Read more about cyber-threats to the 2024 US elections:
- Can We Protect the Ballot Box? Global Guide to Election Cyber Threats in 2024
- Only 4% of US States Fully Prepared for Cyber-Attacks Targeting Elections
- Election Protection is CISA's Top Priority
As global technology companies worldwide issued their 2024 security forecasts and cyberthreat predictions, almost every company, including Google, Trellix and Trend Micro, highlighted the growing threat to upcoming elections in various ways.
CNBC recently reported that over 50% of the global population is expected to participate in voting this year, emphasizing that election security is not only a concern for the United States but poses a worldwide risk to democracy.
Biggest Cyber Threats to 2024 Elections
What are the biggest threats that elections face in 2024? The top two threats include misinformation and disinformation regarding candidates’ statements and positions, voting processes, or election timelines and procedures.
- Misinformation is false or inaccurate information, that includes getting the facts wrong.
- Disinformation is false information which is deliberately intended to mislead, or intentionally misstate the facts.
Governments must address how they communicate with constituents regarding all aspects of elections.
An escalating threat in democratic elections involves the use of artificial intelligence (AI) to disseminate misinformation, such as the creation and deployment of deepfakes, which can greatly impact voter influence.
The emergence and increasing use of new generative AI tools is expected to also increase other cyber threats, such as targeted phishing attacks against people and organizations who are responsible for administering the election processes, updating voter lists and ensuring that critical computing resources are available throughout election lifecycles.
Another threat involves targeted social media campaigns that can influence voters and cause confusion and harm trust.
While the use of social media isn’t a new threat to voters, activities during recent election cycles were the “next escalation of it,” according to FBI Director Christopher Wray at the recent CNBC CEO Council Virtual Roundtable on AI.
He noted that while “it wasn’t a new weapon, it’s just a new way of making that weapon more effective.”
Previously, elections have been primarily influenced by enemies in foreign countries who leave comments on social media websites or even post articles, videos and more that undermine trust.
Attacks Against Voting Equipment, Networks and Government Systems
Over the past decade, government organizations have faced a myriad of threats against election technology infrastructure.
Most of the cyber-attacks are not unique and are similar to attacks faced by all critical infrastructure systems and networks in these government organizations.
This means that all systems used by election officials must be protected. This includes:
- Protecting against ransomware, along with other forms of malware against end user devices and servers
- Properly patching these systems against known vulnerabilities
- Scanning for vulnerabilities
- Ensuring logons and identity management are sound and secure by using multi-factor authentication for on-premise and cloud systems
- Protecting email
- Providing updated training
- Ensuring that all other cyber hygiene best practices are deployed
Note: while performing these cybersecurity tasks may already be completed in non-election years, these actions should become ongoing processes that are constantly performed and checked through scanning and ongoing assessments throughout 2024 and beyond.
Election teams can also reduce risks by isolating email and other systems from the rest of the network, so successful attackers can't get to the rest of the network, even if the administrative network is somehow breached.
Voting machines and/or other devices used during the counting of ballots, issuing paper backups and other election functions often have unique hardware and software requirements which require scanning and checking for cyber vulnerabilities. Working with the manufacturers on all aspects of locking down these devices is imperative. In addition, supply chains must be examined for vulnerabilities to ensure that the end-to-end processes are protected.
The Elections Information Sharing & Analysis Center (EI-ISAC) has checklists and best practices for governments to follow, and governments can join the EI-ISAC here.
In addition, there is an abundance of resources available to help governments protect their systems. Here are a few:
- The Cybersecurity & Infrastructure Security Agency CISA Cybersecurity Toolkit and Resources to Protect Elections
- The University of South California (USC) Election Cybersecurity Initiative
- The U.S. Election Assistance Commission has also created the Voluntary Voting System Guidelines to help direct actions.
- The Council of State Governments’ Election Cybersecurity Initiative Guide
- Belfer Center for Science and International Affairs, Harvard Kennedy School, offers the State and Local Election Cybersecurity Playbook
- NIST offers this website to Help Protect Our Elections, NIST Offers Specific Cybersecurity Guidelines
Conclusion
Strengthening trust in elections globally will be hard work in 2024. This is a team sport and governments must work with partners to be successful in all aspects of protecting elections.
Nevertheless, each individual government must take the responsibility to protect their elections systems, which include people, processes and technology.