We can't accept election hacking as a new normal

Nation state attacks on democracy are real, but does the public really care?

Why we can't accept election hacking as a new normal
Thinkstock (Thinkstock)

There's nothing new about election corruption, except that it's the new reality for hackers to use cyber to influence elections.

It's been no secret within the government cybersecurity space that the Russians have been attacking U.S. systems for years using sophisticated teams and methodologies. Just recently, an OODALOOP analyst said Russian hackers have been using the same back door for decades. 

Russia’s hack of the DNC had the largest impact of any breach in recent history, yet, "We still don’t have a Federal CISO, a White House CISO, nor any policy moving our cybersecurity efforts forward other than an Executive Order on Cybersecurity which most agree is a joke," said Paul Innella, CEO of TDI. 

This is not a problem exclusive to the U.S. Pawn Storm launched a targeted campaign during the recent presidential election in France, attempting to sway the public favor toward Emmanuel Macron. Then, the German cyber chief said an election hack “could happen to us,” and raised that country's cybersecurity alert level.

Ahead of Germany’s federal election in September, phishing attacks targeting government and political personnel are becoming more common.

According to Ferruh Mavituna, Netsparker CEO, malicious hackers are exploiting web application security issues such as cross-site scripting and Open Redirects that are making it easy for them to hijack web emails and launch phishing and other attacks to gain access to the private data of government and political personnel.

The problem, Mavituna argued, is not which country is the target. The issue is at the source: web applications.

"I'll even take it a step further and say there should be legal consequences of insecure web applications. Government and political personnel should be held to the highest standard and be trained on how to protect their citizens against data security threats,” Mavituna said.

Cybersecurity industry takes threats seriously, but the public doesn't seem worried

Whether consequences or incentives will be the motivating factor, the cybersecurity industry is taking this new threat seriously. Efforts to secure digital voting with blockchain technologies are on-going. Within the IT industry, the race to secure voting and elections has become a primary focus.

Many nations around the world struggle to protect themselves against nation state attacks, and legislators are working to find a solution.

In his article, "Worried About Election Hacking? There's a Fix for That," John Nichols reports on the newly introduced legislation, Securing America's Future Elections (SAFE) Act, but I question whether legislation will accomplish the task of preventing future attacks and attempts to influence elections and destroy democracy.

Then I read reports like one released by ReportLinker that found, "Yes, Americans say cyber attacks are more of a threat, but they aren't much worried," and my head starts to spin. Does anyone outside of the government and the IT space really even care about securing democracy?

More than half of the American population actually feels safe, that they are not vulnerable to a cyber attack. That statistic screams indifference to me, which is a little bit frightening. 

And if I can climb onto my soap box for a brief moment, I'll remind you of the powerful words of the Nobel Prize winning author and Holocaust survivor, Elie Wiesel:

"When human dignity is in jeopardy, national borders and sensitivities become irrelevant. Wherever men or women are persecuted because of their race, religion, or political views, that place must—at that moment—become the center of the universe."

This is the moment—that democracy is threatened by these nation state attacks across the globe. That reality must become the center of the universe for the security industry, IMHO, and remaining silent is not an option. 

Now, more than ever, everyone has to realize that they are a security newb, and with that comes responsibility. Maybe Mavituna is right. Perhaps a workplace policy of "click it and get a ticket" might motivate everyone to stop and think before they put security at risk.

New! Download the State of Cybercrime 2017 report