What the US election teaches us about cybersecurity
The age of always-on connectivity changes the way we protect democracy.
It is certainly tricky to comment on the highly-controversial series of accusations and denials related to cybersecurity breaches around the US presidential election. Still, from an IT security perspective, the issue is simply too important (and too fascinating) to ignore. Furthermore, this ongoing controversy has already taught us a few important lessons that must be heeded going forward.
Uncertainty is a fact of life these days. Chances are, you make quite a few personal decisions on the basis that “it’ll probably be fine.” For the sake of convenience, efficiency (and your sanity!) 95% certainty will generally have to be enough. If you always had to worry about that 5% chance that it wouldn’t be fine, you’d never get anything done (and you’d probably be a nervous wreck).
In most day-to-day situations, even if it wasn’t fine, it probably wouldn’t be that bad. You might lose a bit of money, temporarily anger your spouse… In the past, this might even have been the case for many cybersecurity scenarios. Maybe your website would go down for an hour—not great, not necessarily a disaster. But at a time where everything from power grids to cars to children’s toys has internet connectivity, the stakes are significantly higher.
If the three examples above don’t convince you that “it’ll probably be fine” won’t cut it in today’s cybersecurity landscape, imagine the situation in terms of connected medical devices. Ransomware attacks that lock up vital hospital systems are becoming all-too common. There may be only a small chance of any given hospital or clinic being targeted but would you be comfortable sticking with outdated cybersecurity practices that put your patients’ lives at risk?
So, while it is generally agreed that America’s voting systems are too large and diverse for any hack to actually alter the overall outcome of an election and that no connected voting machines were breached in 2016, will officials across the states really be comfortable going into the 2020 election without tightening cybersecurity? Maybe there’s only a 5% chance—even a 0.1% chance—that a voting system will be breached. But think of what’s at risk.
With elections coming up next year in France and Germany, it is quite understandable that European officials are advising vigilance. Hopefully, this vigilance will not be seen in partisan terms. Defending the integrity of elections against even a vague, theoretical risk of electronic espionage should be seen as a simple matter of instituting cybersecurity best practices to defend the democratic values we all hold dear.
Our age of ubiquitous connectivity has clearly changed the way elections get run and it has also changed the cybersecurity landscape. Every new manifestation of connectivity creates a new threat point. Thankfully, new security technologies and techniques are emerging to tackle these new threats head on—privileged access management, API security, multifactor authentication and more.
It is comforting to know the political will to secure elections is there and that the technology exists to make sure it will be fine.