It’s Only a Matter of Time Before Election Day Cyber Attacks Become the Norm

With the looming possibility of a major cyber attack on November 8th, it is time to change the way we look at election day.

byTyler Rogoway|
Russia photo


Washington is on high alert for some sort of cyber event as Americans go to the polls on Tuesday. For many, electronic vote tampering would appear a new threat on our democracy – and another twist in an already challenging election cycle. But if this campaign has taught us anything, it’s that our political process is vulnerable to intrusion and exploitation. We need to assume that cyber attacks on election day will become the norm, not the exception.

Perceptions on this issue are fairly skewed. When people think about a cyber attack on election day they are most likely to think of hacking into voting machines and changing the results of an election. Although this is – and for years has been – a serious concern, attacking the heart of American democracy directly by fiddling with the vote tallies themselves is not the only place a savvy opponent will target, far from it.

Election day is a ripe target for cyber attacks. Superficially, it’s obvious why: There are the global-scale economic and political effects a manipulated outcome could have, and the psychological appeal of attacking a democratic process that the US holds on a pedestal. But the biggest attraction to an election day cyber attack is the massive stage it would play out on. After all, what other day of the year are Americans paying attention to the process itself – and especially news coverage of that process. As such, cyber attacks of any kind will have far more psychological impact than on other dates. Presidential elections, which come around only every four years, magnify this reality exponentially as voter engagement is especially high. More eyeballs on TVs and the net means more impact from even a localized attack.

It has been an unprecedented election, with the introduction of hacking as a political weapon being just one of the reasons why., AP

Even with a broad audience, fear, and uncertainty may not be the goal of some adversaries. Barring the public from accessing information may prove to be just as powerful a tactic as any. On October 21st, hackers used lower-end internet connected devices to stifle access to the net with a series of mass DDoS attacks, affecting tens of millions of Americans. It seems clear that a peer state actor could use more harmful and precise attacks to creatively sway elections. But our vulnerabilities don’t end there.

Much in the same way that weather can affect voter turnout, cyber attacks could do the same. Strikes on the power grid in key areas could disrupt the predicted outcome of a Presidential election – especially in key swing states where polling is extremely close. This is especially true in demographically slanted areas, such as big cities. These population centers often lean one way while rural parts of the same state lean the other. Attacking cities’ power grids, transportation arteries or other critical infrastructure, while leaving rural areas untouched, could result in a significant advantage for one candidate over another.

Even disrupting communications and digital flow of information in a region could adversely affect the outcome of an election. This is especially true today, as voters are increasingly dependent on the internet for things like locating polling stations in their area.

Broken down neatly, there are three separate potential objectives for anyone who would want to execute a cyber attack during voting in the US. The first would be to attempt to specifically skew the outcome of an election for a certain candidate or candidates. Second would be to attack the American democratic process at its heart, in an attempt to cast a lasting shadow over it. Third would be to cause chaos and damage affecting as many of Americans as possible. This is the “terror” model of cyber warfare.

Maybe the most challenging part of fighting on this new battleground and addressing the types of attacks laid out above, is that they can come from both peer-state actors and non-state actors alike. Serious threats can even come from individuals. This makes predicting, tracking and countering threats incredibly challenging. Even more concerning is that, because of the level of deniability intrinsic to many cyber strikes, the threshold for choosing to execute them is far lower than other forms of attack, or even traditional political subversion.

Voting machines have long been under fire for their potential vulnerabilities, but they represent just one tiny aspect of the cyber threat matrix surrounding election day. , Sean Rayford/Getty Images)

This year has set a new precedent for external cyber meddling in America’s political process. Endless bundles of hacked emails combined with a weaponized Wikileaks have changed perceptions of how cyber attacks, or at least cyber espionage, can be executed. The US population has rapidly become accustomed to targeted “leaks” that involve foreign hacking. The authenticity of stolen documents are seldom questioned – even though they come from the most nefarious of sources. This murky area of cyber warfare will become more of an issue in the coming months, as similar tactics are used not just to get people elected, but to make sure they don’t get reelected, or even rehired for positions of importance. In other words, it is likely that this sort of warfare will increasingly be focused on a corporate or even personal level. The Sony hack by North Korea is an early example of this trend.

With all this, and the educated guess that there’s reams of classified intelligence on the subject we are not privy to, Washington DC is preparing not just to deal with a cyber attack during tomorrow’s election, but to respond accordingly to that attack in real time. So far, official fingers have pointed towards Moscow when discussing this election cycle’s endless hacking events. Meanwhile there has been a lot of talk that President Obama is reviewing plans to retaliate against Russia’s supposed attacks, efforts that were made against the heart of the President’s own political party. These retaliation plans will likely only be put into play after the election, and at the ok of Hillary Clinton should she be the President elect.

While the ball may already be motion, America’s own cyber arsenal on alert for another intrusion. If an attack occurs tomorrow, even if it is limited in nature, and if Russia is deemed the culprit, it is likely that these reprisal plans will be deployed in real time. There is little doubt that America has some exotic and terrifying cyber weapons of its own. The first of which was put to use against Iran’s nuclear program, and now cyber warfare is being conducted against the Islamic State. Still, retaliation for Russia’s supposed hacking will come in a proportional manner, likely congruent to the attacks made against the US over the last year. This could mean that instead of dramatically turning the lights off in Moscow for 24-hours, hacked emails or documents that expose corruption within Moscow’s ruling power structure could mysteriously emerge. If a strike is made during election day that prohibits voting or redirects the focus off the democratic process through fear and spectacle though, leaked documents are likely the least of the culprit’s worries.

Regardless if any of this comes to pass or not, the cyber genie is out of the bottle, and America should prepare to mitigate the effects enemy cyber operations could have on its democratic process. Vote-by-mail is one way many of the concerns with voting machines or election day cyber strikes could be largely contained.

Oregon's vote by mail has been a success and could serve as a model for other states as the cyber threat towards election day groes., AP

Currently Oregon, Washington and Colorado all have postal only voting (you can still drop your vote at a drop box the day of the election), and the majority of states have some sort of a hybrid system. In Oregon, vote by mail has been a largely a fraud free success with positive turnout rates. If the majority of states were to break with tradition and adopt a vote-by-mail concept, it would harden the nation’s voting process against hacking and disruptions caused by cyber attacks on one single voting day where much of the voting is done on networked machines. Such a drastic move for many states will likely only come after an attack has been successfully executed. Being proactive, the US could deter future attacks with a relatively simple and convenient change in the voting process.

Hopefully tomorrow’s national vote will go smoothly, with little speculation of electronic tampering or a high-profile cyber strike – but that doesn’t mean we should not begin preparing for what is likely inevitable. It’s our most precious shared institution at stake.

Contact the author