Cybereason’s Election Hacking Simulation Reveals How Hackers Could Disrupt Election-Day Voting on November 6

Share Article

Cybereason hosted an Election Hacking tabletop exercise pitting hackers against police officers to practice possible election day scenarios should hackers try suppressing votes on November 6.

Mike Vallarelli, State of Massachusetts, Ross Rustici, Cybereason, John Cook JCI Consulting, Sam Curry, Cybereason, Ed Davis, Ed Davis LLC and Dani Wood Cybereason

Cybereason, creators of the leading cybersecurity AI Hunting Platform, conducted a Tabletop Election Security Exercise at its headquarters showcasing how a team of hackers could try to disrupt the 2018 midterm election.

With the midterm elections approaching on November 6, and the news almost exclusively focused on the prospect of foreign countries influencing how people vote, the event shifted the attention to jeopardizing voting integrity on election day. Rather than stealing voter registration roles or hacking electronic voting machines, the simulation revealed less obvious but equally effective methods, such as taking out e911 services, disrupting electricity supplies and spreading fake news through social media.

Event participants included a Red Team comprised of Cybereason employees, Boston College students and staff from Boston Mayor Marty Walsh’s office. A Blue Team comprised former Boston Police Commissioner Ed Davis, Massachusetts State Police, Lowell Police and Boston College Police. A White Team included staff from Ed Davis LLC, Cybereason and Massachusetts Governor Charlie Baker’s office.

“The hackers' goal was not to manipulate or stop the vote, it was to get voters to question the validity of the system itself. This exercise showed how hackers can go beyond just hacking the polls and instead create long-term doubt in our nation’s electoral process,” said Ross Rustici, Cybereason’s senior director of intelligence services and the white team leader.

More details onCybereason’s Election Hacking tabletop exercise is available here: https://www.cybereason.com/blog/election-cybersecurity-cyberattack

Cybereason’s simulation provided a unique look into how attackers can wreak havoc on election day as well as a number of practical takeaways for law enforcement agencies.

Takeaways and Next Steps for Law Enforcement Agencies
1.     Make communication between local, state and federal agencies routine. This will ensure that when a crisis happens, all sides are coordinating effectively and conveying the same message across all levels of government.
2.     The ability to get ahead of the consequences is the key to stopping this type of attack. Joint task forces between state and federal resources are the only way to achieve this. But to be successful, a traditional police approach of assess, collect evidence, arrest cannot be taken. Disruptive operations are really important.
3.     When disinformation is being spread, the narrative needs to be controlled early. Not countering the fake social media posts as soon as they appear is a big disadvantage for the defenders. Local and state governments need staff monitoring social media and sending out messages to counter any false information that’s posted.
4.     There is a fundamental difference in capability between a human saboteur and a cyber one. The speed at which cyber actors can layer real-world effects easily overwhelm local responders if they aren't prepared for it.
5.     Election meddling is greater than the direct effects, and it is often the indirect means that have the ability to do the most harm.

About Cybereason
Cybereason, creators of the leading cybersecurity data analytics platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services, all powered by its proprietary data analytics platform. The Cybereason suite of products provides unmatched visibility, increases analyst efficiency and effectiveness, and reduces security risk. Cybereason is privately held, having raised $189 million from top-tier VCs, and is headquartered in Boston, with offices in London, Tel Aviv, and Tokyo.

Learn more: https://www.cybereason.com/
Follow us: Blog | Twitter | Facebook

Media Contact:
Bill Keeler
Director, Public Relations
Cybereason
bill.keeler(at)cybereason.com
(929) 259-3261

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Bill Keeler
Cybereason
+1 929 259-3261
Email >