As the federal election approaches, it is more critical than ever before for government organisations to safeguard the security and integrity of voting procedures and those surrounding them, writes Zak Menegazzi.
The recent report from the Electoral Integrity Assurance Taskforce outlines cybersecurity, along with physical security, terrorism and misinformation as key areas of concern this election season, with the Australian Electoral Commission expecting an increase in attacks leading up to polling dates.
Security challenges beyond election systems
Robust security measures are crucial in the ever-expanding universe of Operational Technology and Internet of Things devices. Elections systems are particularly vulnerable. They are network-connected, and they have many components that expand the attack surface, or the number of entry points that a malicious actor could target. In addition, traditional security software used to monitor, detect and respond to attacks may not work on many election-related devices that run on legacy software. The election authority needs a comprehensive cyber exposure management and security strategy to protect elections and meet specialised security requirements.
However, the vulnerabilities extend far beyond election systems. According to the Annual Cyber Threat Report, the threat of state-sponsored cyber operations will grow, targeting Australian governments, critical infrastructure, and businesses, as well as connected systems and their supply chains. Australian organisations will need to be equally vigilant in ensuring they have visibility across all attack surfaces.
Best practices ahead of the election
By implementing security platforms that extend protection beyond traditional IT assets to see, protect and manage all network-connected devices, organisations that connect to the nation’s voting infrastructure can reduce their level of risk and more confidently prepare for potential attacks.
The following steps can help organisations insert accountability and elevate transparency, giving stakeholders more confidence in the systems in question:
Maintain situational awareness – teams need to know what should and should not reside on the election networks, and these networks need continuous monitoring.
Start by knowing what’s actually touching the network, where the data gets stored, and how it behaves and interacts with other assets. Tools are needed to discover many of the devices that are hard to actively scan: IoT, building management systems, HVAC systems, and the building’s physical security IP cameras.
All of these “unmanaged devices” are windows and doorways into seemingly secure environments. We also must pay attention to cyber threats against voter registration databases, election management systems, voting machines, storage facilities, and cameras in polling places. Local governments should not connect election networks directly to the public internet.
Focus on how to prioritise and remediate – IT leaders need to identify and prioritise the threats that matter most based on which vulnerabilities are most likely to get exploited and negatively impact the organisation.
Then it’s time to focus on remediation efforts. Managers need to determine what to fix, how they need to fix it, who’s responsible, and how to leverage automation to accelerate these efforts. If they haven’t already, they should also retire end-of-life devices that are not patched or updated correctly as soon as possible. This includes all devices and assets that are part of the election infrastructure.
Strive for transparency – IT leaders should deploy tools that log activities and retain records to counter unfounded accusations of fraud.
When dealing with challenges as contentious as election security, it’s essential to document and justify all actions that have been taken in the event those actions are challenged. Protecting Australia from foreign adversaries requires the collaboration between federal, state and local governments, and the private sector. Outside of government, organisations that operate or manage systems and devices that can be used by bad actors to gain control of election infrastructure must take special precautions to safeguard against unauthorised access.
Detect and mitigate risks to assets impacted by threats early – the volume, veracity and variety of vulnerabilities that a threat actor can choose in targeting an organisation is endless. And, their ever-evolving tactics, techniques, and procedures are relentless. Early warning intelligence powered by AI is essential to anticipate and mitigate AI-driven cyber threats before they impact your organisation.
By applying modern technology to help see, protect and manage the entire attack surface, government organisations can work toward safer elections now and in the future. With the federal election fast-approaching, IT leaders from all critical sectors must move to procure and implement the capabilities needed to protect assets and safeguard the nation from the heightened threat landscape.
Zak Menegazzi, Cybersecurity Specialist, ANZ, Armis
Leave a Reply