Cybersecurity focus shifts to monitoring results systems as polls close in many states
As the votes are tallied, cybersecurity officials shift their monitoring to the counting and reporting systems used by states and localities
As polls began to close across the East Coast and Midwest Tuesday night, top cybersecurity and intelligence officials said they were shifting their attention to ensuring that systems that tabulate, tally, and report results remain free from attacks or foreign interference.
Likening the Election Day to a flight that may experience a bumpy take off before reaching a smooth cruising altitude, a top cybersecurity official said, “here we are coming into that next phase of the flight, preparing for landing, polls are closing, and election night reporting...presenting a whole new attack surface” for adversaries.
State election reporting websites are likely to face a high level of demand from ordinary users, potentially leading to website crashes. Adversaries also could deface such websites, try to alter official results, launch denial of service attacks, or spread disinformation about counting and reporting, the official at the Cybersecurity and Infrastructure Security Agency, or CISA, told reporters.
The agency is holding regular phone briefings for reporters on what hundreds of intelligence, cybersecurity, and election officials are seeing across the country and how they’re responding.
The CISA official said foreign state-run media outlets such as Sputnik and RT, both of which are controlled by the Kremlin, already are spreading disinformation about winners in certain races and said any foreign reports about election results should be viewed with a “hefty, hefty, hefty dose of skepticism.”
With more than 100 million Americans having cast their ballots in early voting before Election Day, the final tally may reach a record by the time polls close in Alaska and Hawaii, well past midnight on the East Coast. But with a significant number of voters having cast their votes by mail, counting those could take a week or more, and even longer if one factors in legal challenges by both parties.
The cybersecurity official cautioned that formal results from states across the country could take two or more weeks and that CISA will likely continue to monitor and track threats to election systems until all results are called.
Still only at halftime
As the day began, Christopher Krebs, director of CISA, said in a news conference that Election Day represented only a half-time in a game, and that foreign adversaries may mount other “activities or efforts to interfere and undermine confidence in the election” until all results are official and announced.
Earlier in the day, polls opened with reports of electronic poll books crashing in some states and officials having to switch to using paper poll books to verify voters before they could cast their ballots.
Frank La Rose, Ohio’s secretary of state, earlier in the day said that the state’s Franklin County was switching to paper poll books because of a technical glitch.
There were also reports that voters in as many as six states were targeted by millions of robocalls and texts asking them to stay home because of COVID-19 fears. The FBI and the Federal Communications Commission were investigating the calls, which the cybersecurity official said amounted to a form of voter intimidation.
There were some reports of disinformation spreading through messaging apps.
Some Chinese-Americans were said to have received messages on WeChat, a messaging platform, warning them that protests are being organized and trying to instill fear in voters.
The CISA official said U.S. officials were aware of such messages and have passed on the information to social media companies to address them.
Russians remain a threat
The official said that the agency is closely monitoring attempts by foreign adversaries, especially Russia, to break into U.S. election infrastructure. The military's Cyber Command has expanded its "hunt forward" mission to aid in that effort, scanning foreign internet activity to watch for attacks, the official said.
During the 2018 mid-term election, Cyber Command sent cyber sleuths to Macedonia, Montenegro, and Ukraine to identify Russian intelligence networks as well as tools the Kremlin might use against the United States.
Cyber Command's efforts have expanded to help identify tactics and tools that the Iranians and the Chinese also might use, the New York Times has reported.
The expanded scouting helps identify potential malware that adversaries may use and that’s then shared with state election officials and private companies to look for in election systems, the CISA official said.
While all the attention has been on cybersecurity threats or fears of disinformation, there were also fears of potential violence and physical intimidation of voters.
A senior official at the Department of Homeland Security told reporters there was no outbreak of violence although peaceful protests occurred.