US government prepares for ransomware attacks in run-up to 2020 election

The programme, which is expected to be launched in a month, will focus on protecting voter registration databases and other systems. These systems are used to validate the eligibility of voters to cast their votes.

These very systems were compromised in 2016 by Russian hackers as part of a wider attempt to disrupt the presidential election and boost the standing of Republican candidate Donald Trump. In 2017, it was reported that the National Security Agency had concluded that Russian intelligence agents had attacked US voting systems in the weeks ahead of the election. Jeanette Manfra, cybersecurity head of the Department of Homeland Security, confirmed that voter registration rolls in 21 states had been targeted ahead of the election, with a small number of successes. 

Given the previous attacks on voter registration systems, officials are now more aware of the likelihood that these systems will be targeted with another round of cyberattacks backed by hostile governments which could seek to manipulate or delete data. According to Reuters, the Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA) is particularly concerned that these databases may be targeted by ransomware attacks.

Ransomware is a type of malware that locks a computer system or encrypts valuable data, demanding a ransom to be paid (often in cryptocurrency) in order to restore them. The ‘WannaCry’ and ‘NotPetya’ ransomware attacks – which are both strongly believed to have originated from state-backed hackers – caused significant disruption on an international scale in 2017, raising the profile of this type of attack.

Officials are quoted as saying that voter registration systems have been assessed as “high risk” due to being one of the few pieces of electoral technology regularly connected to the internet. Regular connections are required in order for data to be added, removed, and changed.

“Recent history has shown that state and country governments and those who support them are targets for ransomware attacks,” said Christopher Krebs, director of CISA. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”

The soon-to-be-launched programme will help state election officials prepare for ransomware scenarios with penetration testing, vulnerability scans, recommendations on how to manage a ransomware attack (although it will not offer ultimate advice on whether to pay a ransom or not), and educational materials. A Homeland Security official said: “Our thought is we don’t want the states to have to be in that situation [of deciding whether or not to pay a ransom], we’re focused on preventing it from happening.”

The effort to prevent attacks on voter registration systems is just one branch of a wider effort (Protect2020) to identify and prevent digital foreign manipulation in the 2020 election.