupting November’s election would be near the top of their targets.  Fortunately, there are a number of talented organizations and people working on this issue; but, more focus and resources should be devoted to this topic as soon as possible.

Here is a review of what and where these threats are:

1. Misinformation

This has been a problem in past election cycles.  Foreign actors have and will continue to interfere in the online discussions regarding candidates and election issues.  The primary parties on the front lines are the big tech companies that have the online forums, email services, etc.  Improvements have happened but this area will continue to be an ongoing risk to our democracy.  These organizations don’t have consistent policies and have limited resources to police a huge universe of discussion. More needs to be done!

2. Registration rolls

One of the most effective ways to disrupt an election would be to sabotage voter registration rolls.  This is an issue primarily at the local level where these lists of registered voters are maintained.  Unfortunately, local governments are typically less equipped to address cyber threats than state or federal governments.  The threats range from having the entire roll being wiped out to having specific voter profiles corrupted with incorrect information.  Even limited corruption could throw the integrity of a community’s polling results into question.  Responsible jurisdictions need to make sure they have strong cyber protections in place in addition to considering good, old-fashioned ideas like printing backup copies of the rolls.

3. Vote collection and counting

The risk on vote collection is clear given the hot discussion currently taking place regarding the U.S. Postal Service.  This will be a record year for voting by mail.  The U.S. Postal Service has an absolutely critical role in making sure ballots are delivered and returned efficiently and effectively.  In addition to the current funding discussion in the news, the USPS is a major risk point for a cyberattack.  A cyberattack on sorting equipment could dramatically disrupt voting on a national scale.

The risk regarding vote counting is another largely local government issue.  Votes are still cast in many different fashions but most of them involve electronic devices somewhere in the process.  Almost every electronic device is subject to hacking.  This hacking could take the form of either a counting failure or changing the count between candidates.

When discussing any cyberthreats, it is important to do a risk assessment to determine the most likely threats and have a crisis response plan in place.  

In terms of risk assessment of these cyberthreats, any of them could be devastating.  The highest likelihood area would be multiple local level attacks in swing states.  There are likely many local jurisdictions that don’t have strong enough protections in place and could be attacked on Election Day in either their registration rolls or voting machines.  Although we have millions and millions of voters, presidential elections come down to a relatively small number of swing votes in key states due to the Electoral College.  These key jurisdictions need special attention and support.  

One of the main reasons that our risk for this election is so high is that the foreign actors know we don’t have a good crisis response plan in place.  An attack in this area could fracture our nation for a significant time period in a profound fashion.  Unless it was quickly identified as a foreign action against our nation, both political parties would likely end up in turmoil fighting against each other.  Remember the national mess we had back in 2000? Imagine that scenario and multiply it exponentially.

We need to encourage our elected officials at all levels of government to prioritize election-related cybersecurity now!  There are very bad actors who are proven experts at cyberattacks.  The number one target in the world today would be to disrupt our November election. Our nation is too divided today already; messing up our November election would be the quickest way to dramatically magnify our divisiveness and threaten our democracy.  

Earlier I mentioned talented people and organizations that are working on this topic.  Here are a couple links for more information:

USC Election Cybersecurity Initiative -   www.electionsecurity.usc.edu

Dan Lohrmann blog in Government Technology (I worked with Dan at the state Of Michigan and his blog has a great list of resources) - https://www.govtech.com/blogs/lohrmann-on-cybersecurity/how-election-security-has-become-a-top-issue.html

Remember, Relentless Positive Action in your life will help you and others. So, I wish you RPA every day!