A Case Study on the 2020 U.S. Election Infrastructure Cyber Attacks

The 2020 U.S. elections were a crucial moment for American democracy, marked by record voter turnout and significant cybersecurity challenges. This case study explores the cyber threats encountered during the elections, focusing on attempts to compromise electoral integrity and the measures taken to safeguard the process. The implications of these events extend beyond the U.S., offering valuable lessons for nations worldwide, as they navigate their own electoral and cybersecurity landscapes.

Understanding the U.S. Election Infrastructure

The U.S. election infrastructure consists of various components, including voting machines, registration databases, and communication systems for reporting results. As the world faced an increase in cyberattacks on critical infrastructure, concerns about the vulnerability of election systems grew. The Cybersecurity and Infrastructure Security Agency (CISA) reported a 300% increase in cyberattacks against critical infrastructure sectors leading up to the 2020 elections. Furthermore, around 70% of state election officials expressed concerns about potential cyber threats to their election infrastructure during this time, highlighting the politically charged atmosphere.

Key Cybersecurity Threats in the 2020 Elections

1. Foreign Interference

Foreign interference was one of the most pressing threats during the 2020 elections, predominantly from Russia, China, and Iran. Key tactics included:

• Cyber Operations: Russian groups like APT28 (Strontium) targeted over 200 organisations, including political campaigns and advocacy groups. Chinese and Iranian actors also sought to breach the personal accounts of key political figures from both major parties.
• Ransomware and Data Theft: Cybercriminals used ransomware attacks to disrupt election-related operations, impacting local election offices. Sensitive voter information was reportedly sold on the dark web, threatening data integrity.
• Misinformation Campaigns: Disinformation proliferated across social media, with AI-generated robocalls in New Hampshire discouraging voter participation by spreading false narratives. The rise of deepfake technology further heightened concerns, as it could create misleading content that erodes public trust.

2. Hacking Attempts

Numerous attempts to hack election systems were reported. CISA confirmed that several states faced breaches, with the Russian group "Cozy Bear" notably targeting various state and local election systems.

3. Ransomware Attacks

Ransomware attacks on local government entities posed a severe risk. In 2020, the U.S. experienced a surge in ransomware incidents, with at least 100 local governments being affected, many of which had implications for election operations.

Proactive Measures to Safeguard Electoral Integrity

In response to these cyber threats, several critical measures were implemented:

1. Increased Federal Support

The federal government, through CISA and other agencies, enhanced support for state and local election officials. This included funding for cybersecurity improvements, sharing threat intelligence, and providing best practices. Following the 2016 interference, U.S. election systems were designated as critical infrastructure, facilitating access to vital federal resources.

2. Enhanced Security Protocols

States adopted rigorous security measures, such as multi-factor authentication, regular software updates, and penetration testing. Many jurisdictions also transitioned to paper ballots as a backup to ensure an auditable paper trail in case of electronic voting system failures.

3. Public Awareness Campaigns

To combat misinformation, public awareness campaigns were launched to educate voters on recognising and mitigating false information. Election officials collaborated with social media platforms to identify and counteract the spread of disinformation about the voting process.

4. Interagency Collaboration

A unified approach among federal, state, and local agencies was essential. The establishment of the Election Infrastructure Sector Coordinating Council facilitated information sharing and coordinated responses to cyber threats. CISA launched initiatives to strengthen cooperation, providing tailored cybersecurity assessments to meet the unique needs of different jurisdictions.

Conclusion

The 2020 U.S. elections highlighted the critical role of cybersecurity in protecting electoral integrity. While significant threats emerged, proactive measures taken by federal and state agencies, alongside public awareness initiatives, played a vital role in safeguarding the electoral process.

The implications of these events resonate beyond the United States, particularly for countries like Singapore, where the integrity of democratic processes is paramount. As nations grapple with their own cybersecurity challenges, the lessons learned from the 2020 elections can guide the development of robust defences against evolving cyber threats. Continuous investment in cybersecurity and public education will be essential for maintaining the foundations of democracy worldwide.

At the Centre for Cybersecurity Institute, we emphasise the importance of ongoing education and awareness in cybersecurity. The lessons learned from the 2020 U.S. elections should guide individuals and organisations in prioritising cybersecurity across all operations, paving the way for a more secure future for democratic processes globally.