Tips to Safeguard Your Elections
With midterm elections on the short term horizon in the US and a fair amount of attention on no just the elections but also hacks, voting machine hacking demos (including Two Minutes to Pownage) and threats of anything from individual rabble-rousers to nation state sponsored APTs hacking the elections, it is natural for many, particularly those involved in putting on those elections, to ask questions about what steps can be done to help ensure hack-free elections.
In this case, like many cybersecurity related cases, there is no single silver bullet that renders you invulnerable to tampering, rather there are a number of steps you can take that will help fortify a reasonable defense in depth approach that will reduce the likelihood and increase the difficulty of manipulating your elections.
The Galactica/Analog Approach – use paper ballots. It pains me to write this, working at a high tech network and security company in Silicon Valley, but considering the somewhat woeful state of security for many voting devices includes exposed USB ports, exposed DB9/Serial ports with relatively easy access to bootloaders, systems running Win CE 5 with no validation of system updates or input and other fundamental flaws and vulnerabilities that with the short span of time available it is impractical to adequately secure the infrastructure. Thus, like the science fiction space battleship Galactica facing a cyborg army of natural born hackers, some would say that the only way to win this game is to not play and go all analog and use paper.
Passwords – assuming that you are not going to all analog Galactica route, one of the ways that you can help ensure good defense in depth is by using good passwords. Note that while NIST has changed their stance on complexity rules and update requirements, but if you are driving an enhanced security effort you may want to audit all machine and admin accounts just to make sure
Patches – again, assuming that you are more worried about hacking bytes than hanging chads, keep in mind that a lot of voting hardware in the wild have been in service for a long time (10 years or more in many cases) and may be well overdue for the latest patches and updates. Do what you can to get your voting machines on the lastest and greatest versions of code.
Discard the Unsupportable – if you are running voting machines (or other infrastructure including servers etc) that are no longer manufactured or supported, it may be time for a change. Plan to replace machines that are no longer supported with ones that can at least be patched and updated.
Check Remote Access – on common but somewhat scary practice from a security standpoint is to use remote access software for support. Be it PCAnywhere or anything else, check your voting machines and if they are running remote access software, turn it off and block it at the network/firewall level as well. BTW you checked for POTS dialup too, right?
Physical Access – there are challenges here that in some cases may be hard to overcome. On the one hand, we would prefer to not give large numbers of people direct physical access to voting machines. On the other hand, balloting privacy measures sometimes make it hard or impossible to prevent a user from being concealed while accessing serial ports, USB ports and/or memory cards. It may be useful to investigate tamper evident wiring and other ways of mitigating risk.
Network Access Control and Segmentations – while it may be hard to impossible to get end-point security to anywhere near a comfortable place on many voting machines, it certainly is possible to better lock down the network that those machines are on. Use segmentation to prevent access. Do a user account audit to make sure that only those with a need for access have it and also ensure that former employees no longer have active accounts.
Stop the Phishing – one of the most common ways to get access to a network is to target users with phishing attacks. Many early phishing attacks were relatively easy to spot – mails were malformed and/or had spelling and grammatical errors. Now the sophistication of phishing attackers has risen. In some cases, they have made their mails more professional in appearance. In other cases, when trying to match the look and feel of internal communications, they have actually made their mail look worse – to match the typical output in organizations that may be using older platforms to send mail. User education with regards to not opening mail or attachments from those they don’t know and being very careful to check for other signs of deception. These individual accounts are a stepping stone to bigger things, making phishing a key strategy for the bad guys and a key area of focus for infosec practitioners.
Stop Stacking The Deck – in some cases, there are some relatively simple things that you can do in order to stop stacking the deck against democracy. If steps like maintaining a paper trail are some of the more effective things you can do to ensure a fair and honest election, it is probably best to NOT have judges dismissing the need for paper ballots. You also need to look at the whole chain – sure the voting machines themselves may be somewhat weak, but what about the upstream infrastructure? Still running Windows Server 2000? Ouch.
MFA/Two Factor Authentication – while we have seen that some MFA implementations may not be as secure as one might hope, nothing is perfect and something is, in this case, far, far better than nothing.
Detection – watch for traffic to/from new and unexpected places. Also be on the lookout for failed logins and if you come across these telltale signs and have a plan in place for what to do when you find them.
Encryption – it goes without saying, encryption should be used end-to-end.
Air Gap – sure, the noise of exploding uranium centrifuges in Natanz courtesy of Stuxnet showed that air gaps are not fool proof, but compared to leaving potentially vulnerable systems connected to the internet, an air gap is a wonderful thing.
Read Some Shameless Promotion – OK, this is the part where we pitch some gear. Ixia ThreatArmor is an easy to install, easy to manage solution that can be up and running in less than 30 minutes. With full line-rate performance, live updates every five minutes from our Application Threat Intelligence feed and the ability to block up to 80% of malicious traffic, ThreatArmor is an excellent way to take load off your firewalls while adding another moat to your overall defense in depth strategy. You can also automatically block traffic to/from known “bad neighborhoods”, further reducing load on your existing security tools.
You may also want to take a look at some of the advantages a network packet broker can bring, with features including support for SSL/TLS 1.3 and benefits such as tighter security, faster resolution and better ROI. Learn more with What is a Network Packet Broker (and why do you need one)?
Thanks for reading, and let us know if you want some help securing your election.
By the way, in case nobody mentioned it, October is National Cyber Security Awareness Month. As part of our involvement in such, we have gathered a number of blog posts on relevant topics, all of which are available here.