Russian hackers targeted a total of 21 states in 2016, and many cybersecurity experts believe they could be testing our cyberinfrastructure for vulnerabilities to exploit in the 2018 midterm and 2020 presidential election.
Florida was one of the 21 states targeted. Thankfully the hackers were unsuccessful. The attempt in itself forced election officials to work around the clock with local Supervisors of Elections to help Florida counties modernize their voting systems, Sarah Revell the Director of Communications with the Florida Department of State said.
“More than two-thirds of Florida counties have completed a voting equipment modernization and the majority of the remaining counties are in the process of completing a modernization or upgrade," she said.
“The Russian intelligence MO is to go and probe first and then figured out what you learned and then come back later,” Jake Braun said.
Braun is the Executive Director of the University of Chicago Cyber Policy Initiative.
“And a lot of the Russia experts, that I know, very senior level military officials and intelligence officials are very concerned that 2016 was the initial probe of our system and they actually didn’t intend to change or hack anything, they were just trying to learn,” he said.
According to a Senate Select Committee on Intelligence report produced by the CIA, NSA, and FBI in Jan. 2017, the Russians tried to “infiltrate state election infrastructure, manipulate social media, so discord and to interfere in the 2016 election and American society.”
The report says:
“Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the U.S. presidential election. Russia’s goals were to undermined public faith in the U.S. democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further asses Putin and the Russian Government developed a clear preference for President-elect Trump.”
Braun believes the consequences of not safeguarding our elections would be catastrophic, creating chaos and more polarization in our society.
“Imagine with how hyper of a partisan environment we live in right now all the conspiracy theories that would go up on the left and the right,” Braun said.
Braun is the co-founder of The Vote Hacking Village DEF CON. Earlier this month they held a hacking convention where two 11-year-olds were able to hack a “mock” website for Florida’s Secretary of State in less than 30 minutes.
“At DEF CON we are identifying concrete vulnerabilities that election officials and vendors can fix and then go tell the public they fixed them so the public’s trust in elections can be improved,” Braun said. “It is essentially impossible to protect a website from a nation-state, I mean you just can't do it.”
One click, just one. That is all it takes to bring even the best cybersecurity systems crashing down.
In Feb. 2016 an employee at the Sarasota Police Department opened an attachment contained in a phishing email. What the worker didn’t know is the attachment was the Locky virus.
“It would have been an end of life moment. I don’t think the city would have been able to recover, Herminio Rodriguez the IT Director for the City of Sarasota. said. “Had our backups not been proven, how do you get back from something like that?”
According to a report released by the city, the hackers encrypted 10-12 terabytes of information, more than 160,000 files, demanding $33.3 million to be paid out in bitcoin.
The city didn’t pay the ransom and did not lose any files. Rodriguez says in a couple of months new servers will be up and running with the best technology and cybersecurity around. We got a tour of the new facility with kevlar lined rooms, built to withstand attacks from rogue nations, a hurricane, or someone trying to gain entry into the building.
“It is so easy to target America through the internet than it is to roll tanks or planes or whatever,” Rodriguez said. “So. I think that’s changing and it is going to continue getting more difficult and worse and worse. You can do it from far away you can inflict a lot of damage if things aren’t maintained properly.”
Florida election officials are pumping tens of millions of dollars into election security, hiring five cybersecurity specialists to serve as a resource for state and local election officials during the 2018 election cycle.
The Department also recently partnered with the University of West Florida Center for Cybersecurity to provide cybersecurity training for state and local election officials to enhance cybersecurity resiliency ahead of the 2018 elections.
“Looking to make sure to make sure every person on the team is aware and doing due diligence when clicking on a link or reading an email or opening an attachment,” Dr. Eman El-Sheikh, the Director at the Center of Cyber Security at the University of West Florida, said.
“One person clicking on a link somewhere could open up a vulnerability somewhere else on the network, so everyone really needs to take that shared responsibility,” El-Sheikh said. “We respond to attacks and breaches. But really moving forward what would help us as a state and country would be to build a culture of cybersecurity from the ground up.”
Braun said local election officials are doing a lot. But, he wants to see more transparency and more communication methods in place to let voters know, in real time, if the process is under attack.
“The thing we are most worried about is that it's election night 2020,” Braun said. “Let's say the Florida and Ohio websites are down and Russian media are announcing that their preferred candidate won and it would be absolute chaos. He (Putin) just needs to make us not trust the validity of our democracy and creating chaos on election day by messing with vote totals on a website would do just that.”