Note: The opinions and comments stated in the following article, and views expressed by any contributor to In Homeland Security, do not represent the views of American Military University, American Public University System, its management or employees.
By James R. Lint
Faculty Member, School of Business, American Military University
Contributor, In Homeland Security
As someone who has years of experience in cyber intelligence, I tried to ‘war-game’ or predict how one might use cyber to change the results of the 2016 election. Thinking of all the talented white, black and gray hats, who have guided me on thoughts and potential problems that intelligence should review over the years, made this article possible.
First, I would need to overcome the decentralization of the U.S. government. Truly, it is one of our best defenses, an unwitting defense, but a great defense. Because the federal government does not have one organization running the election in your city or county, any cyber attack would have to be broad, hitting multiple targets at the same time on election day.
No Two States are the Same in Any Election
Is there one organization that can map all election booths in all 50 states and territories? Even if they had that information, they would have over 50 targets to hack. Not all states report their election results electronically.
It is amazing how some counties and states have saved money by running elections the same way they were run more than 100 years ago. This brings some security to our election system, almost by accident.
Second, the multitude of different election systems create havoc for the would-be cyber criminal. Obviously, the 2000-era hanging chads cannot be electronically attacked. Truly, the comment of a “paper trail” is a saving feature against cyber-attack.
Each state and some counties bought their own shiny new voting machines. Many are from different manufacturers. In some states, different counties bought different voting machines that are not similar to the county next door.
When cybercriminals are hacking an election machine system, having similarity is good. When different systems are widespread, a hacker must hope for multiple-platform vulnerability. Our system has surprisingly un-programmed security.
Attack the Ability to Report Up the Chain
If a hacker was going to attack election reporting, they would have to figure the transmission paths for each county and each state, up to the federal level. Since some of those election reporting methods are telephone, fax and computer, the hacker would again have to be able to impact multiple paths.
There are poll watchers and ballot counters in each state. There are a lot of people who would notice a discrepancy with reported results. Members from multiple parties are represented as poll watchers and election officials.
Attack the Media
An easier route would be to attack the means of transmission from the major television networks. There are fewer of them than states. This would be a near-worthless attack since the voting officials still have the ballot counts.
In the early days of this nation, it often took months to get the results of an election across this country. Even without the news media or the old Pony Express, the results would be out. The news media networks would not stay off the air long, due to their contingency plans and continuity of operation plans.
Nation State Cyber Network Destruction
On Oct. 21, a large network Distributed Denial of Service (DDoS) attack happened against Dyn, an Internet infrastructure company by an unknown hacker. The U.K.’s Guardian newspaper states, “Dyn estimated that the attack had involved “100,000 malicious endpoints,” and the company, which is still investigating the attack, said there had been reports of an extraordinary attack strength of 1.2 Tbps.”
The attack tool was the Mirai botnet. Mirai controls a network of bots that cause actions such as multiple pings to overwhelm a network. This attack was powerful; the strength is getting stronger in these attack platforms. It would take more than this type of attack to shut down a nation as large as the USA.
The Cyber Crime Risk to the Election
Dyn was hit by an extremely new terabit strength attack. While DDoS is not new, the strength was double what had been seen in the past six months. If a nation state could use Mirai with an even larger botnet, there could be a potential for a national crash of the networks. This would probably be caused by a nation state and constitute an act of war.
The risk of another nation desiring to attempt to destroy or disrupt an election would be low, due to the catastrophic damage that our military could cause to that attacking nation. Additionally, the benefit to delaying the results of our election would not meet the cost/benefit analysis. The catastrophic destruction with little value to the attacking hacker or nation would not be a win. Therefore, I would rate the risk that someone would attempt to change the voting results in all 50 states and territories in the United States of America as minimal.
About the Author
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyber espionage events from early after the turn of the century in Korea supporting 1st Signal Brigade to DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence within the U.S. Marine Corps, U.S. Army, contractor and civil service.
Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded the 43th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” and a new book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea.”
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.