The Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Agency (CISA) issued a joint statement that any cyber activity attempting to disrupt or compromise United States election infrastructure is unlikely to cause a massive disruption or impact voting.
The statement continues:
The public should be aware that election officials use a variety of technological, physical, and procedural controls to mitigate the likelihood of malicious cyber activity (e.g., phishing, ransomware, denial of service, or domain spoofing) affecting the confidentiality, integrity, or availability of election infrastructure systems or data that would alter votes or otherwise disrupt or prevent voting. These include failsafe measures, such as provisional ballots and backup pollbooks, and safeguards that protect against voting malfunctions (e.g., logic and accuracy testing, chain of custody procedures, paper ballots, and post-election audits). Given the extensive safeguards in place and distributed nature of election infrastructure, the FBI and CISA continue to assess that attempts to manipulate votes at scale would be difficult to conduct undetected.
The statement attempts to reassure the public that despite media or public perception, voting confidentiality and integrity remains. Indeed, the FBI warns that disinformation campaigns from “cyber actors” may try to spread or amplify “exaggerated claims of cybersecurity compromises to election infrastructure.”
Guidance to harden voting infrastructure is the responsibility of both the FBI and CISA. CISA helps critical infrastructure owners and operators within the election community withstand any potential physical or cyber threat.
The FBI is responsible for investigating any election crimes or malicious foreign influence operations—physical or cyber.
Despite the reassurances, attacks against voting infrastructure is not unprecedented—or even difficult. CISA issued an advisory in June, 2022 about vulnerabilities impacting Dominion voting systems used across the US for in-person voting.
While these disclosed vulnerabilities would require physical access, it nonetheless proves feasibility in election interference, if only on a local level. US election systems remain purposely decentralized, thus limiting their impact.
To fully exploit the disclosed vulnerabilities, access to the Election Management System (EMS) or modifying the files prior to being loaded onto ImageCastX devices would be required, per BleepingComputer.
It’s difficult to assess the overall integrity of US elections with disinformation campaigns running rampant regardless, and any potential for human error. There is no doubt countries such as Russia, China, or North Korea will continue to sow discord in the US election cycle for 2022 and 2024 to their own benefit.
Yet, we do a great job of misinformation ourselves. Past elections have proven social media platforms such as Facebook can ignite and persuade voter opinion.
Discover more from Cybersecurity Careers Blog
Subscribe to get the latest posts sent to your email.