Cybersecurity professionals are concerned about foreign cyber operations and vulnerabilities in voting machines as the days tick down to the first 2020 primaries in February.
According to a new survey of 345 cybersecurity professionals by Black Hat USA, 63 percent of respondents said that the hacking of voting machines in the next election is “very likely” or “somewhat likely” to have a “significant impact” on election results.
U.S. government leaders, however, stress that they have prioritized the security of election systems, with one senior administration official on a June 24 press call referring to the defense against hacking of election infrastructure “our highest priority.”
“We do believe that the 2020 elections are a potential target for state and non-state cyber actors and we continue to observe unknown actors attempt suspicious and malicious activity against internet-connected infrastructure periodically,” a senior intelligence official said.
The official added that the government has no indication that “any foreign adversary has disrupted or corrupted elements of the election infrastructure, such as voting machines and/or vote tally systems that are preparing for the 2020 general election.” The official said that the intelligence community is tracking efforts “from several countries” to influence the United States election. According to the Black Hat survey, 63 percent of cyber professionals said it is likely that Russian cyber initiatives will have a significant impact on the 2020 election.
“Russia’s goal is to pit Americans against each other because they believe at this juncture a divided America is consistent with their specific interests,” said the senior intelligence official.
In 2018, Congress appropriated $380 million to states to improve election security. House Democrats passed an election security bill June 27 that would provide $775 million in grants to states over two years to buff up election security and prohibit election systems from being connected to the internet, according to the Associated Press. It is unclear if the bill will get a vote in the Senate.
Looking beyond next year’s election, seventy-seven percent of professionals said they believe a successful attack on the United States’ critical infrastructure will occur in the next two years, up from 69 percent in 2018. Critical infrastructure includes aspects of the United States including the energy sector, health care sector and communications sector.
Forty percent of respondents said that the greatest cybersecurity threat to these critical sectors were large-nation states. Sixteen percent of respondents said that the greatest threat to the cybersecurity of the nation’s critical infrastructure was the “lack of coordination between U.S. government entities and private industry,” an area that one senior administration official said was an important aspect of protecting critical infrastructure.
“We put a great deal of importance on sharing information, especially threat indicators with U.S companies, especially social media companies, tech companies and election service providers,” another senior administration official said.
Cyber professionals are also concerned about a general lack of preparedness to deal with a major breach of critical infrastructure, with 79 percent of respondents disagreeing with the statement “I believe that government and private industry are adequately prepared to respond to a major breach of US critical infrastructure.”
“It’s the U.S. government and infrastructure, and major U.S. and large multinational corporations, which are vulnerable to nation-state attackers and [advanced persistent threats],” the report cited one respondent as saying. “By far, the biggest concern is the utilities and utility suppliers, such as [those that provide] power and water.”