Most infosec pros believe election hacks are acts of cyber war
IT security professionals believe the effects of cyber attacks on elections go beyond diminishing confidence in the democratic process, according to a Venafi survey of 296 IT security professionals at Black Hat USA 2017.
Seventy-eight percent said they would consider it an act of cyber war if a nation-state was found to have hacked, or attempted to hack, another country’s election.
Intelligence agencies have determined that nation-states have already targeted elections globally, including in the U.S. A report from the NSA recently revealed that Russia launched a cyber attack on VR Systems, an election systems provider, prior to the 2016 U.S. presidential election.
“The definition of an act of war is an action by one country against another which is an immediate threat to peace,” said Jeff Hudson, CEO of Venafi. “An attempt at election hacking could easily be considered an act of cyber war. The intent is to undermine the foundation of government, which is responsible for protecting the country. Elections are being targeted by cyber attacks, and the potential repercussions of election hacking cannot be understated. Malicious actors have the ability to alter voting databases, delay vote counts and subvert trust in the election process.”
Additional findings include:
- Eighty-eight percent believe governments have not done enough to deter hackers from interfering with future elections.
- Sixty percent are concerned that cyber attackers can alter election results.
- Over a quarter (twenty-seven percent) believe attackers have already altered election results.
Voting machines are lucrative targets for cyber criminals and nation-state attackers, and unfortunately, many of them have vulnerabilities that can be easily exploited by these bad actors. For example, attendees at DEF CON 2017 managed to find and take advantage of vulnerabilities in five different voting machine types within 24 hours.