Protecting the polls: Volatile election season likely to push security risks higher

Aug. 16, 2024
Security threats and concerns could accompany the U.S. election process for the next several months.

With political tensions in the U.S. already high, the attempted assassination of former President Donald Trump, revelations about campaign internal records being hacked and other incidents have pushed emotions to a fever pitch.

Security threats and concerns could accompany the U.S. election process for the next several months – from the presidential debates to political rallies to election day, and even during the counting of electoral votes early next year.

The next big test for security officials is the Democratic National Convention in Chicago, which kicks off next week. Some historians are drawing parallels between today’s ongoing global conflicts, political acrimony, protests, and anti-police sentiment and the 1968 DNC in Chicago, which was marred by protests and party upheaval.

Since 1910, 8 of 22 U.S. presidents have been shot or shot at, and 4 presidential candidates have been shot or killed, according to recent research. Political activism can’t be blamed for every incident, “but it does seem like partisanship has been deepening,” says Hugh O’Rourke, Vice President of Enhanced Protection Services at Allied Universal and a former member of the New York Police Department counterterrorism team.

“The crystal ball is very cloudy but the potential exists for overt acts of violence against the candidate or candidates. There may be continuing public disorder and support for different causes before the election. The potential exists for a real continued hot summer,” says O’Rourke, who also worked in force protection for the Air Force Office of Special Investigations.

“One thing I can say is no (protection) detail ever goes without something unusual happening. It's the human factor and it's a little bit of chance and there's always something that you must react to.”

Rachelle Loyear, Vice President of Integrated Security at Allied Universal, said the firm has seen an uptick in requests for enhanced protection services from many clients. “Sometimes you may find an individual with a higher risk profile who might want to up their security a little bit. Security is definitely on the minds of people,” she says.

Plan for DNC

Loyear said she was just in Chicago several weeks ago for an event. The city has a “really robust” plan for DNC security with multiple access zones to keep participants and protected individuals safe.

Although the United Center, the DNC’s host this year, may not pose the same risks as an open-air venue, O’Rourke expects there will be enhanced screening of people and vehicles at perimeter checkpoints and expanded use of public law enforcement to augment security measures.

With the DNC in Chicago, it will be crucial for security workers and local businesses to be aware of varied threats that could impact their operations and safety, says a special report about election security released by Allied Universal. High-profile events attract massive in-person, television and social media audiences, which make them attractive targets for individuals or groups seeking to disrupt proceedings or gain notoriety.

Because the threat landscape for the convention spans wider than event sites, security measures will have to expand as well to address diverse threats, safeguard the public and protect the integrity of the political process.

Many local businesses will extend their services to accommodate the needs of convention attendees. These plans range from increased staffing to special promotions. Tens of thousands of visitors will likely boost local commerce and visibility. However, it also provides opportunities for bad actors to target businesses by taking advantage of extra traffic and crowding to divert attention away from activities such as property theft, vehicle theft, robbery, assault and destruction or vandalism, the report notes.

The report notes that the volatility of large groups, especially in politically charged atmospheres, increases the risk of disturbances.

Using volunteers and temporary staff introduces the risk of insider threats, including bad actors who could gain access to sensitive areas or information. Implementing thorough staff background checks and continuous monitoring are necessary to counteract insider threats. Vigilance is essential, the report notes, to prevent individuals trying to pass as authorized “security” or “authorized personnel” from exploiting security protocols to gain access.

Infrastructure surrounding the convention sites (like government facilities, utilities, transportation networks and communication systems) could become targets for disrupting the convention or causing widespread chaos. Enhancing the physical security of infrastructure, along with increased surveillance and coordination with local law enforcement agencies, can help mitigate the risk of attacks.

Facilities with higher public visibility or high-value assets should consider implementing advanced access control systems – potentially with biometric or RFID technology – to ensure that only authorized individuals enter sensitive areas.

As public law enforcement continues to struggle with recruitment and staffing, establishing strong ties with private security remains important.  

