As the 2020 election approaches, many are questioning how critical election data is being protected against attacks from malicious actors who want to lock, destroy and manipulate this data.
This threat has been a major talking point during the cybersecurity conference, Black Hat, where security experts detailed several election data vulnerabilities while executives from voting technology companies and officials from Department of Homeland Security discussed the initiatives they are pursuing to protect election data.
To find out more about election data protection, VMblog spoke with industry expert, Manoj Nair, General Manager at the SaaS-driven data protection venture Metallic. Read to better understand the cybersecurity threats facing election officials and learn about a two pronged strategy that will not only fend off attacks with minimal investment but also quickly recover election data in the event that a sophisticated cyberattack succeeds.
VMblog: Election security was a hot topic at last week's
cybersecurity conference, Black Hat. What types of cyberattacks do you think election
officials should make sure they are prepared to combat this year?
Manoj Nair: As
has been the case in past years, ransomware attacks should be at or near the
top of every election officials list of cybersecurity threats this year, along
with malware, denial of service, and other attacks designed to sow distrust by manipulating
or deleting election data. While many officials might have encountered these
types of attacks in the past, this year they are likely to be more
sophisticated than ever and they need to make sure that they are ready with up
to date perimeter security, detection and response tools and secure, cloud-based
data backup and recovery solutions in place.
In addition, as Matt Blaze, the chair
of computer science and law at Georgetown University, pointed out in his
keynote, officials need to not only worry about a large number and wide variety
of attacks, but also the large number and wide variety of attack surfaces that
they need to protect, ranging from election management software to voting
machine software.
The
Department of Homeland Security is working to help state and local election officials address these threats and protect these attack surfaces. Together
they are working to implement an extensive cybersecurity testing
program and to deploy digital sensors that can alert the DHS about hacking
attempts at thousands of county election offices. Yet, even with support from
DHS, election officials have a big challenge on their hands this year as they
seek to prevent an attack from locking, destroying, or altering election data.
VMblog: Do you expect the attacks on election data this
year to differ significantly from recent attacks on corporate or other types of
sensitive data?
Nair: Ultimately, no. Cyberattacks
are designed to steal, encrypt, change, or destroy data, regardless of what
that data is or who it belongs to. Malicious actors generally target government
agencies that are tasked with gathering, managing, and protection election data
with the same types of attacks they use to target banks, hospitals, tech
companies and other organizations with valuable data.
For example, in the past week
alone, we've seen major attacks on Garmin, Canon and a hospital in Ohio. These attacks prove that no company, government agency, or other type
of organization is immune to cyberattacks, as well as the fact that hackers
don't need to develop entirely new types of attacks when traditional attacks,
like ransomware, continue to be effective.
The fact that government election
agencies should expect attacks similar to these recent attacks is one reason
why I would recommend that election officials deploy the same "defense in
depth" strategy used by an increasing number of enterprises around the world.
Such a strategy combines perimeter security, strong authentication, end-point,
network and incident detection and response tools and cloud-based data backup
and recovery to protect critical data.
VMblog: What should be top of mind for officials as they
work over the coming months to prevent malicious actors from encrypting, deleting, or altering election data?
Nair: To protect themselves from
cyberattacks, election officials should implement a two pronged strategy in
order to provide themselves with defense in depth.
First, they need to deploy strong
perimeter security solutions that use strong
authentication, attack detection and other
technologies to stop most, if not all, attacks.
Second, they need to plan for the
worst case scenario - an attack that penetrates their perimeter defenses and
reaches their primary source of election data - with a robust data backup and
recovery solution.
If election officials implement
such a two-pronged defense in depth strategy for their data, they will be in a
strong position to avoid, or at least minimize, any disruption to the elections
they are administering.
VMblog: What aspect of a strong,
comprehensive data protection strategy do you think election officials are most
likely to neglect or forget as they try to stop malicious actors from
disrupting the election?
Nair: Most
election officials are aware of the need for a strong perimeter cybersecurity
plan, with good reason - stopping all attacks from reaching election data is
the result they should be aiming for. But, as the saying goes, "The heroes have
to win every time. The villain only has to win once." Elections officials need
to ensure if a malicious actor does win even once, and penetrates their
perimeter security, everything is not lost because their primary data has been backed
up to another location where it is safe from attack.
Specifically,
election officials should maintain a pristine, air-gapped secondary backup copy
of their election data that is continuously updated and stored in a secure
environment. This separation of data between a
primary location and a secondary location (otherwise known as an "air gap")
enables election officials to recover any primary data that has been encrypted,
deleted, or altered by a cyberattack. In addition, by comparing the secondary
data with their primary data, election officials can verify that an attack has
taken place if they suspect that some of their primary data has been altered
but need to confirm.
With
a secure, recent backup copy in hand, any disruption from a cyberattack that
successfully gets through perimeter security is likely to be limited.
VMblog: What role can the cloud play in
helping election officials protect their data?
Nair: The cloud is an ideal location for
storing secondary backup data. In addition to creating an air gap between
primary and secondary data, the cloud enables officials to access this data
from their office, a polling place and from virtually anywhere else. In
addition, by backing up their data to the cloud election officials can leverage
major cloud providers' own robust, continuously updated security systems to
further protect their secondary data. Election officials can also quickly deploy
cloud-based backup and recovery solutions, as they do not require any heavy
investment in specialized networking or additional equipment.
VMblog: How can election officials use AI to
help them protect their data from a cyberattack?
Nair: AI can be used to detect anomalies or
tampering within an election system. With this information officials can
identify and stop an attack before it does any damage. Today AI and ML technologies
are built into good detection and response tools (in the endpoint, network and monitoring
incidents), and are also integrated into enterprise grade cloud-based data
protection products. In this way, AI provides election officials with another
"set of eyes" to watch out for any unusual behavior that might indicate a
cyberattack has taken place.
##