As a global leader in protecting elections, we want to explain our perspective on election security issues and share some resources with the elections community. Free and fair elections are the cornerstone of democracies everywhere, and globally they have come under increasing threat by foreign adversaries who seek to manipulate or undermine their processes or outcomes. We believe that those in a position to contribute to election security have a responsibility to do so, and in that spirit, we’re excited to launch a new website dedicated to providing expertise, advice and support.
Table of Contents
A History of Defeating Adversaries
When we started building CrowdStrike almost 10 years ago, one of our core theses was that knowing who was attacking your organization matters just as much as how they are attacking it. We believed then as we know now that adversaries can be identified and disrupted through careful observation and analysis. And indeed, adversaries and their targeting practices must be understood for organizations to develop an informed threat model. Without such a model, there can be no clear answers on how to perform cost-benefit analyses on potentially risky travel or the use of untrusted applications or systems; how many potentially inconvenient security controls defenders should impose on authorized users; and how heavily an organization must invest in security overall. More importantly, if organizations don’t understand the threat environment they operate in, they can’t properly allocate and prioritize their resources and approach cybersecurity strategically.
The emphasis we’ve placed on understanding adversaries over the years has yielded what we believe to be the most advanced knowledge of cyber threat actors in the industry. This complements the most trusted proactive and incident response services practice, CrowdStrike® Services, which I have the privilege of leading. The Services team ejects adversaries from victim networks on a regular basis, disrupting their operations. Along with CrowdStrike Falcon®, our category-defining endpoint security platform, we prevent breaches across our globally distributed customer base.
For these reasons, political and policy organizations from across the ideological spectrum, as well as federal, state, local, tribal and territorial organizations, rely on CrowdStrike to help them defend against adversaries. Over the years, we’ve prevented or responded to incidents targeting political campaigns, issue advocacy organizations, and governments large and small. The high-profile incident response work we performed throughout the 2016 U.S. election cycle shouldn’t overshadow more widespread engagement throughout the broader elections ecosystem in the U.S. and abroad, from which we can draw additional lessons.
The Current Threat Landscape
This body of work gives us a unique perspective on what threats to prepare for in 2020 and beyond. We want to be clear that this is a general advisory and not intended to characterize specific, ongoing malicious threat activity. That said, we encourage organizations to to be alert to threats along these lines:
Breaches
The most straightforward attack that political and elections entities face remains the penetration of IT networks, assets and resources. Organizations and individuals are at risk, and personal accounts and devices are heavily targeted. Breaches may be the precursor to “hack and leak” campaigns, where sensitive private information is released to the public; ransomware attacks, which disrupt business processes and ultimately operations; or other disruptive or destructive attacks that can be strategically timed to maximize damage and effects.
Disinformation
Adversaries leverage traditional and social media channels to advance false or inaccurate messages. These are sometimes amplified using social media personas that have developed a wide reach, or by people or legitimate groups that have received the information under false pretenses. There is increasing risk associated with these campaigns being paired with manipulated or synthetic media that may seem persuasive at first glance.
Supply-chain Attacks
Even organizations with strong security postures have dependencies on third parties, which adversaries increasingly target. High-profile breaches over the past several years illustrate that the compromise of one service provider, for example, can enable adversaries to effectuate attacks against dozens or scores of their users or clients.
Recommendations and Resources
Beyond planning to face the challenges posed by these threats, we encourage everyone to keep in mind a few additional items. First, we should take a broad view of what constitutes the elections ecosystem. Those engaged directly in election administration understand the context, sensitivity and importance of their work. But those who support such organizations, or people who otherwise play a key role in the successful execution of elections, may not consider themselves targets or take the necessary steps to ensure security. People in roles within industries as diverse as television, general IT services and shipping, for example, may ultimately play a part in successful elections.
Even before the COVID-19 crisis introduced a variety of new and complex challenges to election logistics, it has been essential to maintain strong security best practices. It’s even more important now, and the best thing that those throughout the elections ecosystem can do is use a risk-informed approach to defense.
It is absolutely essential to maintain the technical capability to detect an adversary and expel them from the network before they can accomplish actions on objectives. Speed is key. We recommend organizations implement the “1-10-60 Rule” — detect adversary activity in your environment within one minute, investigate it within 10 minutes, and isolate the threat or eject the adversary within 60 minutes.
And finally, everyone throughout the extended elections ecosystem should familiarize themselves with other resources that can help them plan for success. To that end, we’re announcing today the launch of the CrowdStrike Cybersecurity and Election Security Resource Center. This site highlights some of the entities we’ve partnered with and programs we’re supporting, and shares helpful videos, talks and assets produced by others making positive contributions in this space.
Our Work Must Continue
The elections community has come together significantly over the past five years or so and continues to get stronger. People are more aware of the threat of disinformation and other tactics foreign adversaries use to affect discourse domestically. After a long period of underinvestment, policymakers across the world have reemphasized providing additional funding for elections generally and election security specifically.
But there’s more work to be done. While awareness is a good start, we must execute our strategies to successfully mitigate risk. The threats are real, and adversaries emboldened. We must all do our part to help ensure that the 2020 elections, and other upcoming elections around the world, are free from interference. Please review the resources we’ve assembled on this webpage and contact us if we can provide additional support.
Leave a Reply