The hacking techniques used by Russia against the U.S. ahead of the 2016 elections are still being used by that country to target election systems overseas, signaling these could be the same approaches used against others, including the U.S., in coming elections, the director of the Department of Homeland Security's cyber agency said last week.
More recent elections in the Ukraine, Montenegro and North Macedonia have shown the Russians are sticking to the "basics," such as spear phishing and "targeting election reporting websites," Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA), said Aug. 22 at Auburn Univ.
The lessons being learned from Russia's recent election systems interference can be packaged for state and local election officials to strengthen their cyber security posture, Krebs said. The measures that state and local officials can take include hardening their email infrastructure, training around spear phishing attempts, using multi-factor authentication, and hardening election night reporting websites, he said.
Krebs said such actions are more effective than relying on the sharing of threat indicators or watching out for specific Internet Protocol addresses, "because even that only would work in about 25 to 30 percent of the stakeholders."
Krebs said the Ukraine, where Russia has also found ways to interfere in elections, and the Balkans are the "devil's playground for Russia." Russia uses these countries as live "test bed" environments to see if their tactics and techniques work.
Russia also tests its cyber influence and hacking capabilities in these countries as a "signaling mechanism," he said. They say, "'Hey look, these are the capabilities we have and you better watch out or we're going to bring it to your back door.'"
CISA continues to expand its outreach to more local election jurisdictions in the U.S., Krebs said.
Krebs used the speech and subsequent discussion at Auburn's engineering school to discuss his new strategy that outlines CISA's vision and goals for both cyber and physical security.
Krebs said that local election jurisdictions should be aiming for voting processes that can be audited to properly count votes.
CISA doesn't have regulatory authorities but works with its partners and stakeholders to share information, promulgate best practices, and provide resources where needed.
"CISA is responsible for assisting state and local governments, and the private sector organizations that support them, with their efforts to enhance the security and resilience of election infrastructure," the Strategic Intent says. "CISA's objective is to reduce the likelihood of compromises to election infrastructure confidentiality, integrity and availability, which are essential to the conduct of free and fair democratic elections."