Absentee ballots, also called voting by mail, is a hot topic. The pandemic is forcing everyone to re-think what they’ll do this year. Many states expanded mail-in voting and, according to the Washington Post, up to 77% of Americans can now vote by mail. The numbers are staggering.
Voting by mail is nothing new. It’s a proven, legitimate method that our military and overseas voters used for years. Oregon and Hawaii standardized on mail-in voting throughout their states years ago.
But mail-in voting will certainly look different this year. The expected volume raised questions about how states will handle it. Unfounded allegations of voter fraud is politicizing it. And if that wasn’t enough, now there’s an emerging story about whether or not the Postal Service can deliver the mail in time. People are afraid their votes won’t count. It’s an unprecedented moment in American history.
As this unfolds within our nation, our adversaries watch constantly from the outside. The focus on mail-in voting could distract us from the other major threat: foreign interference and cyberattacks that affect election results. Election system security must be in the spotlight too.
Election systems are highly interconnected sets of networks, applications, databases, processes, people, and endpoints. There are no nationwide standards, so they’re different in every state. Small teams with strained budgets run and secure them. But they’re vital to our democracy. Election systems are valuable targets, ripe for cyberattack.
A Senate report on the 2016 election found that a foreign adversary compromised the Illinois Voter Registration Database (VRDB) and successfully exfiltrated data. Fortunately, no votes were changed, but the possibility remains: The report warns that they may have gathered enough knowledge to strike later.
Talos is watching too. “Everyone should understand that interference in, and attacks on, the election system are part of a larger, coordinated attack on the very concept of free democracies,” they warn in their blog Let’s Destroy Democracy.
And it doesn’t stop there. Conspiracy theories, false accusations, and divisive rhetoric — amplified by social media — sow distrust among voters. And who would’ve thought that our own Postal Service would be cause for concern? It can affect peoples’ beliefs and their votes. Faith in our election systems is already so fragile that we simply can’t allow cyberattacks to succeed.
Fortunately, progress is already being made. Talos documented four years of improvement since the last election. For instance:
But there’s more to do. That’s why, in late 2019, MITRE published its Recommended Security Controls for Voter Registration. It outlines five important steps to secure the heart of election systems: the VRDB. Here’s the summary of their recommendations:
The challenge is that these five steps aren’t just five steps. The details reveal a list of over 20 things, so their advice can begin to feel daunting.
We made it fast and easy to understand and act on MITRE’s recommendations. First, we prioritized them so you know exactly where to start. Then we aligned them with our security solutions — ones that are incredibly effective, simple, and easy to deploy — so that you make progress today.
Want to see how? Check these out:
Together, we can strengthen faith and trust in our election systems. Let’s keep them safe from cyberattacks and foreign interference. The US Mail? Maybe that’s a topic for another time.
Learn more at https://cisco.com/go/cybergov
The post Vote of Confidence: Securing the 2020 Election appeared first on Cisco Blogs.