Omer Grossman CyberArk

Election security: Defending democracy in today’s cyber threat landscape

4 billion people across 50 countries face elections this year - questions are being raised on how to keep them safe from cyber attacks

With over 50 countries heading to the polls this year, including major economies like the U.S., India, and the U.K., 2024, one way or another, will be a defining year with over 4 billion voters – around half the world’s population – participating in the democratic process. However, amid this global exercise in democracy lurks a growing threat landscape fueled by ongoing geopolitical tensions, evolving technology, and the ever-present risk of malinformation (information taken out of context to manipulate) that can sway election outcomes.
In recent years, misinformation and disinformation campaigns have influenced public opinion. In the 2019 U.K. election, several political advertisements and social media campaigns deceived voters with false claims and hidden agendas. In 2016, we witnessed how foreign adversaries’ potential involvement led to a breach and a leak of confidential data to influence the public and the outcome of the U.S. presidential race. All these imposed impending threats ahead of the November 2024 U.S. Presidential elections.
1 View gallery
Omer Grossman CyberArk
Omer Grossman CyberArk
Omer Grossman CyberArk
(Credit: David Shopper)
Geopolitical risks and nation-state attacks
The intersection of global armed conflicts and cyber warfare significantly amplifies the risk to critical infrastructure, which is pivotal in supporting election machinery across countries on the verge of upcoming elections. Elections officials and their security teams will be highly vigilant.
According to the Election Cyber Interference Threat Research Report 2024, the U.S., U.K., South Korea, and India are the riskiest countries concerning election cyber interference from geopolitical adversaries like China and Russia. We have seen a rise in state-sponsored cyber threats recently, with the most recent infiltration by APT29 into the Microsoft and HPE networks to spy on executives’ emails. Similarly, in February 2024, Volt Typhoon, a Chinese group, breached vital network systems from a widely used supplier by U.S. government agencies.
The age of AI, misinformation and disinformation: The run-up to election day
As any country approaches election day, a new battleground emerges – one where artificial intelligence (AI), misinformation, and disinformation collide. The rise of phishing and vishing attacks threatens to exploit voter identities, potentially leading to election fraud. Covert influence campaigns, meticulously orchestrated, can sway voter mindsets and election outcomes. Recent reports confirmed potential international interference via social media during the 2022 U.S. midterm election cycle. And now, with the advent of AI, strategic targeting of individuals or groups of individuals via impersonation attacks will be on the rise and increasingly difficult to identify as legitimate. For example, in January, voters in New Hampshire received a robocall seemingly from U.S. President Joe Biden asking them not to vote in the state’s primary. Upon investigation, state officials determined it was an AI-enabled vishing attack intended to manipulate the elections.
In an attempt to pre-empt similar attacks, South Korea’s National Police Agency (KNPA) has implemented a tool to detect deep fakes. These sophisticated algorithms aim to identify manipulated videos and prevent their spread during the elections.
Election infrastructure is an expanded threat vector
The shift from analog to digital and physical to virtual impacts not only the workforce in the digital era but also voters worldwide. These are the five critical aspects that require special attention to ensure a successful democratic election exercise:
  1. Voter registration databases store the personal information of millions of voters in each country and decide who can vote where. These databases hold highly sensitive personal information. Voter fraud is a real threat if voter identity and credentials are stolen and misused to cast unauthorized votes.
  2. Electronic poll books (EPBs) are endpoint devices or kiosks designed to partially automate the voter check-in process, detect ineligible voters, assign correct ballots, and keep tabs on voters who have issued a ballot.
  3. Electronic voting machines (EVMs) are terminals where voters can cast ballots in-person or scan mail-in votes. The threat vectors for EVMs are like EPBs. Outdated EVMs are at high risk.
  4. Tabulation is the process of counting the ballots cast at the polling places. Bad actors can hack into voter tabulation systems to disrupt an election and its results.
  5. Websites that provide voters with information on election processes can be disabled by bad actors and cause inconvenience and confusion for voters.
Defend the democratic exercise with defense-in-depth
In the high-stakes world of election security, trusting a single line of defense is not enough. That’s where the concepts of defense-in-depth and Zero Trust come in, offering a layered approach to protecting critical election machinery.
Zero Trust is a principle that assumes no trust within the system and requires continuous verification of every user and device, regardless of their level of access. Users and systems should be verified continuously and given minimum access to perform their duties while always assuming breach.
Identity Threat Detection and Response (ITDR) is a relatively new capability that detects and responds to identity-based threats, such as credential theft, privilege misuse, and misconfiguration across the complex IAM landscape spanning hybrid and multi-cloud environments. ITDR can help analyze, report, and remediate unprotected access paths and adversarial behaviors.

Omer Grossman is the CIO at CyberArk, an information security company offering identity management.