The U.S. government intends to launch a program that focuses narrowly on protecting databases and systems for voter registration ahead of the presidential election in 2020.
These systems, commonly used to validate voters ‘ eligibility before casting votes, were damaged by Russian hackers trying to gather data in 2016. Intelligence authorities are worried that, according to current and former U.S. officials, foreign hackers will not only target the databases in 2020, but will try to manipulate, interrupt or ruin information.
“We assess these systems as high risk,” senior U.S. representative said that they are one of the few parts of elective technology that are frequently attached to the Internet.
The Cybersecurity Infrastructure Security Agency, or CISA, a Homeland Security Department division, fears that ransomware, a type of virus that has crippled town computer networks across the United States, including recently in Texas, Baltimore, and Atlanta, could target databases.
“Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” said Christopher Krebs, CISA’s director. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”
Usually a ransomware attack locks an infected computer system until payment is sent to the hacker, generally in the form of cryptocurrency.
According to current and former U.S. officials, the effort to combat ransomware-style cyberattacks directed at the election runs parallel to a broader directive on the intelligence community to determine the most probable vectors of digital assault in November 2020.
“It is imperative that states and municipalities limit the availability of information about electoral systems or administrative processes and secure their websites and databases that could be exploited,” the FBI said in a statement, supporting the Homeland Security initiative.
The program of CISA will reach out to representatives of the state election to prepare for such a situation of ransomware. It will provide instructional content, remote testing of computer penetration, and vulnerability scans as well as a list of suggestions on how to avoid and recover from ransomware.
However, these guidelines will not provide guidance as to whether a state should eventually pay or refuse to pay a hacker ransom if one of its systems is already infected.
“Our thought is we don’t want the states to have to be in that situation,” said a Homeland Security official. “We’re focused on preventing it from happening.”
Cyber criminals and nation-state hacking organizations have been using ransomware over the past two years to extort victims and generate chaos. In one incident in 2017, which has since been ascribed to Russian hackers, a ransomware virus has been used to mask a method of data deletion, making victim computers completely useless.
That attack, dubbed “NotPetya,” went on to harm worldwide corporations, including FedEx and Maersk, which had Ukrainian branches where the malware spread first.
The risk is worrying, specialists say, due to its potential effect on the outcomes of the vote.
“A pre-election undetected attack could tamper with voter lists, creating huge confusion and delays, disenfranchisement, and at large enough scale could compromise the validity of the election,” said John Sebes, chief technology officer of the OSET Institute, an election technology policy think tank.
The databases are also “particularly susceptible to this kind of attack because local jurisdictions and states actively add, remove, and change the data year-round,” said Maurice Turner, a senior technologist with the Center for Democracy and Technology. “If the malicious actor doesn’t provide the key, the data is lost forever unless the victim has a recent backup.”
Nationwide, the local governments that store and update voter registration data are typically ill-equipped to defend themselves against elite hackers.
State election officials told Reuters they have improved their cyber defenses since 2016, including in some cases preparing backups for voter registration databases in case of an attack. But there is no common standard for how often local governments should create backups, said a senior Homeland Security official.
“We have to remember that this threat to our democracy will not go away, and concern about ransomware attacks on voter registration databases is one clear example,” said Vermont Secretary of State Jim Condos. “We’re sure the threat is far from over.”