MSSPs Combat Election Cybersecurity Threats
MSSPs, MSPs and other cybersecurity providers will be called upon to maintain (and restore) election security while helping stop the spread of misinformation and protect candidates from attacks on their websites and other forms of campaign communications.
Today, there are real, documented threats from nation-state actors that will require top-level cybersecurity expects to meet such challenges. Speaking to MSSP Alert on the issue, Adam Marrè, Arctic Wolf chief information security officer, described the business opportunities ahead.
“MSSPs, MDR (managed detection and response) providers in particular, will play a crucial part in ensuring the integrity of elections by providing services and knowledge to protect organizations conducting elections from cyberattacks and other potential exploits,” Marrè said. “The threats to elections are very real, with nearly half of respondents in a recent survey anticipating an increase in cyber incidents during this election season.”
The survey Marrè is referring to was commissioned by Arctic Wolf and conducted by Center for Digital Government. The team reached out to 130 state and local government leaders in the U.S. including those responsible for IT and cybersecurity systems, about their attitudes and beliefs on the cybersecurity issues related to the upcoming election.
The Ramifications of Election Attacks
Marrè explained that leading up to the U.S. presidential election in November, MSSPs like Arctic Wolf will be responsible for providing security to organizations historically strapped for resources. For them, the goal will be to identify and mitigate any threats — whether they be to physical systems or to the organizations responsible for overseeing the election process.
“Even if attackers cannot directly affect the election results, a successful attack on an organization overseeing an election could sew doubt and erode trust in the election,” Marrè said. “Nation-state-supported hackers may want to influence an election, but even criminals with little interest in geopolitical events can capitalize on the moment for financial gain.”
For example, a threat actor may be more likely to get their ransom paid by a desperate local government trying to regain access to their systems during an election.
“The stakes have never been higher, and the threat is real,” Marrè said. “It is more important than ever for organizations to have robust security, including the services of trusted and proven MSSP and MDR partners.”
Arctic Wolf’s survey of election officials found that more than half of respondents said they are not at all prepared or somewhat prepared to detect and recover from election-targeted cyber incidents. Adding to the feelings of unpreparedness is that election officials and administrators are expecting a significant uptick in the volume of attacks compared to what they saw in 2020, with 47.1% expecting an increase, while less than 2.9% believe they will see a decrease, Arctic Wolf found.
What MSSPs, MSPs Can Do For Elections
Gary Brickhouse, chief information security officer of GuidePoint Security, said services typically provided by MSSPs and MSPs will be important during the 2024 election cycle.
“The work performed by these groups can help mitigate an outside disinformation campaign by their ability to provide accurate information to the overall security posture of the election data and systems, especially the integrity of the data being processed by the election office,” he said.
Brickhouse explained that these services include proactive activities such as firewall management, email security, vulnerability management, and continuous monitoring and threat detection to hunt for cybersecurity events in real-time. They may also provide other system services to improve resiliency in the event of an incident, such as implementing a data backup strategy by enabling the election office to more quickly recover in the event of an incident or outage.
These security services may also include reactive activities like responding to cybersecurity alerts from firewalls, network detection systems and centralized logging systems, as well as manual or other automated detections. In the event of an actual incident, MSSPs and MSPs may lead the incident response process, driving the necessary activities to contain the event, eradicate the cause of the issue and recover back to normal operations, according to Brickhouse.
Kivu Consulting Commits to Election Security
Berkeley, California-based Kivu Consulting is one of the MSSPs that will be helping with election security this year. Gary Alterson, vice president of Managed Security Services, told MSSP Alert that Kivu recently signed on with a larger (unnamed) company to provide election security services for their clients. These clients include governmental entities, primarily at the federal level, holding elections as well as nongovernmental organizations, political action committees (PACs) and candidates themselves.
“We don’t have a specific customer today, but we expect our client to begin referring them our way eventually,” Alterson said. “This is something new for us. You can break it down between either proactive or response services.”
Kivu’s election services fall into two categories. “Protect & Detect” encompasses security services around Microsoft 365, dark web intelligence, managed XDR, compromise assessment, vulnerability management, and managed DDoS and web-based attacks. “Respond” services involve incident response, digital forensics, business email compromise (BEC), ransomware response, and recovery and transformation.
Alterson expects Kivu’s security experts to be involved in various dark web forensics activities, too.
“Threat actors selling or buying campaign-related data on the dark web may be an indicator of a future threat,” he said. “So, in addition to dark web intelligence, we’ll be doing more standardized stuff around things that may happen on election day or following up on an issue a couple of months later. We’ll also be using our XDR for monitoring a customer’s endpoints or network for breach protection.”
