Election Day Cybersecurity Holds
Despite adversarial threats, voting day goes off mostly without issues, cybersecurity officials say.
Despite attempts from adversaries such as China, Iran and Russia to compromise voting on America’s Election Day, the election system worked well, even with the record levels of voting, reported senior officials with the U.S. Department of Homeland Security’s (DHS’) Cybersecurity and Infrastructure Security Agency (CISA). The cybersecurity concerns now move to protecting the final vote counting, canvasing, auditing, certification and inauguration phases.
“Our top priority at DHS and CISA is to ensure that American voters decide American elections,” said DHS Acting Secretary Chad Wolf yesterday morning. “We believe it is absolutely critical that our democratic process is free of foreign undue influence here at home or from abroad.”
The United States faced “a multitude of foreign interference threats” against election infrastructure in particular from China, Iran and Russia, Wolf indicated.
“China, Iran and Russia would like nothing more than to manipulate our democratic process for their own benefit,” the acting secretary said. “Let me be clear: our election infrastructure is resilient. We have no indications that a foreign actor has succeeded in compromising or affecting the actual votes cast in this election but we do remain on high alert here at DHS and CISA throughout the day and beyond to make sure that the integrity of our election infrastructure maintained.”
Just before midnight on Election Day, senior CISA officials confirmed that from a cybersecurity perspective, there was “nothing significant” to report. “What we're seeing out there right now is that the election officials are doing their due diligence in counting votes,” one CISA official stated. “Remember that election reporting is unofficial [until certified] and that election officials are working to get an accurate count. We’ve got to continue to preach patience.”
Some jurisdictions reported minor incidents, including in several counties Georgia, where a few locations extended voting hours to combat delays. CISA senior officials confirmed that there was nothing malicious in Morgan and Spaulding counties in the state. “It may not have been as smooth as they wanted, but they were able to keep folks voting and move forward with the process,” one official stated. Moreover, there were no lingering impacts in Hall County from a ransomware attack a week before.
The FBI did investigate so-called robo calls seen in some states yesterday trying to intimate voters from casting their ballot given the pandemic, the CISA officials noted.
In addition, the officials stressed that the voting and vote counting—which were highly protected—are separate from the reporting systems, and that the reporting systems faced five types of threats: increased demand, website defacement, denial of service attacks, disinformation campaigns and normal disruption from technology failures.
“The attack surface is shifting from the actual voting process itself into the counting, the canvassing, the auditing and through the certification over the next several days and weeks,” a senior CISA official stated. “Demand could put pressure on those systems. Over time, you could potentially see defacements, manipulating accounts on certain websites or even on media. You can see denial of service attacks, or disinformation campaigns out there amplifying or pushing false results or outcomes, trying to spin up a concern or anxiety. And then, lastly, you could see systems that fail to perform as specified or designed. These are the things we've been preparing for and these are the things we've been talking about.”
The officials gave credit to the state and local entities—who are charged by the U.S. Constitution to administer elections—for their multiyear preparations in protecting the vote. In addition, the National Association of Secretaries of State and the National Association of State Election Directors, with election officials, have been working hard for the last several months in the final stretches of preparation. The officials also were grateful for the role played by the U.S. Cyber Command, led by Gen. Paul Nakasone, USA.
Another success were the virtual situational awareness rooms that officials set up with federal, state and local partners. There was “robust communication” across both the federal room and the room with the state local election officials, as well as the in-person operations center with election system providers and voter protection personnel. In addition, social media partners actively monitored sites for disinformation.
That level of engagement and information sharing—of Internet Protocol addresses, suspicious emails, scanning measures—was key to understanding the cyber activity on Election Day.
“And it's why we have the confidence that we do about the security of the process today,” an official confirmed.