How do you prepare for something that only happens once every four years? You plan, you predict, and you practice.
For those in government charged with defending the integrity of November’s presidential election, the 2018 midterms and the presidential primaries earlier this year have been preparation. And simulation exercises with those in the private sector have furnished opportunities for planning, predictions, and practice.
Cybereason, a Boston-based cybersecurity firm, has held a series of election security events over the past couple of years in order to provide law enforcement with opportunities to think proactively about ways to ensure that elections are safe and secure.
Last November, when the company put on an election simulation event at the offices of Venable in Washington, D.C., the coronavirus and widespread vote-by-mail planning were not items on anyone’s check list. Fast forward to 2020, and election security has changed.
“There are multiple infrastructures involved in mail-in voting that don’t have a clear coverage from law enforcement,” said Cybereason co-founder and CTO Yonatan Striem-Amit, who led the red team of hackers during the August 19 simulation conducted online.
While Striem-Amit schemed with his red team to devise ways to interfere with the election, officials from the Federal Bureau of Investigation (FBI) and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) met in a separate breakout room to anticipate and provide structures for the election’s security.
Adding more security staff for mail sorting facilities, defending high-traffic transportation routes, and advanced messaging about the correct ways to cast mail-in ballots were a few of the “moves” that the blue team of law enforcement deployed during one of the simulation’s early stages.
“In previous events, all of the actions happened on ‘Election Day’ whereas in this particular event, it was staged out three, two, and one week before, and then Election Day,” said Cybereason’s Director of Advisory Services Danielle Wood, who led the law enforcement team.
Because of that elongated timeline on voting, Wood said interfering with public safety “has a lot less value for the attackers.”
“For them, it’s about developing disinformation campaigns,” she said, “to cast a negative perspective on the legitimacy of the election.”
During the last stage of the simulation, one member of the blue team of law enforcement urged the “move” of proactively messaging patience to the voters, wanting to remind the public that because of mail-in voting, the results might not be immediately available.
Wait for several days, said another blue team member, “regardless of what any particular candidate says.”
“It became much more about the mindshare and counteracting disinformation than it really was about public safety,” Wood said. “That made it very different from the last events that we had.”