A survey of 136 states and local government leaders in the U.S. finds disinformation campaigns that will surely include deep fake images created using various forms of artificial intelligence (AI) are a major concern this election cycle.
Conducted by the Center for Digital Government on behalf of Arctic Wolf, a provider of managed cybersecurity services, the survey finds nearly half of respondents (47%) expect to see an increase in the number of cyber incidents involving elections in 2024, with more than half of respondents either somewhat or unprepared to respond to these threats.
Overall, the top threats identified are misinformation campaigns (51%), phishing attacks aimed at election officials (47%) and hacking of election infrastructure (46%), the survey finds. In fact, more than a third (36%) report their current cybersecurity budget is inadequate to address their concerns.
Cybersecurity issues in a presidential election cycle are going to undoubtedly be more challenging than they were four years ago, says Arctic Wolf CISO Adam Marrè. Thanks to advances in generative artificial intelligence (AI) it will be more difficult than ever to identify misinformation that might, for example, include a video showing that a specific polling place is shutdown, he notes. “There needs to be more awareness,” says Marrè.
Election officials also need to make sure they are proactively communicating with voters via approved communications channels that are well known, adds Marrè. Otherwise, too many voters will fall victim to social engineering campaigns that are specifically designed to mislead the electorate, he notes.
In addition, local election officials would be well advised to work with Cybersecurity and Infrastructure Security Agency (CISA) or their local National Guard to review their best cybersecurity practices, says Marrè. At the same time, election officials can enlist the aid of cybersecurity service providers as well as cybersecurity professionals willing to volunteer their time and expertise, he adds.
Fundamentally, election officials need to put backup plans in place to ensure the integrity of the election process by, for example, conducting tabletop exercises that serve to educate everyone involved of the potential risks they face, says Marrè.
The tactics and techniques being employed by cybercriminals in the AI era continually evolve, so even the most seasoned election official is likely to be surprised by how much havoc might be wrought. The most important thing is to have a set of well-defined strategies in place that enable election officials to respond adroitly despite the nature of the threat regardless of whether it emanates from China, Russia or from within the U.S., notes Marrè.
Arguably, the most critical issue, given recent political history, is to ensure that nothing interferes with legitimate efforts to cast votes. A small percentage of votes can tip elections in swing states. A cyber incident is not just limited to attempts to change votes made using an electronic voting machine. Malicious actors are more adept than ever at combining cyberattacks with dirty tricks they have employed for decades to discourage voter turnout.
There’s little doubt that election integrity, as in previous years, will be a subject of discussion long after the election is concluded. Regardless of the debate, every time a cybersecurity professional lends their expertise to securing election processes, they are, in no small measure, working to preserve nothing less than the democratic institutions upon which the U.S. was founded.