Because the 2024 US election approaches, cybersecurity leaders intensify their efforts to safeguard the democratic course of, drawing insights from international companions to deal with evolving threats.
Jen Easterly, the director of the US Cybersecurity and Infrastructure Safety Company (CISA) spoke at Black Hat USA about her confidence within the integrity of the nation’s election officers. Nevertheless, worldwide companions acknowledged the threats that democratic elections face.
“Election officers ran safe elections in 2018, 2020 and in 2022. There isn’t any proof that malicious actors modified, altered or deleted votes or had any materials and influence on the end result of elections,” stated Easterly.
“I’ve the privilege to spend so much of time with election officers on the state and native degree of each events throughout the nation. I understand how tirelessly they work to make sure that each considered one of their residents votes are counted as solid,” she stated.
Regardless of the optimistic outlook from Easterly, she warned that the menace setting has by no means been so complicated.
“Cyber threats, bodily threats, and sure, overseas adversaries, are trying to affect our elections,” she famous.
Russia continues to be the predominant menace, in accordance with Easterly.
Studying Classes from Actual Threats
The UK lately ran its personal election, which happened on July 4, 2024. Threats to the democratic course of had been actual as in March 2024 the UK authorities referred to as out China state-affiliated menace actors for conducting malicious campaigns in opposition to UK establishments and political figures in 2021. The hack of the UK’s Electoral Fee was additionally linked to Chinese language cyber actors.
Felicity Oswald, CEO of the UK’s Nationwide Cyber Safety Centre (NCSC), commented: “We had been laser centered on that as a danger, not simply from Chinese language, however from different state actors and malicious actors as nicely. We completely noticed makes an attempt to interact or disrupt our election, however our election has come out and stated it was a really clearly, a easy course of.”
Talking from a European perspective, Hans de Vries, COO of the European Union Company for Cybersecurity (ENISA) defined that preparation was key for the elections for the European Parliament which happened in early June 2024.
Vires famous that there have been some distributed denial of service (DDoS) assaults noticed throughout and forward of the voting course of however these didn’t have a major final result.
Easterly was eager to level out that on the state and county degree, election officers are nicely ready to hold out November’s election
“Crucial factor we do is to amplify the voices of state and native election officers as a result of they’re actually the authoritative material consultants on the subject of elections,” she famous.
Mick Baccio, a world safety advisor at Splunk SURGe labored with Secretary Pete Buttigieg’s main marketing campaign in 2020 as the primary CISO of any US main marketing campaign.
He commented: “Individuals need to do a superb job. Individuals need to be safe, however it takes sources to do this takes time to do this, takes effort to do this.”
By way of threats, Baccio stated that alongside nation-state interference from the likes of Iran, China and Russia, there’s additionally the underlying menace of hacktivism.
Clark County Nevada Prepares for Upcoming Elections
Within the US, counties are answerable for administering the election for his or her jurisdictions and through Black Hat USA Clark County CIO Bob Leek described the preparation that has gone into the upcoming US presidential and native elections.
Leek commented that the threats are not any totally different than on a regular basis threats, like unknown gadgets connecting to a community or lack of visibility, as an example.
“We now have been on an extended journey towards upgrading and including resilience into the election knowledge construction,” Leek stated.
To conduct this work, the county partnered with CISA, Homeland Safety, the FBI and the opposite federal businesses.
“We have made investments in election options, after which we check that resilience, so we have completed vulnerability scanning. We have completed penetration testing. We have constructed an air-gapped community that manages the transition from our polling websites,” Leek defined.
“Relating to the applying of the expertise, we need to guarantee the very best ranges of Integrity at each step of the method, so that each particular person’s vote is recorded and counted precisely. Investments that we have revamped the previous few years are throughout that complete set of infrastructure wants,” he stated.
The county has additionally invited these organizations together with CISA and the FBI to audit their electoral expertise and supply suggestions.
Leek stated they’re continually testing, and the most recent check was the throughout the main election for the presidential nominees that was held in June.
“We acquired a number of classes realized from that, so we apply these classes realized to organize ourselves to the for the presidential cycle that comes up in November,” he commented.
“We’re taking a really danger illiberal strategy round election infrastructure. I’d by no means say that it might probably’t occur. I’d say it is extremely, extremely unlikely,” he stated.
