Securing the U.S. elections may seem solely like a technology challenge on the surface. However, as the November election rapidly approaches and with early voting underway, election security truly boils down to the core fundamental challenge of protecting our nation and maintaining confidence in our democratic processes. Election security is a bipartisan issue and must continue to be prioritized by our leaders to provide the resources necessary to enable effective security and maintain public confidence now and into the future.
Significant cybersecurity focus continues to be on the security of the voting machine. The outcomes of the Voting Machine Hacking Village at DEF CON usually make headlines and are a stern reminder that more progress needs to be made on this front. This is a central element of maintaining the integrity of election results and generally gets most of the buzz and attention. It can also be easier to understand, quantify and remediate. However, another looming threat continues to grow and put the security of elections at risk in a different way.
The risk of disinformation campaigns
Disinformation campaigns are becoming more prevalent and they can have perilous consequences if proactive steps are not taken to quell the deceptive messages. A 2020 Election Security Study from global nonpartisan technology association ISACA found that 73% of tech professionals believe that misinformation and disinformation pose the greatest risk to election integrity. It ranks ahead of tampering with tabulation of voter results (64%) or hacking or tampering with voting machines (62%).
Disinformation campaigns are more sophisticated than ever before and the threats they pose can be more difficult to identify, quantify and mitigate in a timely manner than a software security flaw. In order for cybersecurity professionals, private companies and the government to combat information threats, it is important to understand the key differences between misinformation and disinformation. According to the Cybersecurity & Infrastructure Security Agency (CISA), the key distinctions are:
- Misinformation is information that is false, but not created or shared with the intention of causing harm.
- Disinformation is false information that is deliberately created to mislead, harm or manipulate a person, social group, organization or country.
The major social media platforms continue to take steps to ban accounts or remove messages associated with disinformation campaigns, but doing so before many people are exposed to the falsehoods is incredibly difficult. Understanding the impact, reach and effect of these messages can also be subjective. Critics cite that not enough is done and the actions taken are not quick enough.
ISACA's study shows these sort of misinformation/disinformation campaigns adversely affect public perception about election security, which in turn erodes confidence in our democratic processes and benefits America's adversaries.
While securing voting machines and the technical security controls of the election infrastructure may be left to cybersecurity professionals, combating misinformation and disinformation is something we all can play an active role in. Just this month, CISA published a disinformation toolkit and election infographics to support election officials. Each one of us can stop disinformation and contribute to election security and confidence by taking the following steps:
- Get your election information from trusted sources, such as state and local election authority websites
- Do not act on a single piece of information
- Check if social media accounts are verified before viewing their content
- Have a voting plan
- Limit what you share or reshare online
- Do not post personal ballot information online
- Report disinformation
- Direct others to official government election websites rather than other sources
We all need to do our part to protect our democracy because bad actors and advanced persistent threats are only going to find new ways to adversely affect and divide the country. We should never take for granted the freedoms and secure elections we have lived with our entire lives. Democracy is fragile and must be protected with endless rigor.
About the author
Jason Yakencheck is the past president of the ISACA Greater Washington, D.C. chapter. He is actively engaged with ISACA Global to support cybersecurity initiatives. He leads complex cybersecurity projects, performs C-suite advisory and leads secure cloud architecture and application migration. Yakencheck holds the CISSP-ISSAP, CISM, CISA and PMP certifications.