Securing any election generally can be broken down into a few areas. Disinformation, hacking campaign officials and vote tampering.

Here is how to address each:

A) Disinformation cannot ever be solved for a number of reasons. For over two years the most esteemed news agencies in the United States have been telling their readers there was collusion between Russia and the Trump campaign. It was a conspiracy theory to think the FBI made it all up to cover for spying.

Every top news station and newspaper told us this incessantly. Numerous Pulitzer Prizes were handed out for this reporting.

Sadly, it turns out it was all disinformation.

— George Papadopoulos (@GeorgePapa19) April 12, 2019

Even the New York Times now admits there was spying by the FBI. Others such as George Papadopoulos say the CIA was doing the spying which dates back to 2014.

For years, it was considered a conspiracy theory to report the collusion narrative was just framing a political campaign as a cover-up for spying.

The full truth will be revealed in an upcoming I.G. report and soon-to-be declassified documents such as FISA applications which allowed for some of the spying which took place.

How many retractions have there been of the half a million stories or so that were wrong? Almost zero.

Matt Taibbi sums it all up very well.

Have any of these major outlets been penalized at all by Facebook, Google to Twitter as a result? No.

Russia has always tried to affect U.S. elections and our political system in general. The Steele Dossier which kicked off the Trump collusion conspiracy theory actually came from Russia and was pushed 24×7 by virtually every news outlet.

How can you stop disinformation in the future? Who knows? Many media outlets are still pushing the collusion narrative today.

Even if the media were to report accurately, any foreign government could funnel money to a U.S. citizen to buy ads to spread anything they like.

Finally, there are millions of websites that U.S. voters see. Many are outside the country. Russia or China could easily target U.S. IP addresses with ads on these sites if they like.

Once again, there is NO way to stop or even slow disinformation down.

B) Hacking campaign officials is a huge and serious problem. John Podesta was the chair of Hillary Clinton’s 2016 U.S. Presidential Campaign. He conducted his business via a Gmail account. He was sent a phishing message, clicked on it and divulged his credentials. The information in his email which was leaked showed the Clinton campaign worked with the DNC to keep Bernie Sanders from winning the Democratic nomination by overweighting superdelegates in each state.

This, in turn, was a huge black eye for Clinton and in such a tight election could have been the difference between a win and loss.

The best way to prevent a repeat of this scenario is to invest in phishing simulation like Phish360. The idea is to send fake phishing emails and train users who click.

This needs to be done monthly, at least.

In addition:

1. Cybersecurity training must be done regularly.
2. Auditing and documentation must be performed regularly to ensure systems are secure.
3. Anomaly detection should be running constantly to detect threats as they emerge.
4. Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
5. Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.

C) Vote Tampering can be performed if records are stored electronically. Machines vary by district and aren’t always connected to a network or Internet. In the cases in which these machines are connected, hacking can be done the same way hackers get into industrial control systems.

For example, LockerGoga made headlines recently after targeting Norsk Hydro, forcing the company to shut down or isolate several plants and send several more into manual mode. According to an update by the company, that incident cost Norsk Hydro at least $40 million in its first week!

The hackers got into the network via phishing and once there, made their way to the control systems.

Once again, phishing simulation from Phish360, Phishing Box or others could be used to train workers.

For election campaigns looking to stay secure, it is important to understand, hackers can be very patient and infect systems and monitor traffic for many years without being caught. Wipro is a $20 billion IT company and they had hackers inside their systems since 2015 and just learned about it recently!

Securing the 2020 election means every election office and campaign must take steps 1-5 in addition to regular phishing simulation.

If you need additional assistance or consulting to secure your political campaign or organization, please contact us.