Election security is a topic that percolates to the forefront every couple of years, especially as US national elections hit the calendar. There have been more than 60 national elections in play around the world in 2024 and we’ve already seen a good deal of shenanigans by bad actors.
While our minds may go initially to the security of the voting process — the devices and process involved in casting a ballot — the more critical issue here is that malicious forces out there want to manipulate the flow of information to shape opinions in the hope of swaying votes.
Those in the cybersecurity trenches are beset with adversaries attempting to exploit any existing gaps in defenses, be they within enterprises, political organizations, social networks, or media organizations.
Everyone — and I mean everyone — is being targeted by nation-states engaged in covert intelligence operations designed to influence or affect the election processes of the targeted country. This is a global threat, not limited to one geographic area or sector.
Why should CISOs give a hoot about election-related security?
When the bad actors’ malign efforts are successful, your enterprise’s risk factor increases, especially when the organization or company has officially taken a position in support of a political party, point of view, or candidate that is not supported by their workforce (your insider).
A recent Wall Street Journal article on the fracture in Silicon Valley over the US election is not hyperbole. The piece highlights how “the political divide is souring business relationships and testing old friendships,” highlighting the multitude of shots each side is firing at the other on social networks with differing views.
The pragmatic reality is that the United States is afire with political divisiveness and primed for the efforts of China, Russia, and Iran, who are actively working to insert distrust in the election process. They do this with a steady flow of well-choreographed misinformation and disinformation and throw in the occasional cyberattack that serves to shower jet fuel upon an already incendiary political landscape.
For those nations holding elections, these actions are targeting the voters and populace, sometimes to sway the vote in a certain direction, in others to sow chaos. Imagine a Venn diagram of the nation’s political spectrum, overlayed with the views of your employees or contractors.
Now add your enterprise and senior leadership positions on politicians or policies. Differences will and do exist, and while theoretically those ideological stances should not matter, in reality, they are ripe for digital exploitation.
Russia is the biggest offender when it comes to election interference
With respect to Russia, the United States Department of Justice recently announced multiple indictments and complaints focused on Russia’s activities in the West.
Within one of the legal documents, the words of RT’s (formerly “Russia Today”) editor-in-chief referring to disinformation infrastructure built in the West prior to Russia’s invasion of Ukraine speaks volumes: “An enormous network, an entire empire of covert projects that is working with the public opinion, bringing truth to Western audiences.”
Truth may be a stretch, to say the least, as Russian active measures are designed to achieve calculated key performance indicators, including creating chaos and fomenting divisiveness.
The United States subsequently declared RT an arm of the Russian intelligence apparatus as the media entity morphed into one with cyber capabilities. The State Department noted that RT’s “operations are targeting countries around the world, including Europe, Africa, and North and South America.”
It is important to realize that it was not the content, nor the disinformation which the State Department highlighted, but rather that these are covert influencing activities. They were exposed by the governments of the United Kingdom, Canada, and the US as the Russians “engaged in subversive activity and electoral interference targeting Moldova.”
Two other Russian entities, “Rossiya Segodnya” and “TV-Novosti”, were designated as actively involved in Moldovan presidential election interference and TV-Novosti was identified as being involved in interference in elections in the United States and other countries.
The Department of State goes on to explain how the RT cyber operational capabilities, which have been present since at least Spring 2023, have focused on “influence and intelligence” operations.
China and Iran have been peddling disinformation
An early-September report by Graphika is a must read, as it details the Chinee machinations in election influence. Specifically, it focuses on a spamouflage operation designed to expand China’s use of “personas that impersonate US voters on social media platforms and spreading divisive narratives about sensitive social issues in the US.”
The report also highlights that China isn’t picking a side in the 2024 US election, choosing to denigrate both political parties and their candidates to call into question the “legitimacy of the US electoral process.”
Iran has not been sitting idly by and has also thrown its intelligence and security services into the mix as they too attempt to influence the 2024 US election. To that end, the FBI notified the Republican Party campaign that they apparently had been hacked by Iranian actors.
This was followed up with the unsolicited provision of content stolen during the hack to media and the Democratic Party campaign. Heavy handed as the Iranian effort was, they successfully targeted an individual with access to email servers and then socially engineered their way into direct access.
CISOs are not powerless in the fight against nation-state disinformation
Gen. Timothy D. Haugh, Commander US Cyber Command and Director of the National Security Agency opined in late August at the Intelligence and National Security Summit that the US set up its election security group in November 2023 with a priority to generate an overview of the threat and contemplate how to enable a defense.
Haugh stressed how important it is for CISOs to be aware of the election security group’s focus on “looking outside our borders and looking from a foreign intelligence perspective to enable organizations inside the United States to be able to disrupt” and to familiarize themselves with its efforts to identify, assess, and provide options on how to counter foreign efforts.
CISOs need to be cognizant of the potential for a difference of political opinion to boil over internally and thus create an increased risk and take appropriate steps through awareness training, promoting enterprise-wide collegial dialog, and highlighting the importance of keeping the internal dialog civil.
In addition, the CISO may wish to brief the business units on the need to “know your customer” — especially those entities in the online space — as Russia, China, and Iran have shown their capability to utilize commercially available infrastructure to host and enable covert influence entities. Such may markedly reduce the likelihood that the commercial offerings are used to enable the clandestine efforts of the bad actors.