Cyber-attacks on voting infrastructure. Is there a backup plan?
0
Dan Gavin
Cyber-attacks on voting infrastructure. Is there a backup plan?

Imagine that during this upcoming election in November if no results were available until days after the election. On July 31st the Cybersecurity and Infrastructure Security Agency (CISA), in conjunction with the Federal Bureau of Investigation (FBI) released a public service announcement stating that there is potential for a Distributed Denial of Service (DDOS) attack on election infrastructure and adjacent infrastructure that supports operations. 

To better understand the situation, here is some background information. CISA was established in November 2018 to enhance the security, resilience, and reliability of the nation’s critical infrastructure. CISA is at the heart of mobilizing a collective defense to understand and manage risk to our critical infrastructure and associated National Critical Functions. Basically, CISA is charged with protecting US cyberspace as well as the nation’s critical infrastructure such as power, water, and even our elections.

A DDoS attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic. Hackers do this by using many compromised computer systems as a source of attack traffic. It is like a mob of people rushing to a store to block legitimate customers from shopping. Imagine tens of thousands of computers that have been loaded with malware without the users’ knowledge. Now imagine all those computers running a program at the same time against specific sites making continuous requests against the election infrastructure.

Now back to the announcement from CISA: 

“With Election Day less than 100 days away, it is important to help put into context some of the incidents the American public may see during the election cycle that, while potentially causing some minor disruptions, will not fundamentally impact the security or integrity of the democratic process,” said CISA Senior Advisor Cait Conley. “DDoS attacks are one example of a tactic that we have seen used against election infrastructure in the past and will likely see again in the future, but they will NOT affect the security or integrity of the actual election.”

CISA’s intent is to assure the public that the elections will not be affected even though there may be disruptions that may prevent the public from receiving timely information. However, if they know that adversaries may target the elections, how do they know that the elections will be safe and secure? How do they know that a DDoS against the voting tabulation network won’t block results from being collated. How do they keep a breach from occurring in the voting infrastructure? What happens if there is a major regional power outage due to cyber-attack? As we know from the CrowdStrike outage where Maricopa County’s Dominion voting machines got the blue screen of death update (see article from 2 weeks ago for more details), voting machines are on the network. Why would it just be periphery report structure and not the actual voting? As a cybersecurity professional the joint FBI and CISA statement provides more questions than answers. 

Perhaps to properly secure the election system, we need to employ the same cybersecurity strategies that businesses use in case of emergencies. There should be contingency plans ready in case of a cybersecurity event. Precincts, counties and states should be ready to manually count the votes for all the races in case of a regional or national cyber-attack. The people required to perform the required functions – counters, watchers, recorders should be prepared and ready. Knowing the risks, should manual counting of paper ballots at the precinct level be the primary method with machine backup?

It seems CISA and the FBI are placating the public and telling us not to worry. Maybe they should spend more resources into hardening the infrastructure and working with the local resources on contingency planning in case of emergency. 

This article was originally published in the Sierra Vista Herald found here.

Cyberwarfare: How foreign wars can affect us at home
0
Dan Gavin
Cyberwarfare: How foreign wars can affect us at home

On April 13, 2024, for the first time from their own country, Iran launched a huge missile and drone attack against Israel. This is all over the news, but did you know there was a cyber-attack prior to the strike against the Israeli radar systems? The pro-Iranian cyber gang known as Handala claimed to have breached radar systems and sent 500,000 text messages to Israeli citizens. The attack was meant to soften up the Israeli defense system and intimidate citizens, although it appears not to have had the desired effect.

More and more, cyberwarfare is part of the multi-pronged attack in kinetic warfare. So far, it has not been something that wins wars directly, but it contributes to the effects of other strategies. Cyberwarfare encompasses a range of activities, from espionage and sabotage to propaganda and disinformation campaigns. It is characterized by its low visibility and high impact, making it an attractive tool for state and non-state actors seeking to achieve strategic objectives without resorting to conventional military force. Additionally, the cyber domain offers a level of deniability and the ability to strike at the heart of critical infrastructure and societal functions.

There are three types of cyberwarfare commonly used today: wipers, distributed denial of service (DDoS), and defacement. The objective of wipers is to delete information from a network. This denies users access to their own data. Wiper attacks may include ransomware. A DDoS attack aims to take down a website or online resource by overwhelming it with malicious traffic. This is usually done with botnets (remotely controlled malware infected computers). Both types of attacks deny the end user access to their information or network. The third type of attack goes about their objective slightly different. Defacement deletes or modifies information on a website. The objective is to mislead the public into thinking the malign planted news is reliable with the hopes of that news going viral. This can be part of a wider psychological operation in the campaign.

There are estimates that the Iranian Ministry of Intelligence (MOIS) carried out more than 2,000 attacks each in the first week of April. Together, they operate more than 10 different attack groups. A cybertracker from CyberKnow reveals that 65 groups were involved in the campaign against Israel from the 1st to the 8th of April 2024, carrying out DDoS, defacement, and other types of attacks.

The targets of these attacks are not always digital. During the April 13th missile attack, Iranian-backed hacktivist group, the “CyberAv3ngers,” caused power outages in several Israeli cities. The CyberAv3ngers became famous in the U.S. in November and December 2023 for targeting U.S water facilities. Water utilities in Pennsylvania, Texas, and Florida were compromised. Although the consequences of the compromises were not dire, the group was sending a message that it could compromise high value targets and do damage if it wanted. The group targeted U.S. utilities for the U.S. support of Israel.

Although Iran’s cyber-attacks are noted above, it is not specific to that country. Cyberwarfare is being employed by all major powers across the globe. Israel, the U.S.A, China, Russia, North Korea, the UK, and European Union countries use these activities as part of their wider strategy to affect their influence.

Even though a kinetic war is being waged over 6000 miles away, cyber-attacks can affect us at home. Public utilities should especially be cyber prepared for anything in this environment.

You can find the original article here from the Sierra Vista Herald.

Copyright © 2024 CyberEye Call us at: ‪(520)224-8981