In the midterm elections set to take place later this year, all 435 seats in the house, 33 seats in the Senate and a number of local and state elections will be contested. Regardless of how the elections shake out, the most important factor in the election is the security of the process. If the past few years fraught with election hacking around the globe serve as an any indicator, we should be skeptical of what might happen. The voting process of the United States, and no doubt countries around the world, is inadequately equipped to defend against professional cyberattack attempts. Ethical hackers hacked a WINVote machine during the DEFCON conference last year in Las Vegas, and it took only a few minutes to hack into and tamper with votes and voter information. So, how do we go about protecting ourselves against these attacks and ensuring secure elections for the future? We should utilize hackers that have been vetted for trust and skill to test these critical assets in a controlled and managed environment.
Hackers are creative, persistent, and constantly evolving. And, in the case of foreign government sponsored hackers, they’re well-funded and highly skilled. To achieve their mission, they will exert immense effort to search for unknown vulnerabilities, monitor changes to connected digital systems, and capitalize on any mistakes made in the system setup process.
If we want to stay ahead of the adversaries and protect ourselves against their methods, we have to think like them and mimic their tradecraft as part of our defenses. We can start by defining the threat model, establishing the attack surface, and devising devious methods of influence that could turn the course of an election.