The U.S. government intends to run a program that centres around securing voter enrolment databases and IT systems ahead of the 2020 presidential race. Intelligence authorities are worried that state-sponsored hackers in 2020 may not only target the electoral databases but also endeavour to control, manipulate and destroy data, as indicated by U.S. authorities.
“It is imperative that states and municipalities limit the availability of information about electoral systems or administrative processes and secure their websites and databases that could be exploited,” the FBI said in a statement.
The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department fears the databases could specifically be targeted by ransomware attacks, a kind of malware that has crippled IT networks across the United States in the past few years, including recently in Texas, Baltimore and Atlanta.
“Recent history has shown that state and county governments and those who support them are targets for ransomware attacks. That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks,” said Christopher Krebs, CISA’s director.
Why Is There A Concern About Ransomware
A ransomware attack typically locks an infected computer system until payment, usually in the form of cryptocurrency, is sent to the hacker. The malicious code executed in these cases can bring about data loss, render systems inoperable, cripple device functions. A few instances of damaging ransomware cases include NotPetya, Stuxnet , Shamoon , and Dark Seoul.
Massachusetts-based threat intelligence firm Recorded Future found at any rate, there were 169 ransomware episodes focusing on state and local government since 2013, with 21 of them revealed just in the first quarter of 2019. The high prevalence of ransomware attacks has alarmed US officials about the upcoming elections as electoral databases may prove to be objects of interest for both private and state-sponsored hacking groups.
One such major incident happened recently at Texas wherein the Department of Information Resources (DIR) reported as many as 23 state-run departments — including police offices and libraries that were disrupted by ransomware malware. The Texas security event is one of a kind in that it’s one of the first organised ransomware assaults to hit the US.
The Russian Intelligence Meddling?
While the Texas incident might have been organised by hackers just looking to make ransom money, past security incidents unrelated to ransomware have taken place on a larger scale. The US Senate Intelligence Committee announced after its research concluded that election systems in all 50 states were targeted by Russia in 2016, although there is no evidence that the hackers were able to successfully alter voting data.
The Committee has brought to light that there have been incidents of hacking particularly in Illinois and Arizona directed by Russian intelligence, further stating “an unprecedented level of activity against state election infrastructure”. Apart from this, the Mueller investigation claimed that VR systems, a voting technology vendor in the state of Florida was targeted by Russian hackers who placed malware on its network.
How CISA Is Planning To Tackle Ransomware Threats In US
A program by Cybersecurity and Infrastructure Security Agency (CISA) is intending to connect with state authorities to get them ready for any further ransomware situations. CISA has created guidelines to enable organisations to constrain harm, and recover smartly in case there are further attack. “We strongly urge you to consider ransomware infections as destructive attacks, not an event where you can simply pay off the bad guys and regain control of your network,” said CISA.
The guidelines specified on the website cover things related to backing up of data and configurations, updating patch systems, incident response plan, network monitoring tools. The organisation is further planning to help cities across US practice good cyber hygiene and prevention measures before the elections like using multi factor authentication, whitelisting, establishing network privilege, backups, updates, etc. As part of the program, CISA will also support for remote computer penetration testing and vulnerability scans.
In the last few years, we have seen how state sponsored hackers can have disruptive effects on a global level. Ransomware could freeze governments out of voting data at the most critical moments, cause data loss and delays to undermine the legitimacy of the elections themselves. This is even more critical for local governments for small cities who may not have the adequate IT infrastructure and expertise to tackle advanced attacks like ransomware.
America at the moment has decided to prepare itself for any attacks the country might face during the presidential elections. With roughly 14 months to go before the vote, it will be interesting to see how US officials handle the situation or alleged Russian meddling as the case was in 2016. Also, the implementation of a nationwide cybersecurity strategy to handle attacks like ransomware can provide lessons to other countries including India, a country with the second largest number of voters.