It is rare for a U.S. president to face a major political stand-off before his own inauguration. But that was the history-making environment we saw playing out as president-elect Donald Trump, members of the U.S. intelligence community and Congress scuffled over the degree to which a Russian influence campaign, played out through cyber activity, shaped an election for the ages. While U.S. political and diplomatic interests await reports and hearings, “election hacking” is already a global phenomenon, according to concerns out of Germany, Montenegro, France, the Netherlands and elsewhere. Despite alarming headlines, focused cyber operations against elections are in their relative infancy – meaning it’s crucial for us in the security industry as well as those affected to define what’s happened and marshal broad defenses. … The most volatile attack scenario is compromising voting machines, agencies and other polling infrastructure.
This is the hardest category to pull off, because remotely compromising a voting machine, for example, is more difficult than tricking election staffers into clicking on malicious email attachments (as stage one of a doxxing expedition). Yet, every newly-disclosed vulnerability rightfully worries election regulators. Even quick technical fixes applied after such disclosures may not reassure voters’ perceptions.
Training their sights on election machinery is a high-stakes game for nation-state attackers, because a country could consider such intrusions attacks on their critical infrastructure systems, an act meeting the threshold for military retaliation and other dire responses in the physical world. The risk and sheer complexity of these attacks is likely why productivity-minded election adversaries spend most of their time on propaganda and email hacking.
Full Article: What The Election Can Teach Us About Cybersecurity.