Loyear says there are many programs, such as NYPD Shield, which allow for back-and-forth communications so private security organizations and entities can share their coverage, footage and information with public agencies and bring in real-time intelligence gathering on events a given area.

O'Rourke says the NYPD’s Counterterrorism Bureau has a long-standing relationship with the private sector. Those efforts helped shape the Lower Manhattan Security Initiative and Middle Midtown Manhattan Security Initiative.

“The federal government has great resources, but not a whole lot of bodies, whereas local law enforcement and state law enforcement are larger and there are benefits derived from both parties by working together. And I think that’s the goal,” O’Rourke says.

Keeping Employees Safe

Julian Moro, SVP and Regional Security Director at International SOS said the company is “really, acutely” focused on a critical period of vulnerability starting with the DNC through to the November general election and implementing programs to mitigate risk “in a very focused way and proactive way.”

He says analysts use the cone of plausibility to assess different scenarios and the key drivers of risk. A few months ago, their examination of plausible scenarios included the fate of the GOP and Democrat nominees, with one or both of them being removed from office due to illness, legal issues or other factors.

Of course, Biden was pushed out as the Democratic nominee and Trump was wounded by gunfire at his Butler, Pa., rally. With the nominations in each party likely cemented, different scenarios are rolled out.

“Global conflict is one of the key drivers that we've identified that feeds into the various scenarios because depending on how those evolve, as well as what the U.S. involvement is, directly feeds into the lower end of scenarios,” Moro says.

“The U.S. having a less prominent role feeds into lower-risk scenarios and outcomes, and us being more heavily invested or taking a particular political line, particularly on the Israel-Palestine situation, can drive the higher risk and wildcard scenarios.”

“Wedge issues, the candidates themselves, their profiles, where they come from, what their views are, how they're perceived within the electorate feeds into a whole bunch of different things -- as well as the wedge issues that they'll be promoting,” Moro says. “And that's one of the reasons we identified the post-convention cycle as being the most acute, because that’s when information and misinformation will be most acute.”

The political divide does have implications not just for U.S. companies and employees but also for workers traveling here internationally who need to be kept safe. The collection of plans and tasks for dynamic global threat monitoring is tackled on a “day by day, week by week, month by month” basis.

“We are continually advising our clients that things are becoming more acute, so you need to change your posture and actually take steps to mitigate those risks,” Moro says.

Employers Beware

Moro adds that he believes one area of trouble that is “wildly underestimated” is how wedge issues and acute partisanship are going to play out in the workplace. He feels managers and organizations are very unprepared for what could happen if tensions run too high.

“This is everything from making sure the organization is reinforced, to having correct behaviors in the workplace -- where people are free to have varying views but understand that it might not be the best place to be discussing them -- through social media policy and protocols on what is acceptable,” he says.

Companies must also ensure frontline managers are equipped to look for early telltale signs of someone having, “an acute emotional response to some of the things they're seeing both in the workplace or from other behaviors of their counterparts and colleagues.”

Executives should also remind workers about employee assistance programs and be ready to take steps to head off problems before they start. In many lone wolf attacks, employees often say they saw signs of trouble but don’t report it for fear the person will get in trouble.

“Seeing it as an opportunity to intervene and help, as opposed to viewing it as a punishment, is a key to heading off these types of incidents,” he says.

Cyber Threats Loom

Acrimonious elections can not only produce physical threats of violence but attempts to subvert the democratic process via cyberattacks.

The technology of the country’s voting systems was thrust into the spotlight immediately after the 2016 election when President Donald Trump’s re-election campaign alleged that voting machines could have been hacked and manipulated.

While large-scale attacks were debunked, there have been some isolated incidents. In a handful of counties, cyber-attacks disrupted the check-in process at some polling locations, forcing them to remain closed, said Tom Gorup, Vice President of Security Services at Edgio and a former member of Indiana’s Executive Council on Cybersecurity, where he provided advice on how to protect the state’s elections from hackers.

One advantage the U.S. has is “security through obscurity” – meaning that voting technology used from state to state and county to county is diverse, which means it’s more difficult for bad actors to orchestrate a widespread attack.

“When I look at overall vulnerabilities throughout the process, it's more about the process itself than I would say the ballot count. If you can create frustration, you can create uncertainty, maybe you can lead people to not even showing up,” Gorup says. “It will be very much localized if they're successful.”

CISA has warned the public about potential DDOS attacks that could disrupt information sharing, such as early voting results or web pages showing important information such as voting locations.

“I think if you can manipulate the perspective of our voting process, you can undermine the entire process as a whole,” he says. “I've not seen anything that would indicate that it's directly attacking voting systems, whereby your vote doesn't count or your vote will be manipulated. It’s more likely keeping people from getting to the ballot.”

Nation states aiming to issue disinformation and create chaos in the U.S. election system often target social media platforms because American voters rely on them to get their news, says James Turgal, Vice President of Global Cyber Risk and Board Relations at Optiv.

“The other problem we face is that campaigns are made up of senior policy officials and tens of thousands of volunteers that don’t know much about cyber – and they have access to a lot of sensitive information. Campaigns need to do a better job of training them to create cyber warriors to secure systems internally,” Turgal says.

The last two or three election cycles have seen a significant pattern of attack by nation-states, specifically Russia, China, Iran, and North Korea. “We’re seeing more of the same this time around, and attacks will ramp up as we get closer to November,” Turgal says.

“We need a public/private partnership to stay ahead of cybercriminals. The public sector is making headway on the law enforcement side but organizations in the private sector who are designing AI tools and large-language models that will be used to get election information have a responsibility to make certain they are using appropriate data to train those models,” he adds.

“The ever-present garbage-in, garbage-out theory should remind us that AI tools based upon false or manipulated data are not equipped to accurately answer questions about how and where to vote, or whether the latest election conspiracy theory is accurate.

“Private sector designers must ensure their models are trained to make their limitations clear and to redirect users to official, authoritative sources of election information on official election websites. Otherwise, they will fall into a redirection hole, which is what happened with the Trump campaign – a spear phishing email redirection.”

Gorup says awareness of cyber threats was a major part of the task force years ago due to the proliferation of LAN networks that connected machines. Although election officials felt protection was adequate, it had not been reviewed by a security expert.

“We would go have conversations with various people within the government and help them see the world a little bit differently, and then look at what the policies and infrastructure look like, and some of these local voting systems and share where the gaps were and what our concerns were.”

The committee encouraged election officials to do penetration testing and instant response drills to prepare for attacks. “They're supposed to be doing that, and yes, it's critical that they do that to ensure responsiveness, because speed is important with any attack or compromise,” Gorup says.

While threat detection is important, he says election officials must focus on prevention. Some of the painful lessons of the CrowdStrike hack have forced IT managers to become a little more reflective of their approach to security, first utilizing available resources and options to prevent problems from occurring.

“When we think about the election process, the more software we add the more risk we introduce. We want it to prevent threats. So maybe we take those systems off networks or the Internet. We airgap them completely. We lock down the physical access to those machines, so when a voter is present at the machine, they can only perform the actions that are authorized.”

Gorup says he’s feeling “confident” that U.S. elections can be more secure this fall. “I think the big reason is how many eyes are on this process,” he says. “I think it's important that we take our election process seriously, and the security of that process is critical to America.

“I think we have numerous backup systems and processes in place, and good redundancies in place. Is it perfect? No, but I think with a country our size, it would be very difficult to make it perfect.”

About the Author

John Dobberstein | Managing Editor/SecurityInfoWatch.com

John Dobberstein is managing editor of SecurityInfoWatch.com and oversees all content creation for the website. Dobberstein continues a 34-year decorated journalism career that has included stops at a variety of newspapers and B2B magazines. He most recently served as senior editor for the Endeavor Business Media magazine Utility Products.