MSPs have emerged as central players in the democracy machinery. And after a rash of recent attacks on MSPs, some worry that MSPs may face a new challenge in election cybersecurity for the United States’ upcoming Presidential elections.

Tim Davis, an operations analyst with the Election Infrastructure Information Security and Analysis Center, which helps election officials monitor and defend against cyberthreats, told StateScoop:

“A successful ransomware infection on the elections infrastructure could result in the irreversible encryption or possibly deletion of voter registration databases, vote tabulation, or other sensitive records.”

XaaS Journal published a guide for MSPs to election best practices last year, which you can see here.

Threat of disruption

The most prominent threat hackers pose to the electoral ecosystem is disruption. The chances of actually gaining access and changing vote totals are slim, but hackers could sow chaos in other ways, by attacking websites, voter registration tools, and back-end networks. The United States election machinery is a patchwork of systems, and many small municipalities and counties rely heavily on MSPs to run these systems.

Smarter MSP interviewed a consultant with the Department of Homeland Security who is helping implement election security this year.

The consultant, who asked not to be named because of his work’s sensitivity, said multiple types of MSPs are involved in elections, and threats vary depending on the MSP’s vertical focus areas.

Some MSPs may not even realize they are part of the electoral process. As a MSP, you should be asking yourself if any of your clients provide services to a company that provides another business with election-related services?

“Many of the election infrastructure technologies are cloud-based and can hold data from poll books and voter registration databases,” the consultant offered. He added that an attack on this type of infrastructure wouldn’t impact the results of an election outright, but that it would slow down reporting or cause enough disruption to perhaps turn away some voters.

“An attack on an MSP could disrupt the process,” the consultant advised. Other scenarios would be an attack on a county board of elections website or results reporting page.

“If you are using an MSP to host a website or manage security, an attack on them could have an impact on your website going down, election night reporting, or voter registration tools,” he added.

Voting tabulation is generally safe

“Vote counting is on a completely air-gapped system so hackers wouldn’t be able to use an MSP to get into a voting system, per se,” the consultant said. Yet, suppose an MSP is involved in the business systems or was an MSP for an election tech provider?

“In that case, there is an opportunity for a ransomware attack that could deliver a payload into the system, steal credentials, move laterally, implement chaining, get into election infrastructure and then disrupt a registration database,” the consultant warned.

And while that wouldn’t disrupt vote counting, it would slow down reporting, and if enough systems were attacked throughout the country, could cause real disruption.

“That is what we were talking about from a lateral movement system a hacker could be able to utilize an MSP to move within the network to utilize an RDP to gain access…to get into infrastructure and drop a payload,” the consultant added.

While the public may not be focused on MSPs, he said MSPs and their role in the upcoming elections are a huge topic among officials.

“If you had asked a county elections administrator four years ago who their MSP was, they’d probably look at you blankly and ask `what is an MSP?’ but everyone is aware now,” he said. Officials from state and local governments are analyzing threat vectors and watching how hackers are getting in.

MSPs are well-equipped

The good news is that election protection is not much different than basic business protection, which MSPs are well-positioned to provide, said the consultant.

“It is no different than any other technology provider, just implementing best practices, training employees, endpoint detection, two-factor authentication, patching, and passwords,” he added. He did note that if you have any doubts about whether your MSP could be a part of the broader election ecosystem, place a call to your local elections board’s IT department to make sure you are all on the same page.

“Elections officials are not cybersecurity experts…making sure that they are aware and making a risk-based decision, explain to them why cutting off remote access is a good idea,” he said.

Despite the risks of a hack, the Department of Homeland Security expert is optimistic this election is up to the challenge.

“This will be the most secure election that has been conducted in the United States. Everyone has been working diligently to implement best practices, build resiliency in paper ballots and backups, and do what is necessary to make the outcome safe, secure, accurate, and reliable. All of those things are in place,” he concluded. “We have new systems, new software, new segmentation. We are in the best shape we have ever been in.”

Photo: Steve Heap / Shutterstock

Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

Leave a reply

Your email address will not be published. Required fields are marked *