By Melissa Trace, VP, Global Government Solutions at Forescout
As we approach the upcoming midterm elections, U.S. officials are on high alert for bad actors looking to target election networks and devices. Both state and non-state threat actors view our nation’s democratic processes as threats against their beliefs and see disrupting our upcoming election as a means of advancing their own agenda.
Made up of a diverse set of networks and infrastructure controls, election systems are often older, remote, or unpatched – making them attractive targets for adversaries. Additionally, while many larger communities can invest in election security, smaller localities are often budget-restricted, leaving them vulnerable to attacks.
To combat these potential system vulnerabilities, the Cybersecurity and Infrastructure Security Agency (CISA) officials have seen success in deterring threats with programs such as the Cybersecurity Toolkit and Shields Up, as well as guided exercises for election officials, and private-public partnerships. These programs have all provided comprehensive guidance for officials and private organizations to fill gaps in government policies with best practices from the private sector.
While these practices and programs help election officials handle potential threats, there are still additional steps both officials and constituents can take immediately to help ensure a free and fair U.S. election this fall.
To make the best use of the CISA Cybersecurity toolkit, election officials must ensure they are employing basic cybersecurity hygiene practices:
- Gain a full understanding of the network environment – in order to quickly identify vulnerable devices, officials must have both extensive visibility and understanding of what devices are connected and what operating systems they are running;
- Take inventory of existing security processes – this will help ensure that they are updated and functioning properly; and
- Identify non-compliant devices – once these devices are identified, they should be immediately quarantined and investigated.
These three steps should be continuously repeated, so the network is assessed in real-time to provide the most accurate and comprehensive risk assessment to officials. Once these basic hygiene steps are incorporated into officials’ cybersecurity routines, they can turn their attention to CISA’s Cybersecurity toolkit and upleveling its guidance.
Rather than doing just a weekly scan of the network, officials can take this recommendation to the next level by implementing real-time monitoring of their network and assets. Work from home has impacted elections and how election information is controlled, so being able to immediately identify vulnerable devices and isolate them until they are patched is vital to securing that data. Much like the rest of the population where many industries include work-from-home policies now, election workers operating remotely are also a prime target for hackers, which can lead to misinformation campaigns that may deliver incorrect information about voting locations, candidate policy positions, and more. Configuration Management Databases (CMBD) should also be updated in real-time, and continuous monitoring can help to ensure the library and patches are kept up to date. Given the shortage of election workers, automating these processes can help ensure they are followed without the need for a human to initiate the update.
The responsibility of securing the upcoming election does not just fall on election officials, but also on constituents. The average person most likely doesn’t view their home network as vulnerable, let alone a hunting ground for bad actors to access election networks, yet each household is a gateway to personal and community data. By following preventative practices, constituents can help to ensure they do not become a vector for an attack on the upcoming elections:
- Change your home network and device(s) default password;
- Deploy multi-factor authentication (MFA) whenever offered; and
- Inspect the home network, looking for unknown connected devices or users.
Everyone from election officials to volunteers to constituents must do their part to secure election networks and data ahead of the midterm elections. By deploying basic cybersecurity hygiene practices to all networks, both in the home and in election devices, and utilizing the comprehensive tools already available, everyone can make the 2022 midterm elections the most secure yet.