The Day the Polls Stand Still: An Unspoken Critical Infrastructure Threat to Election Security To protect the security of our electoral processes we need to think like an attacker and truly understand their motives.

By Lavi Lazarovitz

Opinions expressed by Entrepreneur contributors are their own.

Hero Images | Getty Images

Imagine waking up on Election Day to reports of a cyber attack on a major metropolitan public transportation system, causing cancellations and massive delays. It would be an inconvenience on any other day -- but on Tuesday, November 6, it could change voter turnout, potentially swinging election results.

That might sound far-fetched, but it's not. Let's look at the Texas Senate race of Ted Cruz versus Beto O'Rourke, one of the most closely watched races of 2018. Motivated to impact the race in favor of Cruz, an attacker may be motivated to restrict voter participation in heavily democratic areas -- like Dallas, Austin or Houston. An attack on public transportation systems in these cities might prevent city dwellers from getting to the polls by crippling trains and buses, and creating traffic gridlock, while heavily Republican rural areas would be unaffected.

Similarly, if attackers wanted to influence the race in the other direction, they might find success in targeting electrical grids across traditionally conservative suburban areas. They could also launch ransomware attacks in hopes of bringing business operations to a halt.

Still seem too far-fetched? Government workers in the Anchorage metropolitan borough of Matanuska-Susitna and Atlanta might argue otherwise, having experienced firsthand the effects of ransomware attacks that put a strangle hold on these communities. This summer, Matanuska-Susitna operations were brought to a standstill when malware encrypted the borough's email server, internal systems and disaster recovery systems, forcing workers to rely on typewriters to complete the most basic of tasks. Only months earlier in Atlanta, critical systems were knocked down by another ransomware attack, wreaking havoc on typically-reliable processes and infrastructure.

Related: Addressing the Cybersecurity Skills Gap

Voting infrastructure isn't all that's at risk.

In the wake of the 2016 U.S. presidential election, security researchers have spent countless hours investigating how voting machines, networks, websites and other election-oriented infrastructure can be attacked. However, concern about disrupting the midterms -- or any future election -- shouldn't focus solely on attacks targeting voting systems.

What's missing from current discussions around election security are the very real dangers of a successful critical infrastructure attack. The truth is, skilled attackers motivated to influence election results could do more harm with targeted attacks on critical infrastructure than a thousand nation-state bots could ever hope to accomplish.

Current conversations about election security preparedness are myopic. If we want to protect the security of our electoral processes, we need to start thinking like an attacker and truly understand the motives.

Attacks targeting our nation's electoral processes are a breed of their own. Unlike attacks motivated by financial gain or nation-state intelligence gathering, they're designed to influence outcomes, discredit democratic processes, spark political upheaval and create public distrust. Sometimes, the goal is simply to create chaos and confusion -- an equally effective strategy on Election Day.

What's particularly alarming about critical infrastructure attacks is the ease with which highly sensitive networks can be compromised.

Reported this summer, for example, attackers were able to successfully break into the "secure" networks of American energy utility companies to such an extent that they could have thrown the switches and caused blackouts. They were reportedly able to access sensitive and secured networks through third-party vendors and the exploitation of privileged credentials.

Whatever an attacker's motive might be, it's critical to lock down privileged credentials. The failure to protect, manage and monitor the use of these credentials, which provide powerful access to an organization's most sensitive assets and data, is at the heart of the most damaging cyber attacks.

Related: How These Mormon Women Became Some of the Best Cybersecurity Hackers in the U.S.

Future-proof the election process.

One compromised set of privileged credentials is all an attacker needs to cause damage -- or in this case, corrupt the vote. Whether it's this month or a future election year here in the U.S. or elsewhere, it's entirely probable that attackers can launch targeted attacks on critical infrastructure to influence election results.

We need to be prepared for that. Regardless of attackers' endgame, they'll need access to get into these systems and carry out an attack. That's why privileged access security for voting infrastructure, and also of critical infrastructure that enables the electoral process, must be a priority.

Related: Why Cyber Security is a Must For All Companies Today

We'll always need to protect against the tried and true attacks like phishing and malware, but we also need to imagine the possibilities -- before attackers do. With the next historic U.S. presidential election in sight, attackers have time to advance their strategies. This is the time when government agencies, academia and vendors must band together to innovate, and outmaneuver, the attackers.

Lavi Lazarovitz

Head Security Researcher

Lavi Lazarovitz leads a team of CyberArk Labs security researchers. He studies the methods and tactics used by attacker to penetrate and move laterally across organizational networks, and is responsible for devising effective detection and mitigation techniques to thwart these attacks. He previously served 11 years in the Israeli Air Force as a pilot and as an intelligence officer.

Editor's Pick

Related Topics

Cryptocurrency / Blockchain

Why the Next Crypto Bull Run Will Be Like Nothing We've Ever Experienced

We are on the precipice of what could be the greatest transfer of wealth that has ever happened in human history.

Business News

Gen Z's Main Career Aspiration Is to Be an Influencer, According to a New Report

Over half of Gen Z individuals surveyed expressed a desire to become influencers, compared to 41% of adults from other age groups.

Business News

Disney Is Investing a Massive Sum to Expand Its Theme Parks and Cruises

The company made the $60 billion revelation in an SEC filing earlier this week.

Business News

Sam Bankman-Fried's Parents Sued by FTX Over Alleged 'Misappropriation' of Millions

FTX has initiated a lawsuit against the parents of its founder, Sam Bankman-Fried, in an attempt to recover millions of dollars that the company alleges were fraudulently transferred and misappropriated.

Money & Finance

Want to Become a Millionaire? Follow Warren Buffett's 4 Rules.

Too many entrepreneurs are counting too heavily on a company exit for their eventual 'win.' Do this instead.