Cybereason: Why ‘Culture Is Critical’ When Building Election Infrastructure
“There‘s kind of a clash here between the culture of the tech industry and the culture of the needs of the government that we need to address, and make sure that the standards of the equipment that we’re making is up to the point where we can safely say, ‘On Election Day, all the votes will be counted and they’ll be accurate,’” Cybereason’s Allie Mellen tells CRNtv.
While the COVID-19 pandemic has disrupted election calendars across the country, state primaries continue to run to determine which candidates will go on the general election ballot on Nov. 3.
And Boston-based cybersecurity vendor Cybereason has one message for the channel: “We need to protect election infrastructure.” Here’s why:
“Election infrastructure is a multi-billion dollar industry already, and so what‘s really important to consider for the channel is that we need to protect election infrastructure no matter what part of the process it is,” Allie Mellen, a security strategist at Cybereason, told CRNtv. “Whether it’s distribution, or manufacturing, every piece of that puzzle needs to be protected so that we don’t accidentally build in some type of vulnerability that an attacker can take advantage of because they ultimately will.”
Tabletop Exercises Deliver Results
“Over the past few years we‘ve worked really closely with the Secret Service, FBI [and] DHS in order to improve our election security,” Mellen said. “And we actually took a very different tact than a lot of people have and we’re looking at everything around election day that isn’t that election infrastructure that we normally consider, like voting machines [and] the polling places.”
Instead, Cybereason focuses on “what attackers can do to either sow disinformation the day of an election, or stop voters from voting through things like taking control of the electric grid, or stopping public transit,” added Mellen.
And it’s through hacking exercises — where they invite federal, state and local officials to attend — that they put ethical hackers against law enforcement to get results and see exactly what processes need to be improved by law enforcement come Election Day.
How To Handle Disinformation
“Nation-state attacks are something that we at Cybereason are really concerned about when it comes to the election and have come up a lot in these tabletop exercises,” Mellen told CRNtv. “At the end of the day the most important thing that we can do as individual citizens is to double and triple check the information that you‘re seeing.”
It’s important to note, she said, that we’re not spreading information online that might have a very attractive, flashy headline that in reality is disinformation.
“And while some deepfake detection technologies are under development right now, they‘re just too early stage to be implemented by social media companies,” Mellen added. “However, the more that social media and communications companies can actually start to implement measures to prevent deepfakes from spreading and disinformation from spreading the better off we’ll be.”
Setting High Standards
When it comes to election security, Mellen said, “Culture is critical.”
And within the tech industry, “we very much have a culture of getting things done quickly, get the features out there, we need to beat the competition and that‘s the priority, and we can worry about robustness and security later,” she said.
However, government proceedings are handled differently, especially around election infrastructure, Mellen told CRNtv. “Because election infrastructure needs to be consistent, and it needs to perform on one single day and there‘s no taking that back.”
“So, there‘s kind of a clash here between the culture of the tech industry and the culture of the needs of the government that we need to address, and make sure that the standards of the equipment that were making is up to that point where we can safely say, ‘On Election Day, all the votes will be counted and they’ll be accurate,’” added Mellen.
Quality Over Speed
Following the Iowa caucuses debacle back in February 2020, concerns about the use of new technology in the nation’s electoral process began to rise.
Shadow Inc., the company behind the app that delayed the results of the Democratic presidential caucus in Iowa on Feb. 3, took to Twitter admitting to its software’s failure.
“Iowa is a great example of what I‘m concerned about here,” said Mellen. “First of all, they did not have enough time to build that application, but they also did not have enough time to test that application, or to actually give it to the poll workers to use. And we need to establish processes that give people time to get used to the technology that they’re using.”
At Cybereason, Mellen said, testing is extremely important.
“One of the reasons that we run these tabletop exercises is because it gives law enforcement an opportunity to experience election day before they actually have to experience it,” Mellen told CRNtv. “So they can be thinking about the different things that might happen, and we should really be having things like that for poll workers who have to use new technology.”
To learn more, head over to CRNtv.