How's the U.S. Government Preparing for Election Day Hacks?

Election Day is almost here. People across the United States will soon head to their nearest polling place, step into a booth, and help decide the next president. It’s a process that we’ve followed since 1788 — and it’s never been harder to make sure it goes off without a hitch, thanks to the very modern threat of cyberwarfare.

It’s far easier than ever for other countries to disrupt our elections. While the risk of the vote being hacked is low — most voting machines aren’t connected to the internet, and even other nations would struggle to coordinate physical hacks of the different machines that will be used around the country — someone could still disrupt our democratic process using any number of digital methods.

Look Out for Misinformation

Perhaps the biggest risk is the spread of misinformation via social media. Facebook especially is a popular tool for sowing discontent by publishing fake news stories. Unlike traditional media, the social network doesn’t have a public editor to help it respond to its shortcomings, and even Mark Zuckerberg has said Facebook has a fake-news problem.

It would be trivial for someone to “hack” the election by publishing a viral story that pushes the opinion of swing voters one way or the other before their ballot is cast. They could even use A.I. to target specific people with news stories likely to influence their view of a candidate. CNN reported on Thursday that the White House, CIA, Justice Department, and others see this as the biggest threat to the election.

Yet it’s not clear how the agencies intend to respond. Government officials told CNN only that “they will make efforts to counter misinformation and keep open communication nodes.”

A “Grid Shutdown”

Misinformation isn’t the only way to digitally influence an election. Hackers could also attack the power grid — something Cyber Party presidential candidate John McAfee has repeatedly warned about — to disrupt society’s routines. These effects could be direct (it’s hard to vote in the dark) but they’re more likely to induce panic that could lead to many voters deciding to just stay at home.

As Manifold Technology’s Chris Finan told Inverse in May:

A grid shutdown is not in and of itself that serious. Finan’s concerns, rather, are the ‘second-order effects.’ Everything relies on the power grid. Hospitals, without sufficient backup generator power, would cease to function. Water would no longer reach upper floors in apartment buildings. Our military would remain functional for some time, but would undoubtedly be handicapped. A critical infrastructure exploit would hobble us, and in turn expose further, graver vulnerabilities.

The White House is aware of these risks. That’s why the Cybersecurity National Action Plan revealed in February included plans to have the Department of Homeland Security, the Department of Commerce, and the Department of Energy create a National Center for Cybersecurity Resilience that would let people “test the security of systems in a contained environment, such as by subjecting a replica electric grid to cyber-attack” to make them stronger.

A DDoS Attack

Another threat is the possibility of someone orchestrating a distributed denial of service (DDoS) attack to knock portions of the internet offline. While this wouldn’t have a direct impact on voting either, it could help with other efforts to affect the election. Someone could take down news sites, for example, to reduce the competition faced by their deceptive “news” articles meant to manipulate public perceptions. They might also use them to hinder efforts to respond to other disruptions.

These large-scale DDoS attacks have already happened: In late October, a botnet comprised of Internet of Things devices took major sites like Reddit, Twitter, and Spotify offline for several hours. We suck at responding to DDoS attacks — the best way to stop them is to detect them early, but that’s getting harder to do.

Senator Mark Warner, co-founder of the Senate Cybersecurity Caucus and a member of the Senate Select Committee on Intelligence, asked the Federal Communications Commission, U.S. Department of Homeland Security, and Federal Trade Commission how the government could respond to those attacks. The Pentagon also wants to somehow stop them.

But there is precious little information about how the government’s going to take these calls for better cybersecurity and turn them into solid defenses by election day. Officials have been saying that they’re preparing for the worst, but what does that even mean? We don’t know, and that might be a good thing: It doesn’t make sense to reveal these safeguards right before they’re called into action. This is likely the most vulnerable Election Day in U.S. history; let’s hope it goes well.