In all of my blog posts so far, I have tried to remain as apolitical as much as possible. Meaning, I definitely have my views and beliefs on this matter, but given current political climate that we are in, I try to bow out of conversations that relate to it.
But the truth of the matter is that every Presidential Election can be a very exciting or stressful time for just about any voter. I think that this was catalyzed by the 2000 elections, in which Al Gore and George W. Bush were in a deadlock about the electoral votes in Florida.
But the Presidential Election this year is for sure going to be one of the most dramatic, and hotly contested that we will ever see, primarily driven by the COVID19 pandemic. As it relates to Cybersecurity, now is the time for officials to take a stance and protect our much-cherished electoral process as much as possible.
So what can be done in this regard? Here are some steps that all political parties involved need to heed:
*All facets of voting need to be protected:
Let’s face it, our voting infrastructure has actually become quite complex. It’s not only electronic where people can cast their votes straight from the luxuries of their wireless devices, but it is also still physical in nature, and now, will be for the most part snail mail based. Thus, every angle conceivable must be protected. For example, this goes all the way safeguarding the Personal Identifiable Information of all of the voters that cast their ballot electronically, but it also means that Multifactor Authentication (MFA) must also be implemented in the physical voting places as well, which makes use of at least three or more layers of authentication (in this regard, Biometrics would be a great tool to be used). Also, since it looks like that many people will be voting by mail, the general population needs to be aware of Social Engineering tactics that can be used by the Cyberattacker in order to con unsuspecting victims. Also, in general, people need to keep their mailboxes locked at all times, in order to prevent mail theft which can result in subsequent Identity Theft attacks.
*Never take anything for granted:
When it comes to Cybersecurity, the world is our oyster. What does this mean? It simply means translates into the fact that it is such a huge thing, with literally millions of moving parts attached to it, depending of course on the type of application it is supposed to protect. In the end, as I have written before, we are not at all immune from becoming a victim of a Cyberattack. We are all at risk, but the key lies into how well we can mitigate those risks. Meaning, there are no shortcuts taken, and no corners missed. This is especially true for the upcoming Presidential Elections. Look, this is obviously going to require a lot of work. But remember, nobody has to go at it alone. The political parties across all levels of government can vey easily outsource most, if not all of the Cybersecurity processes to Managed Security Service Providers (MSSPs). This will at least ensure that the proper attention and resources are spent in making sure that every vote counts in the end.
*Adopt the Zero Trust Framework:
The Presidential Election cycle of 2016 truly brought out one nemesis which we thought could never happen: The nation state, threat actor (or at least that is what they are called). We saw claims of Russian interference, and now, these headlines are starting to appear even before the voting process has even started. Given just how interconnected everything is these days, especially driven by the Internet of Things (IoT), it is so hard to tell what is for real and what is not. We see it everyday from Phishing Emails, to Robocalls, Text based Phishing (also known as “Smishing”), to domain name heisting, to even putting up spoofed websites that look so authentic that it can even be difficult for a trained Cybersecurity specialist to catch the nuances at first glance. At the present time, the only workaround to this is to implement what is known as the “Zero Trust Framework”. This is an actual methodology that has been crafted from other Federal Government based Cyber documents. In this framework, you do not trust anybody, not even your closest family member or friend. Yes, this is a huge extreme, but you know what? It can, and it really does work. In this particular instance, at least three or more layers of defense are used (as sort of elaborated on earlier in this blog). It is important to note that it is not the same type of authentication that is being used, but rather, different types of them. So for example, it could be a long and complex password, followed by a unique number identifier, which is then followed u with presenting something much more robust, such as a Biometric (normally, it is Fingerprint Recognition and/or Iris Recognition that is used the most). One of the other premises behind the Zero Trust Framework is that if a Cyberattacker breaks through one line of defense, then the statistical odds of breaking through the subsequent ones becomes a lot lower. Implementing this kind of approach is an absolute must in this upcoming election, especially with foreign meddling being a real threat now.
My Thoughts On This
As of the writing of this blog, there are just under two months away until the ballots are cast. I really do not know how much more can be done in terms of implementing every Cybersecurity safeguard that is possible at this point time, but still there is a little bit of time left to do the best we can.
In a worst-case scenario, as harsh as it may sound, we just apply the lessons that have been learned, and apply them four years later. At least then, the United States will have ample time to prepare for the 2024 round of candidates.
I highly doubt that the voting booths will be visited very much, as a majority of the American population will be voting either electronically or by the mail. But this yet brings up another key point: Governments at all levels need to also drastically either upgrade or totally revamp their IT infrastructures.
They are still very old, mainframe systems that are still being used, and if not, probably some non-supported version of Windows (such as Windows 7).
This is in of itself will require even more time to do, but it needs to be done here and now, especially as the world is now going almost totally digital. By doing this, it will be a lot easier for IT Security teams to keep the newer systems updated with the latest security patches and upgrades, and to mitigate the risks of being constantly bombarded by the latest threat variants.
Also, it will be a lot easier to keep track, record, and count every vote in a safe and secure manner. Also, the integrity of the entire United States voting infrastructure will fare a lot better.
In summary, the illustration below depicts some of the other Cybersecurity issues that the 2020 Presidential Elections brings along with it. I will address them in future blogs: