As polls across the United States begin to open for the 2024 election cycle, the Cybersecurity and Infrastructure Security Agency (CISA) is warning election officials of the role generative AI could play in threatening election infrastructure.
In a Jan. 18 factsheet, CISA provided an overview of relevant generative AI-enabled capabilities, how these capabilities can be used by malicious actors to target the security and integrity of election infrastructure, and basic mitigations to counter those enhanced risks.
“For the 2024 election cycle, generative AI capabilities will likely not introduce new risks, but they may amplify existing risks to election infrastructure,” CISA said in the document. “Election officials have the power to mitigate against these risks heading into 2024, and many of these mitigations are the same security best practices experts have recommended taking for years.”
The agency highlighted that malicious actors – like cybercriminals and foreign nation-state actors – have used generative AI capabilities to spread disinformation through deepfake videos, AI-altered images, phishing scams, and voice cloning.
On Jan. 21, a robocall impersonating President Joe Biden told New Hampshire recipients not to vote in the presidential primary on Jan. 23. The New Hampshire attorney general’s office says it is now investigating what appears to be an “unlawful attempt” at voter suppression.
“Although the voice in the robocall sounds like the voice of President Biden, this message appears to be artificially generated based on initial indications,” the attorney general’s office said in a statement.
CISA warned that these tactics and types of attacks are not new, but generative AI allows malicious actors to “employ them with greater speed and sophistication and for a much lower cost.”
The cyber agency offered nearly two dozen mitigation measures and 12 additional resources to aid election officials in reducing risk from generative AI-enabled threats this election year.
CISA’s suggested techniques range from simple, everyday cyber hygiene tasks like making personal social media accounts private to more complex security controls like official watermarking and adopting a zero trust architecture on networks.
CISA’s guidance came days after Senate Intelligence Committee Chairman Mark Warner, D-Va., called on the agency to share critical information to help combat foreign election threats.
“CISA’s commitment to leading the Federal government’s engagement on physical security and cybersecurity ahead of each Federal election is crucial,” Sen. Warner wrote in a Jan. 16 letter. “Since the designation of election infrastructure as critical infrastructure in 2017, CISA has led a collaborative effort to assist state and local governments, election officials, Federal partners, and private sector partners in protecting election systems from cyber threats.”
He added, “The complex and often highly varied election processes and systems across the U.S. are markedly more secure today as a result of CISA’s important efforts.”