The Election Security Dividend

We’re less than three months from the U.S. presidential election, and the Democratic and Republican conventions will take place over the next week. The COVID-19 pandemic forced significant changes in these conventions, and a raging debate continues regarding voting by mail. Let’s leave the vote by mail issue aside for now and focus on election cybersecurity.

Substantial outrage stemmed from efforts to conduct cyberattacks and manipulate social media during the 2016 U.S. election cycle. In June 2016, the Democratic National Committee acknowledged that it had been breached. Sensitive material from that breach was subsequently made available via WikiLeaks. The breach was attributed to hacking groups in Russia, and substantial debate surrounded the results of the presidential election. The U.S. Department of Homeland Security (DHS) informed 21 states that those states had been targeted by Russian-backed hackers, and voter registration systems of the state of Illinois had been successfully breached during the 2016 election. In January 2017, DHS designated the infrastructure used to conduct elections in the U.S. as “critical infrastructure.” DHS’ Cybersecurity and Infrastructure Security Agency (CISA) now provides election security support at the national, state, and local levels.

Attacks against election-related infrastructure and election security concerns were not limited to the U.S. The ETH Center for Security Studies in Zurich reported that in October 2016, the website of Emmanuel Macron’s “En Marche” political party was the subject of a cyberattack. Documents from that attack were released on the internet only hours before voting began in the French presidential election. In January 2017, the Netherlands government decided not to use vote counting software due to fears of potential hacking. In June 2017, France suspended the use of electronic voting systems for citizens abroad. Multiple cyberattacks related to election systems were reported by Ukraine, U.K., Germany, Bulgaria, Estonia, and Austrian governments. Attacks continue. In March 2019, Russian hackers were active against several European agencies before the May 2019 EU elections.

Dozens of cybersecurity vendors have offered their services to political parties in the U.S. to help them prepare their systems and enhance their defenses. Election law in the U.S. has traditionally limited companies from donating their products and services to political parties due to campaign finance limitations. However, in June 2019, the U.S. Federal Election Commission determined that cybersecurity companies could provide low or no-cost services within certain restrictions. This ruling reflected the importance of protecting elections against cyber manipulation. 

Cyber professionals in particular and voters in general will benefit from heightened concerns about election security and new approaches to secure the integrity of voting systems:

  • Security researchers and cyber product companies will analyze every aspect of cyberattacks against election infrastructure in 2020. This will likely lead to new methods and technologies to rapidly identify and block attacks as well as improvements in attack attribution.
  • Democratic convention delegates will vote by email for the first time. Depending on the outcome, this could open the door to expanded electronic voting and enhanced convenience for voters.
  • As the conventions and other political activities move to television and cable broadcast channels due to the pandemic, content delivery professionals will team up with cybersecurity professionals to protect these activities from hijacking and denial of service attacks. This will further improve the integrity of the broadcasting infrastructure.
  • Election security will continue to be front page news long after the 2020 U.S. presidential election and other high-visibility elections around the globe. Citizens will continue to be exposed to cybersecurity themes and practical methods to protect themselves from cyber threats. These citizens will hopefully apply their enhanced knowledge of cyber threats to their workplace—whether that’s a physical office or a remote location.
  • Social media companies are rapidly developing new technologies and methods to identify and block attempts to insert deliberately false information related to the political debate. These include defenses against bots, false advertising, and the emerging threat of “deep fakes,” which manipulate video clips with a high degree of image quality. 
  • Governments will continue to invest in election cyber defenses and provide incentives for cyber defense companies to provide their services at all levels of the election infrastructure. New products and services will ultimately spill over into the enterprise market, particularly related to anomaly detection, indicators of compromise, and cyber intelligence.

The need to protect the integrity of elections and the substantial resources dedicated to this effort sparked innovations in cybersecurity and continued to raise awareness of cyber threats. Consider this the election security dividend.

How can we help?

If you have a question specific to your industry, talk with an Aite Group analyst.  Call us today to learn about the benefits of becoming a client.

Talk to an Analyst

Receive email updates relevant to you.  Subscribe to entire practices or to selected topics within
practices.

Get Email Updates