Election security: how companies and federal agencies can protect the backbone of democracy

Over the last few months, cyber teams on HTB Enterprise Platform engaged in a realistic state-side cyber attack simulation: Operation Shield Wall. 

This innovative format featured seven (7) interconnected scenarios — offensive and defensive — designed to boost a purple-minded approach to techniques, tactics, and procedures used by real adversaries. 

Operation Shield Wall struck a chord within our community of cyber professionals, igniting enthusiastic engagement with real-world tactics:

• 206 cyber professionals participated.

• 66 organizations engaged, from 10+ industries.

• +34% in defensive labs engagement.

• 29 cyber professionals completed all labs!

What’s the reason behind this great participation?

All featured labs focus on a compelling, critical theme that’s relevant now more than ever: election security. Security teams are tasked with defending the fictional nation of Veloria and its critical infrastructure (power grids, government services, and communication networks just as an example) during a fundamental election round.

It’s as real as fiction can get. Watch our dedicated Operation Shield Wall webinar to discover the main readiness takeaways directly from our team of experts and clients.

A world at vote, and its potential disruptions

The Time called 2024 the Ultimate Election Year, and it is quite difficult to prove them wrong. More than a billion people around the world have already submitted their ballots, while nearly another billion will be participating in election rounds until December. 

We’ll also witness one of the most impactful and influential democratic elections globally: the U.S. presidential elections.

Wrapping up our trip to Black Hat USA 2024, we have realized election security has been a  key point of security conversations in Vegas (and it seems it is not only our impression). 

This goes far beyond cybersecurity. Democracy around the world is at stake.

In order to successfully protect and mitigate critical infrastructures from the attempts of threat actors, security leaders from the private and public sector must identify the most common techniques being weaponized and build high-performing cyber teams accordingly. 

Misinformation and disinformation

Preventing the distribution of fake news should be the responsibility of leaders and media, which are also supported by organizations such as the Cybersecurity and Infrastructure Security Agency (CISA), the UK National Cyber Security Centre (NCSC), and the European Union Agency for Cybersecurity (ENISA).

However, 2024 has seen a surge in the complexity of narrative attacks aimed to manipulate, undermine, discredit, or distort stories. This way of influencing public opinion has been further adopted with the increased accessibility of generative AI technologies, resulting in the need for more proactive strategies (pre-bunking) for what seems to be a concrete election-year problem.

This threat impairs and influences decision-making, but could also damage brand or organizational reputation. What actions are required to limit its impact?

• Expand threat intelligence programs by monitoring open and dark web sources.

• Incorporate narrative attacks into your incident response plan.

• Create a cross-functional collaboration team (marketing, public relations, etc.).

Deepfakes

Taylor Swift didn’t endorse former President Donald Trump, same as Ryan Reynolds wasn’t photographed wearing a pro-Kamala Harris shirt. Fabricated content is becoming more sophisticated and ranking up millions of views over the public.

Deepfakes are proliferating as they require inexpensive (and accessible) computing power and tools. At the same time, they can have immediate and harmful outcomes including fraud, ransomware execution, data and IP loss, and amplification of aforementioned misinformation.

Deepfakes and misinformation are not the usual malware and DDoS attack, making the traditional security techstack almost ineffective. What does it take to counter them?

• Establish a related human risk management framework.

• Conduct tabletop exercises focused on protocols and processes.

• Enhance social engineering training and response.

Supply chain attacks

An additional layer of complexity is now added by the growing trend in supply chain risks. 61% of organizations have limited visibility across OT networks, making detections, triage, and response incredibly difficult at scale.

Very much alike the scenarios featured on Operation Shield Wall (and our exclusive ICS enterprise-level lab), successful attacks on election infrastructure and government facilities can have devastating consequences on multiple systems:

• Voter registration databases and associated IT systems.

• IT infrastructure and systems used to manage elections (counting, auditing, and displaying of election results, and the post-election reporting).

• Voting systems, storage facilities, and associated infrastructure.

• Polling places.

Private and public organizations must understand (and test) how to ensure business continuity to support the nation’s elections, securing all critical systems and assets.

Nation-state attacks

Geopolitical tensions play a fundamental role during election season. The list of potential nation-state activities is long: cyber espionage, direct attacks on campaigns and political parties, digital warfare, and more.

External cybercriminals particularly see campaigns as low-hanging fruits, given the involvement of funds and potential power shift at stake. Experts have again highlighted the warning of election disruptions after the Trump campaign’s email system was reportedly breached by Iranian threat actors.

Shortly after, the U.S. intelligence officials confirmed foreign efforts to influence the White House race on both fronts:

"The [intelligence community] is confident that the Iranians have through social engineering and other efforts sought access to individuals with direct access to the Presidential campaigns of both political parties. Such activity, including thefts and disclosures, are intended to influence the U.S. election process.”

While the impact on the federal agencies is obvious, the harm on the private sector is often overlooked. 40% of state-sponsored attacks are actually targeting private enterprises (+100% growth from 2019).

What can security and business leaders do to become aware of the implications attributed to geopolitical events in the cyber domain?

• Run regular workforce exercises focused on nation-state threats.

• Establish informed defensive measures and incident response plans.

• Operationalize cyber teams’ intelligence on TTPs and emerging tech.

Our live-fire solution for election readiness

Our goal with Operation Shield Wall was to plunge cyber teams into a realistic state-side simulation, showcasing the potential impact of most of the above threats and shedding more light on the ideal procedures to counter the attack and restore systems.

An additional layer of realism is given by the MITRE ATT&CK framework alignment, which enables cyber teams to map labs to APTs and emulate nation-states' stealthy threat actors. By using this feature, security leaders can craft more accurate exercises, with the ultimate goal of raising the cost of the adversary to target and exploit the organization’s network.

The below infographic provides a visual representation of the development through the different scenarios:

Operation Shield Wall operationalizes the purple mindset between multiple security roles, working together as a unique virtual team. But how do we expand cyber resilience to a broader workforce and, ideally, the entire organization?

As seen above, most of the threats endangering our election rounds require strong collaboration across departments — from the tech teams to the boardroom. 

During Black Hat USA 2024 we had the opportunity to showcase Crisis Control: our brand new crisis readiness solution in the form of enhanced tabletop exercises. 

The first cohort of executives and analysts using Crisis Control had the chance to dive deeper into the caveats of election security with a dedicated exclusive scenario. 

Operation Secure Vote is, in fact, a hyper-realistic cyber warfare simulation recreating the interconnection between vital systems, assets, and various stakeholders during a political election round endangered by external aggressors.

Operation Secure Vote requires organizations to form a diverse team of specialists, each assuming roles that leverage their unique backgrounds and skills. Together, they will navigate a series of escalating cyber incidents, testing your ability to respond under pressure while ensuring confidentiality, integrity, and availability of the election infrastructure.

The ultimate goal is to bring companies and federal agencies together against hostile state attacks, developing crisis-ready personnel that work efficiently in high-stakes environments.

Interested in becoming one of the first teams to fully integrate Crisis Control within your workforce development plan? Get in touch with our team.

Choose HTB to boost your cyber performance

Today’s cyber threats present a new challenge to organizations, and unskilled teams pose a real risk to the security of your business. This is why cybersecurity performance programs and continuous improvement are no longer a nice-to-have, but a necessity.

Hack The Box offers a comprehensive crisis readiness solution to help cyber teams: