Why safeguarding 2024 election integrity will require a whole-of-society approach

Oct. 25, 2024
When it comes to safeguarding election integrity, it’s important to apply lessons learned from the past to shape how we approach the future.

As we approach the 2024 U.S. elections, the importance of safeguarding our democratic processes from cyber threats has never been more critical. Since 2016, we've seen a significant shift in the nature and sophistication of attacks against U.S. electoral systems. The 2016 election featured highly publicized events like the Russian Interference Campaign and Democratic National Committee (DNC) data breach. The 2020 election highlighted the challenges of securing new, pandemic-era voting methods such as mail-in ballots and early voting.

The 2024 election cycle will likely feature even stronger tactics, techniques, and procedures (TTPs) leveraged by nation-state adversaries and ideologically motivated hackers. Cyber espionage efforts from nation-state groups could target election infrastructure, campaigns, and officials to gather intelligence and potentially disrupt or discredit the election process. Ransomware attacks will pose a significant threat to impede election operations and undermine voter confidence by disrupting voter registration databases, poll books, result reporting systems, and other critical election infrastructure. Distributed Denial of Service (DdOS) attacks could optimize traffic to overwhelm election websites and voter resource portals at critical moments, such as registration deadlines or Election Day.

Then there’s the artificial intelligence (AI) factor. The rise of advanced AI could also intensify the volume and velocity of threats in 2024. Lead cyber intelligence officials told a Senate panel in May that the U.S. is positioned to handle election interference but stressed that AI-generated synthetic media will add another level of complexity to verifying fake content. Expect increased volumes of deepfakes leveraged to portray candidates making controversial statements or engaging in inappropriate behavior, distributed at scale via social media channels to deceive voters and damage reputations. In addition, AI-enabled malware could autonomously learn cyber defense TTPs and evolve to evade detection from traditional security controls, allowing threat actors to establish persistent footholds in election networks.

We’ll also see AI-powered social engineering campaigns leveraging automated social media bots that intelligently adapt their messaging to maximize the spread of disinformation, manipulate trending algorithms, and drown out legitimate election communications. These campaigns could also distribute highly personalized and convincing messages to trick campaign staff and election officials into compromising their credentials or installing malware. In 2016, for example, Clinton Campaign Chairman John Podesta fell victim to a phishing attack that resulted in stolen personal emails that were subsequently uploaded to WikiLeaks.

It's important to remember that none of those threats are necessarily a surprise to the cybersecurity community. We know they are coming with October looming on the horizon. The challenge is that it will just be more difficult to prevent, detect, and respond to them this time around. They also introduce ramifications that extend far beyond the SOC room. Erosion of public trust, societal divides, and suppressed voter turnout can’t be remediated with patching or firmware updates. When threats are missed, it creates the perception that an individual’s vote doesn’t matter. That’s the real danger. 

In turn, safeguarding 2024 election integrity should not be viewed as merely a technical challenge. It’s a fundamental issue of national security and democratic resilience that requires a whole-of-society approach, with active engagement from government, industry, civil society, and the public.

Facilitating Stakeholder Collaboration

Elections involve a complex ecosystem of stakeholders across government, industry, and civil society. It includes election officials, campaign organizations and political parties, technology providers, and government agencies at the federal, state, and local levels. Threat actors often exploit gaps and inconsistencies between the security postures of these different entities, making a unified and well-coordinated defense paramount.

This is where facilitating effective cross-functional collaboration occurs through the sharing of real-time threat intelligence and vulnerability information. For example, the Elections Infrastructure-Information Sharing and Analysis Center (EI-ISAC) has cultivated a collaborative environment amongst election officials and cybersecurity professionals to monitor, analyze, and respond to cyber incidents targeting election infrastructure. EI-ISAC models enable all stakeholders to benefit from collective knowledge and adapt quickly to emerging threats by fusing a diverse set of expertise, resources, and perspectives to address the complexity of modern elections. They can help promote more comprehensive threat assessments and response measures, combining insights from cybersecurity experts, election officials, law enforcement, and intelligence agencies. In addition, this fosters the standardization of processes across different jurisdictions, enhancing public trust through transparent cooperation and clear communications.

The Human Factor

Mitigating human risk is a critical aspect of election security that often doesn't receive as much attention. Failing to use multi-factor authentication (MFA) and relying on poor passwords introduces vulnerabilities that even the most sophisticated systems are incapable of defending against. Continuous training and awareness programs for election officials, campaign staff, and volunteers are essential to minimizing the impact of social engineering, insider threats, and unintentional errors. CISA has already established #Protect 2024, an election security website landing page that provides a wide array of resources and no-cost services for election officials and private sector election infrastructure partners, such as tips on best practices, physical security assessments, incident response plan rehearsals, security training, and more. Active participation in #Protect2024 programs will be paramount in the months leading up to the election. 

We should also be thinking beyond 2024 in this context. Securing elections is a continuous process, not a one-time event. Sustaining investments in skill-based training and building a pipeline of skilled security practitioners will be crucial to staying ahead of evolving threats. By focusing on the human element, election officials can create a more robust security posture that complements technical security measures. Recognizing that people are both a potential vulnerability and the first line of defense is crucial for comprehensive election security.

When it comes to safeguarding election integrity, it’s important to apply lessons learned from the past to shape how we approach the future. In previous elections, we didn’t fully grasp the interconnectedness between our politics and technology. We can't afford that same mistake this time around. A whole-of-society approach with cohesiveness across all stakeholders is key.

About the Author

Terrence Williams

Terrence Williams currently instructs Digital Forensics and Incident Response (DFIR) and Cloud Security courses for the SANS Institute, in addition to his role as Security Engineer II at Amazon Web Services. He was a Cyber Network Operator for the U.S. Marine Corps and has two decades of experience in cybersecurity.