Alterson believes that while voting machines are by-and-large safe from exploits, BEC campaigns and account takeovers could be commonplace. For example, an individual might be scammed by an email from someone posing as candidate asking them to wire money to a certain campaign office or PAC.
“It’s not impossible to say that in addition to those seeking to cause mistrust in an election or otherwise influence an outcome, there won’t be others looking for financial gain,” he said. “As you think about campaigns, PACs or election offices, the closer you get to an election, they’re going to pay pretty fast in the event of a ransomware attack.”
CrowdStrike Digs Into Election Security
Cybersecurity tech giant CrowdStrike is big player in the election security game, availing its Cybersecurity & Election Security Resource Center to voting districts. The center serves as a repository of knowledge, programs and resources that can help strengthen the security posture of elections entities and campaigns.
CrowdStrike recently held its Government Threat Summit in Washington, D.C. In the session, “Generative AI, Misinformation, Disinformation and Cyber Threats for the 2024 Elections,” Adam Meyers, CrowdStrike Head of Counter Adversary Operations, highlighted how criminal groups, hacktivists, nation-state adversaries and geopolitical developments are impacting the threat environment for global elections in 2024.
Fortinet, a company that partners with MSSPs, provides election services through its State & Local Government practice, as well as a variety of safe and secure election resources and best practices. Fortinet offers threat intelligence so local and state governments are constantly aware of the latest cyberattacks, including the risk of insider threats.
Mandiant, a Google Cloud company, is another security provider that’s offering specialized services to protect election systems, including incident response and attack surface management.
Overseas Threats and The Rise of AI-Based Threats
Georgia’s Coffee County suffered a ransomware attack during April that forced the county to sever its connection to the state’s voter registration system as a precautionary measure, according to a CNN report.
In the United Kingdom, Chinese hackers are accused of trying to break into email accounts of British lawmakers who were critical of China. And a separate Chinese entity was behind a hack of its electoral watchdog that compromised millions of people’s data, according to a Reuters report.
Furthermore, UK officials also accused an unidentified Chinese state-affiliated hacking group of a separate 2021-2022 cyberattack on Britain’s Electoral Commission. In response, Britain imposed sanctions on two people and one company linked to China-backed hacking group APT31.
This year, watch for generative AI as likely tool to spread disinformation, with bots and bot farms contributing to divisiveness among the electorate. Misleading or false content, including quotes, memes and digitally altered videos and images, will invade the public discourse, according to MSSP Alert’s top cybersecurity predictions for 2024.
Given the ease with which AI tools can generate deceptive but convincing narratives, adversaries will likely use such tools in 2024, according to CrowdStrike. Politically active partisans within those countries holding elections will also likely use generative AI to create disinformation to disseminate within their own circles.
These issues were already observed within the first few weeks of 2024, as Chinese actors used AI-generated content in social media influence campaigns to disseminate content critical of Taiwan presidential election candidates, CrowdStrike said.
Underscoring the threat from AI, Yubico, a security authentication specialist, partnered with Defending Digital Campaigns (DDC) recently to conduct a joint study on the election security environment, surveying both Democrat and Republican party members in the U.S.
David Treece, vice president of solutions architecture at Yubico, said, “Given the sudden advancement and uncertainty of AI technology, it’s not surprising that over 78% of respondents are concerned about AI-generated content being used to impersonate a political candidate or create inauthentic content, with Democrats at 79% and Republicans at 80%,”
Yubico’s technology is designed to help government entities build trust with voters with tools such phishing-resistant authentication. Yubico offers a physical hardware security key known as the YubiKey. Since 2020, Yubico has donated tens of thousands of security keys to DDC on behalf of its philanthropic initiative, Secure it Forward.
CISA Offers Election Security Resources
Through the Joint Cyber Defense Collaborative (JCDC), the Cybersecurity & Infrastructure Security Agency (CISA) CISA offers a toolkit of free services and tools intended to help state and local government officials, election officials and vendors enhance the cybersecurity and cyber resilience of U.S. election infrastructure. These are also resources for MSSPs and MSPs involved in election security.
The Election Security Risk Profile Tool, developed by CISA and the U.S. Election Assistance Commission, can help state and local election officials understand the range of risks they face and determine whether they should retain the security services of an MSSP or MSP.
Security Election Infrastructure Against the Tactics of Foreign Malign Influence Operations is another CISA election resource.