“Free, open and fair elections are the bedrock of our democracy, so if there is ever any doubt regarding the result, every basic American freedom is threatened. Technology has indeed changed the way in which elections are contested and votes are cast. It has also fundamentally altered the manner in which political campaigns are waged and how elections are administered. These changes in turn, have introduced new challenges which did not exist even a generation ago. Politically engaged entities now rely on social media and electronic mail to get their message out to the masses directly and voting systems have been introduced to leverage technology in making the ballot casting and counting process more efficient, and at least theoretically, more accurate. On the other hand, these transformations have given birth to new threats such as the potential of outside actors manipulating political content delivered to the electorate or the manner in which voting systems receive, store and report results. This is why cybersecurity is now a concern which extends beyond the theft of just personally identifiable information, health or financial records. As cyber-attacks become more sophisticated and widespread than ever, strict measures must be taken to preserve the confidentiality and integrity of election data. Hackers can now shake the foundations of established democracies around the world, including ours.
When technology systems are built, organizations dedicate a lot of time and effort to ensuring that users have access to only the information they need. User accounts are created and they are assigned access privileges based upon their business unit. This ensures for example, that human resource records remain private and confidential and pay checks are not viewable by just anyone. Social media applications have turned identity verification on its head because these platforms do not have the ability to apply rigorous rules to ensure that the identity of the user can be verified. For this reason, bad actors can create fictitious user accounts, post biased stories and misrepresent themselves as anyone, thus confusing voters.
When we go to the polls in November, how can we be sure the integrity of our vote wasn’t compromised? Following the 2016 elections, intelligence organizations concluded that election systems across all states were targeted by foreign players. In fact, Virginia decided to replace all of its voting machines to ensure they also maintain paper trails. This ability to audit records of technology systems has always been a key component in developing robust technology systems which conform to best practices and established security standards. In our current world, being able to effectively audit election systems is necessary to protect the integrity of every ballot cast.
Once any technology system is put in place, it becomes necessary to take steps to safeguard it from threats, both internal and external. The interest of hackers from around the world make it important that system owners employ monitoring tools to detect simple and complex attacks. These tools provide a key reactive capability to technology specialists for they do what no human can do manually, observe and monitor a system around the clock. These tools cannot prevent an attack, but they can help decrease the damage caused by one.
The measures outlined here only scratch the surface of what social media platforms and election systems need to do in order to protect their technology assets and ensure that voters are not deceived by those who wish to do us harm, and that the sanctity of each ballot cast is preserved. Cybersecurity has now entered a new frontier, one in which there are no clear boundaries and where it is increasingly more difficult to develop and implement effective protective measures for platforms and systems. While various standards and associated management, operational and technical controls have been developed for public and private civilian, defense, intelligence, banking and healthcare systems, there are no equivalents yet formalized for social media or election technologies. Solutions will require a collaborative effort among the private and public sectors and failure is not an option for our democracy depends upon it.” – Rodney Fuller
Rodney Fuller is the Founder and President of 1ClickSecurity, LLC, a service-disabled veteran-owned small business that provides strategic technology and business solutions in the areas of cloud security, governance, risk management and compliance. He is also a Certified Information Systems Security Professional (CISSP) & Project Management Professional (PMP).