Internal Threats and Election Security

60

By Pete Nourse

With the midterm elections quickly approaching, pundits and news sources around the country have been discussing the likelihood of Russian meddling similar to the presidential election of 2016. While it’s true that external threats to voting machines and voter registration databases should be of concern, and the potential for those actions to undermine our democracy are very real, we must not ignore the threat of insiders, as they are capable of inflicting far greater damage.

Last month, it was announced that the information of over 35 million voters was being sold on a hacking forum. That information included the voters’ full names, phone numbers, physical addresses and voting-related information, including their previous voting history. Of note, the seller indicated on the forum that they receive weekly updates of the provided voter registration data and that the information is received via contacts within state governments.

The truth is anyone with access to a state’s voter registration has the ability to change information, remove it entirely or, in this case, sell it to the highest bidder. That is why insider threat detection should be a high priority when discussing ways to prevent election interference.

Election Interference

Insider threats constitute a massive security concern for any voter or campaign group for a number of reasons, but probably most importantly is that most are unaware of the likelihood of insiders to actually interfere – especially when discussing something as sacred as the democracy of a nation. Unfortunately, the U.S. voting system is not as secure as most believe.

Unprotected Voter Information

While voter information remains largely unprotected, improvements are possible. For starters, voter information should be secured by a multilayered security protocols and technologies that protect it against both external and internal threats. Additionally, anyone with access to it should be educated on best practice security procedures to ensure that voter information is kept private.

Broad Permissions

When it comes to cyber security, the fewer routes of access to the information, the safer it is. Currently many groups, including political campaigns, journalists and academic researchers, have access to a state’s voter registration. Any voter database should have controlled access and those permissions should be thoughtfully considered and only granted if necessary.

Insider Threats

All organizations are at risk of having malicious insiders. To protect from these threats, user behavior analytics can be employed to help detect suspicious user activity. IT teams can then act to protect data before the malicious actor carries out any harmful acts.

About Pete Nourse
Pete Nourse, Chief Marketing Officer at Veriato, is a seasoned technology marketing executive with over 20 years of experience leading marketing for multiple, multinational corporations. He has been focused in the cybersecurity field since 2001. Nourse holds a degree in Marketing from the University of Massachusetts.