10 election security predictions for the 2020 US presidential election
As I write, we have a hurricane pounding my home state of Texas and the COVID-19 pandemic continues to disrupt our personal and professional lives. In that context, it’s easy not to worry about secondary societal issues like the security of the November presidential elections. As a political science undergraduate, former intelligence officer and current security professional, I have paid more attention in the last several months to election security trends than the average citizen.
Sadly, I have a dystopian view of what I think may happen in November given the open discussions about confidence in the results should President Trump lose. My major thoughts — in the form of predictions — capture the most recent events in electioneering, including results from certain run-offs that happened this summer. My top predictions are as follows.
Top 10 election security predictions for the November election
1. Mail-in ballots
The COVID-19 pandemic is on a course to intersect with the fall presidential election, driving demands for more flexibility to vote by mail. Most states conduct elections via early voting and election day voting and are ill-equipped to process an order of magnitude increase in mail-in ballots.
This issue has already been politicized, and divisiveness around increasing access to mail-in ballots will continue in the run up to the election. Look for nation-state actors to exploit this divide — mostly via social media — and cast doubts about the legitimacy of the elections.
2. Issues of tabulation
Given the uncertainties associated with counting mail-in ballots, more focus will be drawn to our states’ ability to count the vote. This most basic aspect of elections will be a focus of post-vote discourse — think 2000 Florida with the hanging chads.
Certain states are more prepared than others to count mail-in ballots. I predict tabulation delays will introduce doubts, which will open up a Pandora’s Box of legitimacy (worst case). For example, the state of Kentucky experienced a delay in vote results in a runoff in June. Challenges in voting tabulation will inject more doubt.
3. Issues of timeline
Kentucky’s run-off election in June was certified by the state’s secretary of state a week after the polls closed. If that happens at the national level in November, projected winners and losers will plead their case in the court of public opinion, all amplified by social media. It will be a perfect scenario for nation-states to weigh in via information operations to inflame the domestic debate. Challenges in releasing election results will inject even more doubt.
4. There will be more interference
Let me start by stating the obvious. There will be more interference in 2020’s presidential election. Undeterred by the response from Russian tampering in 2016, the temptation is too strong and the penalties too low to deter our adversaries in November. Adversary countries will double down on this year’s COVID-19 and street protests to further undermine the results and weaken our country.
5. Nation-state threats (emphasis plural)
2016 was primarily a Russian affair. Emboldened by their success and our fractious response, look for additional players such as the Chinese, North Koreans and Iranians to attempt to disrupt our elections in November. Look to the 2019 suspected Iranian probing of campaign-related email boxes identified by the Microsoft Threat Intelligence Center as an indicator of intent.
6. 50 different responses
Elections are almost entirely a state and local affair, as laid out in the US Constitution. Although the federal government provides resources and assistance to local election officials, decisions are still made by state officials who run these elections. Like the response to the COVID-19 pandemic, we are likely to see a state-to-state response to any election security events. These responses are likely to range from disavowal to active defense.
7. Disinformation over hacking
Attackers likely will not have to hack anything in order to disrupt the 2020 presidential election, especially given the potential logistical challenge associated with counting a significant increase in mail-in ballots.
Election observers worry that many election administrators are ill-equipped to count large numbers of mail-in ballots, particularly in states where mail-in ballots have represented a small percentage of the vote in past elections. Attackers will then presumably be able to double down via social media on any type of delay that might occur. Think of what happened in Kentucky but on a national level …
8. It’s going to be tough to tell who did what to whom, and how
It was hard enough to come to a consensus that the Russians interfered in the 2016 election and that they were one threat actor. If more than one nation-state player is involved in subterfuge in the 2020 election, unwinding which country was behind which attack will be a big challenge for DHS defenders and other government officials trying to defend our election infrastructure.
9. It won’t be about the voting machines
So much of the conversation about election security has centered around the security of voting machines. I firmly believe that there are too many other more straightforward ways to undermine an election than to attack an “endpoint” (to steal a security term). Hacking voting machines at security conferences, though great entertainment, doesn’t represent realistic attack scenarios.
Focus on voting machines — which are only in polls for a limited time — distracts from other more static components of election infrastructure such as voter databases or election night reporting websites which can be DDoS’ed.
10. Sadly, there’s not much we can do about it
I hate being dystopian but given the politically divided world in which we live, I’m not sure we patch up our differences between now and the election in November. There are all types of scenarios being bandied about, including talk of a constitutional crisis. I think it’s safe to say events are shaping up to make the 2016 Russian hacking stories look like a warmup in comparison.
Conclusion
So, there you have it! My predictions for 2020 election security 100 days out from when the polls close. Much will happen between now and then, and perhaps current events will play in a positive way and we’ll avoid a messier election replete with foreign nation-state meddling. I hope that is the case, but as of right now, all indicators point to more trouble in the fall.
- 12 pre-built training plans
- Employer-requested skills
- Personalized, hands-on training
In this Series
- 10 election security predictions for the 2020 US presidential election
- Free Valentine's Day cybersecurity cards: Keep your love secure!
- How to design effective cybersecurity policies
- What is attack surface management and how it makes the enterprise more secure
- Is a cybersecurity boot camp worth it?
- The aftermath: An analysis of recent security breaches
- Understanding cybersecurity breaches: Types, common causes and potential risks
- Breaking the Silo: Integrating Email Security with XDR
- What is Security Service Edge (SSE)?
- Cybersecurity in Biden’s era
- Password security: Using Active Directory password policy
- Inside a DDoS attack against a bank: What happened and how it was stopped
- Inside Capital One’s game-changing breach: What happened and key lessons
- A DevSecOps process for ransomware prevention
- What is Digital Risk Protection (DRP)?
- How to choose and harden your VPN: Best practices from NSA & CISA
- Will immersive technology evolve or solve cybercrime?
- Twitch and YouTube abuse: How to stop online harassment
- Can your personality indicate how you’ll react to a cyberthreat?
- The 5 biggest cryptocurrency heists of all time
- Pay GDPR? No thanks, we’d rather pay cybercriminals
- Customer data protection: A comprehensive cybersecurity guide for companies
- Online certification opportunities: 4 vendors who offer online certification exams [updated 2021]
- FLoC delayed: what does this mean for security and privacy?
- Stolen company credentials used within hours, study says
- Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
- 10 ways to build a cybersecurity team that sticks
- Verizon DBIR 2021 summary: 7 things you should know
- 2021 cybersecurity executive order: Everything you need to know
- Kali Linux: Top 5 tools for stress testing
- Android security: 7 tips and tricks to secure you and your workforce [updated 2021]
- Mobile emulator farms: What are they and how they work
- 3 tracking technologies and their impact on privacy
- In-game currency & money laundering schemes: Fortnite, World of Warcraft & more
- Quantitative risk analysis [updated 2021]
- Understanding DNS sinkholes - A weapon against malware [updated 2021]
- Python for network penetration testing: An overview
- Python for exploit development: Common vulnerabilities and exploits
- Python for exploit development: All about buffer overflows
- Python language basics: understanding exception handling
- Python for pentesting: Programming, exploits and attacks
- Increasing security by hardening the CI/CD build infrastructure
- Pros and cons of public vs internal container image repositories
- CI/CD container security considerations
- Vulnerability scanning inside and outside the container
- How Docker primitives secure container environments
- Top 4 Zapier security risks
- Common container misconfigurations and how to prevent them
- Building container images using Dockerfile best practices
- Securing containers using Docker isolation
- Introduction to container security
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, ISC2, Cisco, Microsoft and more!
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
General security
General security