In the shadow of high-profile election controversies, the underappreciated vulnerability of election machines to malicious attacks demands immediate attention. This blog underscores the critical need for election officials at the state and local government levels to upgrade security measures, focusing on a transformative approach that addresses challenges unique to election systems.
Pressing Election Security Challenges
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of potential phishing, malware, ransomware, and DDoS attacks targeting election systems. While defenses have improved since 2016, the upcoming 2024 election cycle and beyond demands additional measures. A lack of visibility into current attack surfaces and threats plagues election managers, emphasizing the urgency for robust security measures.
The Conventional Security Conundrum
Traditional endpoint security methods, such as installing monitoring, detection, and response (MDR) software agents, fall short when applied to election machines. These machines, designed to resist software alterations, pose a unique challenge. Additionally, reliance on legacy security policies exposes election authorities to modern cybersecurity threats, necessitating immediate action.
Agentless Monitoring for Election Systems Protection
Comprehensive network asset monitoring is pivotal, but software agents can be impractical for election systems. Voting machine manufacturers typically design devices to reject monitoring agent installations. This is where agentless monitoring, as Armis exemplifies, proves invaluable because it identifies device details and behavior without requiring software agents. Not long ago, I could recount a significant breach during the 2020 U.S. election cycle. Despite access to top cyber defense experts, identifying the breach source took four hours. Had the infected party had Armis Centrix™ four years ago, with its agentless monitoring approach, a resolution most likely would have been identified in minutes, not hours. Armis Centrix™ observes all network assets, identifies anomalies, and uses a global database and AI/ML algorithms to interpret real-time network behavior and deviations thereof.
Preparing for the 2024 Election Season
Comprehensive and in-depth asset inventory and monitoring enhances the security of managed and unmanaged network assets, offering protection for configurations that cannot be changed or devices that cannot be immediately taken down for patching and/or maintenance. Election officials are urged to stay attuned to global events, anticipating potential attacks that may be launched via various attack vectors. Agentless monitoring provides benefits beyond defending against cyberattacks. The cloud-based software can serve as essential evidence in proving compliance, defending against negligence claims, or countering election malfeasance accusations. This additional layer of protection helps build a compelling case for investing in world-class asset security.
Best Practices for Implementation:
- Identify all assets and gain deep situational awareness for each asset
- Identify vulnerabilities and prioritize threat remediation
- Deploy asset intelligence security proactively rather than waiting for an attack
- Allow time for analysis and action upon receiving alerts
- Refer to CISA’s Cybersecurity Toolkit and Resources to Protect Elections for specific guidance
In conclusion, upgrading election systems’ security is not just a technological enhancement; it’s a necessity for safeguarding democracy. Election officials are urged to act promptly, embracing transformative asset intelligence security solutions to ensure the integrity of future elections. The time to act is now.