Fair and free elections are a foundational principle of democracy, and this fall all eyes are on the pending U.S. federal election – especially in high-profile, narrow-margin swing states. In light of growing concerns, raising election integrity awareness is more important than ever. After Russia sought to interfere in the 2016 U.S. election, the U.S. government deemed electoral systems critical infrastructure in 2017 and created the Cybersecurity and Infrastructure Security Agency (CISA) in 2018 with election security as a core part of their mandate. Specifically, CISA is responsible for securing both the digital and physical security of U.S. elections including:
- Voter registration databases and associated IT systems
- IT infrastructure and systems used to manage elections
- Voting systems and associated infrastructure
- Storage facilities for election and voting systems
- Polling locations
Two election cycles on and I think we can all agree that the threat landscape has only intensified, while what is at stake has also increased exponentially. From AI-powered deepfakes to nation-state attackers to polarized politics, CISA has the daunting task to protect the integrity of the 2024 U.S. presidential election, which is critical to the country’s continued security, stability, and prosperity.
Rising Foreign Interference
Of particular concern for CISA in 2024 is hostile governments attacking election systems. To promote election integrity awareness, CISA has emphasized the importance of vigilance against nation-state adversaries such as China, Russia, Iran, and North Korea. According to Eric Goldstein, CISA’s Executive Assistant Director for Cybersecurity, these governments have made “extraordinary advances” in their capabilities. Indeed, Google reported that Iran has already tried to hack both presidential campaigns and was successful in the case of the Trump campaign using “a small but steady phishing campaign.” This supports CISA’s view that disruptive forces like generative AI are not likely to introduce new risks but amplify existing ones in both the sophistication of the threat and the ability to conduct such attacks at scale. Similarly, CISA and the FBI have issued a warning about potential insider threats to electoral systems that would expose significant personally identifiable information (PII) of election officials and citizens with the intent of disrupting the 2024 election. This was a tactic that Russia was alleged to have used in both the 2016 and 2020 elections.
AI and Election Deepfakes
Deception in politics is nothing new, but now we need to contend with AI-powered creation and dissemination of hyper-realistic misinformation and disinformation at scale, notably deepfakes. We already have seen a fake Taylor Swift “endorsement,” and digitally altered videos to put words in the mouths of candidates to sway voters. The echo chamber of social media amplifies these attacks by replaying these attacks to the audience most vulnerable to their message, eroding trust and furthering political polarization.
Applying Tried and Tested Cyber Best Practices
So, while bad actors continue to hone and amplify proven attack vectors with AI to disrupt the 2024 U.S. election, CISA and others are embracing tried and tested cybersecurity best practices to fight back. AI can be a very powerful tool – both as cause and solution – to protect election integrity, but it needs to be part of a larger Zero Trust strategy. Such an approach includes strong identity and access management controls for election officials and campaign workers that mandate phishing-resistant multi-factor authentication (MFA) and the use of PKI to verify and encrypt communications. These proven identity-centric tactics will help prevent breaches of electoral systems, minimize the risk of the insider threat, and quarantine compromised systems if a breach does occur.
Digitally signing videos, images, and documents with PKI will also help verify the authenticity of digital media helping to combat deepfakes at scale. As well, AI-powered document and biometric verification will help prevent the creation of synthetic identities at the time of voter registration by verifying that the person presenting the identity credentials is the owner of those credentials. Plus, active liveness checks will help defend against “live capture” identity attacks.
And with its #Protect2024 initiative, CISA has already stepped up to inform and educate voters, election officials, and candidates on good cyber hygiene including the use of MFA, encryption, and the importance of having an incident response plan before a crisis occurs. Consistent with CISA’s guidance, adopting Zero Trust with a robust and informed AI-powered, identity-centric security posture will make it infinitely more difficult for adversaries to disrupt the 2024 election.