NewsPoliticsElections National

Actions

EXPLAINER: Threats to US election security grow more complex

Election 2022 Security Threats Explainer
Posted

BOSTON — Top U.S. election security officials say protecting the nation's voting systems has become increasingly challenging.

That's due mostly to the embrace by millions of Americans of unfounded conspiracy theories and false claims about widespread fraud in the 2020 presidential race.

With the midterm elections just days away , the director of the U.S. Cybersecurity and Infrastructure Security Agency, Jen Easterly, and other officials say they have no evidence that election infrastructure has been altered by hostile actors to prevent voting or vote counting, compromise ballots or affect voter registration accuracy.

But they're not lowering their guard. Disinformation is rampant. Foreign rivals are capable of potent cyber mischief. And the insider threat is considered greater than ever. On top of the physical threats and intimidation of elections officials -- which is authorities' overriding concern -- security experts are particularly worried about tampering by those who work in local election offices or at polling stations.

"The current election threat environment is more complex than it has ever been," Easterly told reporters in mid-October.

Global rivals also are expected to deepen longstanding disinformation efforts. The tense geopolitical moment means Russia, Iran and China may have fewer qualms about trying to disrupt the conduct of elections in key battlegrounds with cyber operations.

The spectrum of potential threats is wide: foreign ransomware gangs friendly with the Kremlin, conspiracy-obsessed local election officials, hostile voters bent on sabotage or political provocateurs trying to suppress the vote with dirty tricks or misinformation.

Here are some of the potential threats agencies are assessing through Election Day:

THREATS FROM WITHIN

Insider threats are a growing concern and could undermine serious strides made to secure voting systems -- including migrating to hand-marked paper ballots and introducing reliable audits -- since they were declared critical national infrastructure in January 2017.

Rogue election officials could provide access to voting systems to unauthorized individuals, as happened in Colorado and Georgia. Poll workers or even voters could try to access voter registration databases or equipment, or plant malware to taint election management systems.

Eddie Perez, a voting technology expert with the nonprofit OSET Institute, calls the repeated efforts to cast doubt on the integrity of voting equipment an element of a more broad "manufactured chaos" -- intentional subversion of the nation's elections to sow doubt.

Perez is among specialists who think attempts to discredit voting technology are one manifestation of efforts by former President Donald Trump and his allies to undermine trust in election results so Republican-controlled state legislatures -- rather than voters -- can decide the outcome of future races.

To counter the threats from insiders, federal authorities have conducted trainings and encouraged election officials to focus on limiting access to critical equipment, adding video surveillance and key cards on doors. They also encourage strict chain-of-custody rules for everything from ballots to voting scanners and tabulators.

Threats to public officials and election disruption attempts haver occurred with increasing frequency and intensity, federal and local law enforcement officials say. They are especially concerned about physical violence by protesters in highly contested districts during the post-election vote-counting process.

THREATS FROM ABROAD

U.S. officials have issued two main election-security advisories in the run-up to the Nov . 8 elections. They say malicious cyberactivity is unlikely to seriously disrupt or prevent voting and that hostile foreign states are apt to try to influence outcomes with "information operations."

Foreign meddlers could launch cyberattacks or exaggerate the effects of relatively ineffectual attacks. They could spread misinformation about voting or voter fraud, try to incite violence or, if violence is already happening, fan the flames.

Hostile foreign bids to undermine U.S. democracy have risen since the Russian operation that hacked and then leaked Democratic emails to aid Trump in the 2016 presidential race. None have had anywhere near the impact, though.

Rivals constantly probe U.S. networks for vulnerabilities. Moscow may seek payback for Washington's arming of Ukraine against its invasion. Iran resents U.S. support for anti-regime demonstrations triggered by the death in police custody of a young woman who defied head-scarf orthodoxy. As for China, relations are tense as Washington tries to throttle high-tech supplies to Beijing over its perceived hostility and growing authoritarianism.

There's also the possibility that foreign actors might have breached election systems long ago and are waiting to pounce.

ATTACKS FROM FOREIGN ADVERSARIES

On Election Day, hostile foreign powers or sympathetic hackers could mount what are known as denial-of-service (DDoS) attacks, which render websites unreachable by flooding them with junk data. Targeting state and local government websites, such attacks could prevent voters from looking up registration information or polling locations, or knock offline sites that report election results after voting ends.

One group on the radar of the U.S. cybersecurity agency is Killnet, pro-Russia hackers who made a ruckus in October by organizing DDoS attacks on U.S. airport and state government websites.

Such attacks are mostly a nuisance and don't destroy data or even breach sites. But they can frustrate voters and election poll workers, and become powerful grist for disinformation offensives. For example, Russian state media and fake news mills could amplify exaggerated claims of disruption, as occurred with the Killnet effort against the airport and government sites.

Another potential threat are Russian-speaking ransomware gangs that operate with little Kremlin interference. They have largely spared U.S. election infrastructure, which by now tends to be a lot better protected than many of the hospitals, schools and businesses they routinely plague.

Hack-and-leak operations also are possible. Sensitive data could be stolen from election or campaign websites, partially falsified and released online.

Cybersecurity firm Trellix reported a spike in phishing emails targeting county election workers in Pennsylvania and Arizona, both battleground states, over the summer seeking to harvest passwords and potentially interfere with the administration of absentee ballots.

"In many cases, the threat actors attempting to breach our election systems are the same ones who are conducting influence operations that seek to sow discord," Easterly, the CISA director, said in mid-October.

That could include the Russian troll farm known as the Internet Research Agency, a key player in the 2016 Russia destabilization campaign that favored Trump and sought to widen social divisions in the U.S. The group sought to manipulate public opinion by gaming social media platforms, including by purchasing online ads.

In a pre-election report, the cybersecurity firm Recorded Future said it was "almost certain" that networks associated with the group "are engaging in covert malign influence on a subset of the U.S. population."

------

Associated Press writer Christina A. Cassidy in Atlanta contributed to this report.

------