Cybersecurity became part of the national election conversation in 2016, as Russia targeted government networks with cyberattacks and an influence campaign that sought to spread disinformation and sow discord in the democratic process.
Four years later, the specter of this threat appeared again in the 2020 race, as officials said on Oct. 22 that Russian attackers broke into government systems.
But on the morning after Election Day, there are currently no reported attacks by nation-states against the U.S. This week had one major disclosure: The U.S. undertook cyber operations against Iranians earlier in recent days, The Washington Post reported. And on Oct. 12, Microsoft said it stopped a botnet that could distribute ransomware. At this point, there’s been no indication that a successful attack took place.
Though it’s difficult to say for sure why there was less nefarious activity coming to the surface, it remains true that the idea that cyberattacks could influence elections was less of a surprise this time around.
“We’re more vigilant than we were four years ago,” said Richard Forno, assistant director of UMBC’s Center for Cybersecurity. “I think the military and intelligence community and homeland security took a more heightened role, getting the word out, monitoring things and in the case of the military, actively trying to disrupt possible online attacks.”
Preparations were also in place on the ground.
During the election season, Dr. Natalie Scala, an associate professor in the Towson University Department of Business Analytics and Technology Management, worked with Josh Dehlinger, an associate professor in the TU Department of Computer and Information Sciences, to train poll workers to spot threats to election security.
There are three classes of threat, Scala said: cyber, physical and insider. Cyber could be something like an electronically malfunctioning poll machine. Physical could be a polling device that is tampered with overnight. Insider is a matter of the workers’ actions, such as if a polling official accidentally marked someone’s vote during a practice run.
In the lead-up to the election this week, Scala said they’d never found or had to act against any of these scenarios, but the goal was to be prepared so that workers can be “hypersensitive” to something that is out of sorts, and any threat was addressed immediately, and not days or weeks later.
“The poll worker is that first line of defense,” Scala said this week. “So we felt there was this need there to make sure poll workers were trained and able to help us defend.” She added that the goal is to help give the public confidence in the process.
To be sure, the election remains in process, as counting continued into Wednesday in the key swing states that will determine the winner of the presidential election. And if there are recounts it could raise additional possibilities. But overall, Forno said the challenge going forward for the country is “more political than cyber.”
Yet the infrastructure that helps votes be cast isn’t the only place where attacks can be waged. In cybersecurity circles, social engineering is a frequent threat. While a special line of code can help an attacker break into a system, in reality, what gets them in is often an absent-minded click on a suspicious link. The social hacking skills behind phishing schemes are the same skills used to undermine elections.
“Often the weakest link in the chain is actually a person,” Dr. Anupam Joshi, director of UMBC’s Center for Cybersecurity. “If you look at all these ransomware attacks and so on, the reason they happen is that the attacker managed to get someone to click on a link in an email, even though we’ve all been warned.”