Attacks on the digital infrastructures of US state, local, tribal and territorial (SLTT) governments continue at a healthy clip, a chronic trend that does not bode well for election security as the nation moves into the crucial run-up to the 2020 presidential election. Although a lot of research has focused on the potential hacking of election equipment and related backend infrastructure, recent studies and exercises suggest that adversaries can disrupt the democratic process almost as well by simply targeting other local government \u00a0and community systems.In a report released today, cybersecurity firm Blue Voyant presents the results of a study that examined the local governments\u2019 cybersecurity posture in 108 jurisdictions going back to 2017. They found a steep rise in ransomware attacks on SLTT governments from 2017 to 2019 and a jump in the amount of ransom demanded from $30,000 in 2017 to $380,000 in 2019, with some ransom amounts exceeding $1 million.Lack of standardized online infrastructure hinders SLTT securityAlthough ransomware captures the lion\u2019s share of attention when it comes to disabling local government operations, including elections, other attacks that can impair essential services include outright data breaches, typosquatting that leads to malware installation, and exploited weak VPN solutions. One big problem across the nearly 90,000 local governments in the US is the lack of standardization for online infrastructure and resources, Austin Berglas, global head of professional services at Blue Voyant tells CSO.Berglas, who spent 22 years in the federal government, ultimately serving as the assistant special agent in charge of the FBI\u2019s New York Office Cyber Branch, says that some state and local governments don\u2019t even use .gov domains, where they would get the benefit of having US government oversight on those domains. The .gov domains also force the use of multi-factor authentication (MFA), HTTPs and other security features. It\u2019s no surprise then that Blue Voyant has been able to track compromises of state and local government IT infrastructure back to bad actors, some of them nation-state actors.Ransomware, other attacks can disrupt electionsWhen it comes to elections, the odds of threat actors changing votes are slim, but attackers can knock voter databases or other systems offline with ransomware or methods which could disrupt voting Berglas says. The potential for disruption in city services poses a threat to even mail-in voting. \u201cIf there were a state or municipality that took ballots and then imported them into a system and the next day that system was locked up with ransomware and they were unable to get at those results, that would disrupt the system. It wouldn\u2019t necessarily change the vote tally but definitely put a damper on the system."Lack of coordination among local governments and fedsMichael Hamilton, founder and CISO of CI Security and the former CISO of Seattle, worries about another form of standardization, namely the lack of real coordination among local governments and the federal government when it comes to system monitoring or detection of attacks. \u201cI have no idea if they have analysts going through this stuff where it\u2019s just kind of all automated\u2026so that they can see how things are going across the country. There is no requirement for them to talk back to any of the jurisdictions where they\u2019ve deployed the Albert sensor [a network monitoring system established by DHS\u2019s CISA] and that\u2019s a bit of a concern.\u201dHamilton believes that local governments\u2019 readiness to most effectively handle digital threats is contingent on \u201cmaking information available every week [to the nation\u2019s municipalities] so that everybody gets on the same page.\u201d In terms of what last-minute efforts local governments can undertake to harden their infrastructure to bolster voting security given the likelihood of mass mail-in voting, Hamilton advises local CISOs to pay attention to computing systems that do signature-matching and bar-code reading. \u201cI would focus on where there is actual ballot counting and handling being done\u2026and when you\u2019re talking about vote by mail, you\u2019re talking about things like signature matching.\u201dTabletop exercise provides insight into government security readinessAn annual tabletop exercise hosted by Cybereason called Operation Blackout: Protect the Vote conducted in August also provides some fresh insight into local government security readiness for the fall. The virtual edition of the exercise took place in the fictional city of Adversaria in the weeks leading up to a typical election day.Like Blue Voyant\u2019s analysis, the focus of Operation Blackout was not on election infrastructure itself; the exercise explicitly excluded targeting election equipment. The goal was to \u201cexamine and advance the organizational responsiveness of government entities to an anarchic group\u2019s attempts to undermine democratic institutions and systems of governance in the republic.\u201dIn this recent tabletop context, the local governments had to manage disinformation attacks. As a consequence, one of the key lessons learned from the exercise is that communications are the key battleground as cities gird for election season problems. To that end \u201c[b]roadcast media is the bully pulpit. Make sure it's used effectively to help counteract the effects of misinformation through other channels,\u2019 Cybereason said in its written Operation Blackout results.Finally, another factor that could impact local governments\u2019 ability to fend off attacks is the \u201cdefend forward\u201d strategy of the US Cyber Command as spelled out this week by Cyber Command Chief Paul Nakasone and his Senior Advisor Michel Suhlmeyer in Foreign Policy magazine. Under this strategy, Cyber Command and the National Security Agency (NSA) joined forces during the 2018 elections to create what it called the Russia Small Group to share indicators of compromise with DHS to harden the security of election infrastructure. Nakasone and Suhlmeyer said they plan to do it again for the 2020 elections.\u201cThe defend forward [part of Cyber Command\u2019s election strategy] is \u2018we know who is twisting our door knobs and we\u2019re going to go smack \u2018em,\u2019\u201d CI Security\u2019s Hamilton says. \u201cA lot of these are disinformation campaigns and I\u2019ve heard a lot of them are run out of Africa and paid for by Russia.\u201dStill time for basic security hygiene to helpEven at this late stage, local governments can undertake some basic hygiene tasks to make their systems ready to withstand any challenges that the election throws at them. Reviewing the policies and procedures around the use of Remote Desktop Protocol (RDP) is job number one, Berglas says. \u201cA lot of these smaller organizations are heavily reliant on outsourced IT and they need to use RDP to come into the network and do their work. The problem is they leave it open and the bad guys come in and compromise that.\u201dSecondly, \u201cif there\u2019s not two-factor authentication on significant account log-ins \u2014 from email to sensitive account log ins \u2014 that needs to be enforced as well. Third, if there is not a good enforceable password policy that is in place, that needs to be in place.\u201d Blue Voyant\u2019s report shows how easy it is to find compromised user names and passwords for state and local employees from the mounds of data breach reports out there.