The pivotal role of cybersecurity during the recent United States presidential election has underscored the critical need to focus on a secure electoral process.
Numerous contentious issues such as Hillary Clinton’s private email server, the Democratic National Committee (DNC) server compromise, and the targeted exploitation of voter databases remained at the forefront of the election in a truly unprecedented manner never before seen in an American presidential election. While it is currently unclear as to what extent — if any — a lack of cybersecurity has influenced the election’s outcome, these issues have led many to question the efficacy of the United States government’s information security and cyber intelligence practices. In order to better insulate the electoral process from external influences and sufficiently safeguard sensitive data, both the government and third-party vendors offering services to the government need to take a more comprehensive, proactive approach to cybersecurity.
The majority of the recent election’s contentious cybersecurity issues are rooted in certain governmental organizations’ information security practices. For instance, while certain specifics surrounding the DNC’s email server compromise remain unclear, the server’s likely unauthorized access combined with the fact that historical emails were stored unencrypted (in plain text) rendered the attack and subsequent politically-charged leaks both possible and damaging. This particular incident has helped emphasize the importance of information security for public and private sector organizations alike. Stringent standards for data encryption, proper password hygiene, two-factor authentication, strict user-access controls, routine server maintenance, and personnel training are all crucial for reducing not only an organization’s risk of compromise, but also for mitigating damages in the aftermath of an attack. These practices are especially critical for governmental organizations involved in the electoral process, as there may always be the potential for such compromises to influence election results.
Organizations with the most effective cybersecurity programs tend to supplement a robust information security strategy with comprehensive risk awareness gleaned from proactive monitoring and analysis of the deep and dark web. While relevant intelligence derived from these closed-access areas of the internet can provide invaluable insights under many circumstances, such intelligence is particularly useful for identifying relevant threats before they become tangible realities.
Properly monitoring underground cyber communities such as password-protected forums and illicit marketplaces can help organizations reveal internal security vulnerabilities, identify malicious insiders, uncover stolen data, reveal threat actor schemes, identify third-party vendor risks, bolster physical security, and generally yield insights that enable organizations to make more informed decisions and mitigate risk. During election cycles, such visibility into the Deep & Dark Web is an absolute necessity for governmental organizations because it can help reveal, for example, political rumors spread by malicious actors or plots to unjustly influence election outcomes. Recently, due to steady increases in both the price and demand for access to personally identifiable information (PII) on underground marketplaces, threat actors continue to develop increasingly sophisticated schemes for stealing and exploiting such information. Indeed, voter registration databases are laden with PII and have long been considered appealing and vulnerable targets for cybercriminals.
Although various organizations within the United States government will likely always be targets for cybercriminal activity, the prominence of large-scale cyber compromises and politically-charged exploits during the recent presidential election has highlighted the criticality of both stringent information security and comprehensive, proactive monitoring of the Deep & Dark Web. Unfortunately, the substantial investment of time, resources, and expertise required to establish and maintain such robust cybersecurity and intelligence strategies remain substantial barriers for many organizations seeking to bolster their security internally. In response, governmental organizations should strongly consider working with reputable third-party security and intelligence vendors to better support such strategies and effectively mitigate threats to the electoral process in both high and low-profile elections.