While State and Local Government (“SLG”) customers may not have the largest cyber security budgets, they all have valuable information and important infrastructure to protect. SLG entities maintain and manage a wide variety of systems containing personally identifiable information (e.g., universities with health information, Social Security numbers, etc.) as well as confidential and sensitive information (e.g., police or justice departments).
One such category of information that has recently gotten more attention is election infrastructure and maintaining the integrity of voting processes for State and Local Government.
While no evidence of manipulation of vote counting or voting registration record alteration has been reported, threats to election systems and processes at the State, City or County level could impact basic voter information such as polling place location. Some larger SLG entities are even taking steps to preemptively combat social media campaigns that could mimic officials or put out inflammatory content to sow fear and mistrust. Other actors use ransomware or tools to disrupt networks during crucial electoral processes, and in fact may be a state-sponsored actor mimicking criminal activity or IT issues to avoid the appearance of direct election disruption. Reports show that in 2016, nearly half of the widely-used electronic voting systems in the U.S. were at least probed by Russian actors, although there was no evidence of actual compromise – and of course recent news coverage reports that the 2016 presidential campaign was marred by allegations of Russian meddling. Increased threats during the 2016 elections appear to have come mostly from state-sponsored actors, although those governments decline any knowledge or involvement.
No Easy Solution to System Integrity
These attacks can potentially erode trust in the integrity of systems that are critical to the democratic electoral process. The U.S. election system is complex and de-centralized, with states and counties using a wide variety of software and machinery to coordinate and conduct elections. This means that each jurisdiction must take it upon themselves to protect their system and citizens – ideally proactively, rather than reactively.
To help combat these threats, a federal government spending bill was unveiled in March 2018 that included $380 million to help safeguard U.S. voting systems from cyber attacks. The bill provides states with grants to help them purchase more secure voting machines, upgrade election computer systems, train election officials, conduct post-election audits, and improve election cyber security training and security-based election activities. Of the $380 million, elections officials plan to spend approximately $135 million on cyber security upgrades alone.
To help meet this growing and urgent need, earlier this year the FireEye State and Local Government teams initiated an “election protection offering” geared toward maintaining the integrity of the state and local voting process, with FireEye Managed Defense as the foundation. Customers can build on this foundation by adding FireEye Email Security, web monitoring to help quickly identify fake social media activity, red team assessments to identify vulnerabilities, and Incident Response Retainers that allow elections officials to be ready to combat issues as they arise. This customized set of offerings has allowed SLG officials to both address issues early on, as well as prepare for the inevitable attempts to chip away at the integrity of the elections process.
General, primary, and midterm elections are all extremely critical and serve as timely opportunities to bring focus to these issues; however, some SLG entities have upwards of nine elections per year plus special elections, so these issues should be top of mind for SLG officials year-round.
This means that any time is a good time for SLG to take steps to increase election security. While there is no easy or standardized approach that will work for all elections systems across the country, there are fundamental principles and functions that will enhance the security posture, integrity, and resiliency of the country’s voting infrastructure.