< blog

Cisco: Vote of Confidence: Securing the 2020 Election

Trust in election results begins with faith in our election systems  

Snail mail in the spotlight 

Absentee ballots, also called voting by mail, is a hot topicThe pandemic is forcing everyone to re-think what they’ll do this year. Many states expanded mail-in voting and, according to the Washington Post, up to 77% of Americans can now vote by mail. The numbers are staggering. 

Voting by mail is nothing newIt’s proven, legitimate method that our military and overseas voters used for yearsOregon and Hawaii standardized on mail-in voting throughout their states years ago. 

But mail-in voting will certainly look different this year. The expected volume raised questions about how states will handle it. Unfounded allegations of voter fraud is politicizing it. And if that wasn’t enough, now there’s an emerging story about whether or not the Postal Service can deliver the mail in time. People are afraid their votes won’t count. It’s an unprecedented moment in American history.

As this unfolds within our nation, our adversaries watch constantly from the outside. The focus on mail-in voting could distract us from the other major threat: foreign interference and cyberattacks that affect election results. Election system security must be in the spotlight too. 

Attacks on democracy are everywhere 

Election systems are highly interconnected sets of networks, applications, databases, processes, people, and endpoints. There are no nationwide standards, so they’re different in every state. Small teams with strained budgets run and secure them. But they’re vital to our democracy. Election systems are valuable targetsripe for cyberattack.  

A Senate report on the 2016 election found that foreign adversary compromised the Illinois Voter Registration Database (VRDB) and successfully exfiltrated data. Fortunately, no votes were changed, but the possibility remains: The report warns that they may have gathered enough knowledge to strike later 

Talos is watching too. “Everyone should understand that interference in, and attacks on, the election system are part of a larger, coordinated attack on the very concept of free democracies,” they warn in their blog Let’s Destroy Democracy 

And it doesn’t stop there. Conspiracy theoriesfalse accusations, and divisive rhetoric — amplified by social media — sow distrust among voters. And who would’ve thought that our own Postal Service would be cause for concern? It can affect peoples’ beliefs and their votesFaith in our election systems is already so fragile that we simply can’t allow cyberattacks to succeed.  

Let’s keep election systems secure 

Fortunately, progress is already being made. Talos documented four years of improvement since the last election. For instance:  

  • Election systems are now considered critical infrastructurejust like energy and healthcare, and CISA makes important resources and services available to election officials  
  • Cooperation among federal and state officials has improved considerably 
  • Help America Vote Act (HAVA) funds have been allocated in both 2018 and 2020, after many years of inaction 

But there’s more to do. That’s why, in late 2019, MITRE published its Recommended Security Controls for Voter Registration. It outlines five important steps to secure the heart of election systems: the VRDB. Here’s the summary of their recommendations: 

  1. Secure external communications with authentication, encryption and monitoring of all network traffic  
  2. Strengthen external and internal network defenses using network segmentation, intrusion detection and content filtering 
  3. Enhance access management with multifactor authentication and role-based access control 
  4. Improve system management and monitoring with asset visibility, logging, and endpoint security 
  5. Facilitate recovery and ensure continuity of operations with recovery plans, system backups, and failover methodology 

The challenge is that these five steps aren’t just five steps. The details reveal a list of over 20 things, so their advice can begin to feel daunting.  

Cisco can help

We made it fast and easy to understand and act on MITRE’s recommendations. First, we prioritized them so you know exactly where to startThen we aligned them with our security solutions — ones that are incredibly effective, simple, and easy to deploy — so that you make progress today. 

Want to see how? Check these out:  

  • The short overview that aligns our capabilities with MITRE’s recommendations 
  • This whitepaper that supports the overview with more detail  
  • The webinar where I’ll guide you through everything 
  • Our Security Stories podcast where we cover this and much more 

Together, we can strengthen faith and trust in our election systems. Let’s keep them safe from cyberattacks and foreign interference. The US Mail? Maybe that’s a topic for another time. 

Learn more at https://cisco.com/go/cybergov