The US government is looking to protect voter registration databases and systems from ransomware threats ahead of the 2020 presidential election.
The Cybersecurity Infrastructure Security Agency (CISA) — a division of the Homeland Security department instituted by president Donald Trump in November last year — fears the databases could be at the receiving end of a ransomware attack.
To that effect, it aims to launch a program for election officials in about a month to offer support for remote computer penetration testing and vulnerability scans.
“Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data,” Reuters reported, quoting current and former U.S. officials.
The voter systems have been previously breached by the Russian military intelligence, which executed a cyberattack on a US voting software supplier in the days leading to 2016 elections. The highly targeted campaign, The Intercept revealed, also involved sending spear-phishing emails to more than 100 local election officials.
In addition, a series of ransomware attacks against state-run facilities have put the government on high alert. With infections forcing agencies to spend hundreds of thousands of dollars to recover access to critical systems, it’s become necessary that databases are secured and appropriate incident recovery plans are put in place to be able to respond to such crippling attacks.
Calling ransomware attacks “destructive,” CISA — in a notice put up last week — warned agencies to “make sure you’re not tomorrow’s headline” by backing up data offline, patching network infrastructure, and reviewing incident response plans.
In a report published in May, Massachusetts-based threat intelligence firm Recorded Future found at least 169 ransomware incidents targeting state and local governments since 2013, with 21 of them reported just in the first four months of 2019.
“It is imperative that states and municipalities limit the availability of information about electoral systems or administrative processes and secure their websites and databases that could be exploited,” Reuters quoted the FBI in a statement.
The focus of the program, it appears, is geared towards prevention of ransomware attacks, as CISA won’t advice states on whether they should pay or refuse to pay ransom post infection.
Ultimately, it’s not just about paying the ransom, as many businesses will also need to invest in upgrading their security practices before and after a ransomware attack. Cyber preparedness is of the essence, and it’s vital that organizations develop, test, and validate their capabilities to protect against, prevent, mitigate, respond to, and recover from significant security threats.