Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Pandemic Raises Cyberattack Fears; Election Security Trouble?

This week’s security newsletter covers the growing concerns about hacker opportunities while states and localities struggle to manage operations during the COVID-19 outbreak. Meanwhile, what to do about election security?

Vote_shutterstock_1526648066
Shutterstock
Welcome to this week’s Future of Security newsletter. Let’s get started:

As the pandemic surges, state and local governments expect an increase in cyberattacks, with hackers looking to exploit both public anxiety and disoriented bureaucracies to gain access into systems and networks, according to Government Technology’s security reporter Lucas Ropek.

He points out that, “In recent weeks, reports have shown that many ransomware hackers are taking advantage of public fears surrounding COVID-19, largely by using phishing emails disguised as informational PSAs or updates from health organizations like the Centers for Disease Control and Prevention (CDC) or World Health Organization (WHO). Other strategies are even more devious: fake coronavirus tracking apps or informational websites that are really just malware-ridden traps set for unsuspecting users.”

Compounding the problem: Many businesses and governments have hastily introduced work-from-home programs, and have key personnel under quarantine, creating the likelihood of weakened security controls, Brett Callow, a threat analyst with Emsisoft, told Government Technology

And expect an increase in the number of attacks on health-care providers and personnel. Last year, 764 health-care providers were hit with ransomware attacks. 

“The problem is exacerbated by the fact that the ransomware spikes may well coincide with the COVID-19 peak, creating a perfect storm,” Callow said, referencing the predictions that the virus may peak during the mid-summer months, likely in July. 

Will the pandemic make mobile voting more viable? While many expect states to increase the option of voting by mail, a couple have decided to increase their use of mobile online voting. The Washington Post reports that “two states will soon announce that they’ll offer voters who have disabilities the option to cast ballots using mobile phones in upcoming primary elections so they don’t have to risk going into polling places. The option will extend to voters in the military or state residents who are based overseas. The source for this information was Sheila Nix, president of Tusk Philanthropies. She would not reveal the states or the vendor behind the project, according to Post reporter Joseph Marks.

“Those states will join West Virginia, which became the first to try statewide mobile voting for military and overseas voters in 2018 and has already announced it will expand to voters with disabilities during its upcoming primary June 9,” wrote Marks. “Nix said she’s also talking with about half a dozen other states about potentially using mobile voting for some residents, which would be a significant expansion for a system that has otherwise been tried for just a handful of counties since 2018 and typically just for military and overseas voters.”

The argument in favor of mobile voting is that it will reduce the potential exposure of voters to the virus. But cybersecurity experts continue to warn that online voting systems continue to lack the kind of protection needed to ensure that digital vote tampering cannot happen.

How can we protect the election system during the pandemic? Already mentioned is the increase in the number of people who expect to vote by mail. Steven Mulroy, law professor in Constitutional Law, Criminal Law and Election Law at the University of Memphis, has some additional suggestions

  • Vote before the big day. As of now, 39 states let voters show up at municipal offices or other community centers to cast their ballots in the week or two before election day.
  • Don’t vote on a touchscreen. “Computerized touchscreens are exactly the kind of hands-on surface that health experts have warned can spread the coronavirus easily. Voting on one of them is like shaking 300 — or more — strangers’ hands in a single day,” Mulroy explained.
  • Vote by mail. “All states let people vote by absentee ballot if they won’t be in their voting district on Election Day, for instance if they are traveling. About two-thirds of the states let anyone who wants to do the same, whether they’ll be home on Election Day or not. They simply call up their local election office and ask for a paper ballot to be mailed to them. When they get it, they fill it out and mail it back or drop it off at a municipal office before Election Day. The remaining states require voters to certify that they’re sick, elderly, out of town, or otherwise unable to vote on Election Day before being allowed to vote absentee. Those states could loosen their rules, opening absentee voting to anyone who wants to do it.”
Microsoft extends a helping cyberhand. The tech giant has to offer cybersecurity help to political campaigns at reduced prices under its Defending Democracy Program. The services will be available to campaigns for federal, state and local elections and will include checking their systems for cybersecurity best practices and responding to hacks after they happen. 

The new service, called Election Security Advisors, “will give political campaigns and election officials hands-on help securing their systems and recovering from cyberattacks.” In addition, Microsoft will extend its threat notification service to cover the offices of U.S. election officials and the U.S. Congress as they work remotely, along with Microsoft 365 for Campaigns to state-level campaigns and parties. The company is also publishing its public policy recommendations for securing elections, “including ways to secure them while confronting the COVID-19 public health crisis.”

Tod is the editor of Governing . Previously, he was the senior editor at Government Technology and the editor of Public CIO, e.Republic’s award-winning publication for IT executives in the public sector, and is the author of several books on information management.