Defending the Perimeter Isn’t Enough on Election Hacking

The following article by PreVeil board member Admiral James Stavridis originally appeared in Bloomberg:
 
The U.S. is now just a year from the 2020 presidential election. In 2016, we saw foreign interests influence the outcome of a presidential race when Russian hackers infiltrated the computer networks of officials in both parties, and then selectively disseminated the emails of Democrats. Is the nation in better shape to counter such threats this time around?
 
It doesn’t look like it.
 
For example, Microsoft recently reported an attack by Iranian hackers on the emails of current and former U.S. government officials, journalists covering political campaigns, and accounts associated with a presidential campaign. There is reason to believe that the attack, which consisted of more than 2,700 attempts on targeted email accounts, was backed by the Iranian government.
 
According to security researchers and intelligence officials, hackers from Russia and North Korea have also begun targeting organizations that work closely with 2020 presidential candidates.
 
Foreign enemies continue to see U.S. elections as an opportunity to subvert the will of the American people and exert control over our governance at the highest level. This most recent Iranian attack is a reminder that both political organizations and private enterprises face significant cybersecurity risks.
 
Unfortunately, the legacy electoral systems most voters and organizations rely on do not offer sufficient protection in the modern digital landscape. When facing nation-state adversaries with billions in funding and information resources to rival the U.S. National Security Agency, Americans have to think beyond the popular two-factor authentication protocols. We need to protect not only the voting systems themselves, but the email, file-sharing and other communication systems of ancillary campaign groups, local officials and plenty more.
 
What can we do to defend ourselves better? In my military and cyber experience, the operating principle is that the sophisticated attacker will eventually find a way through any perimeter defense. As supreme allied commander of NATO in the late 2000s, I pushed to strengthen the alliance’s nascent Cyber Defense Center in Tallinn, Estonia — but saw firsthand how easily Russian hackers penetrated our digital perimeter.
 

Protections must be designed so that even if the attacker succeeds in getting to the target, the target remains safe. To do so, we need to think in terms of four core principles for secure communication systems that will be resilient to the inevitable breach.
 

First, systems must employ end-to-end encryption. (Disclosure: I serve on the board of an information-security firm, Preveil) If we assume that attackers will be able to exploit vulnerabilities in server software or the defense mechanisms that guard it, then the only way to keep information secure is to make sure that it’s never exposed, even while on the server. With end-to-end encryption, data is only accessible to the sender and the recipient — it isn’t accessible en route to the server or on the server. Even if the server is compromised, the data is not. Think of this as the difference between working in an Ebola environment in a body suit, which will eventually weaken at the seams, and being vaccinated against the disease. The perimeter defense is far from worthless, but the vaccine — the internal protection — is vastly better.
 

A second concern is the vulnerability of anything in the system that becomes a juicy target. While end-to-end encryption eliminates the server as a single entity that can be compromised, if the system has administrators with global access, a high-yield single target for attackers remains. To solve this problem, access to large amounts of sensitive user data should be granted only after being approved by several trusted individuals. Similar to the systems used for nuclear-launch codes, encryption cryptography can break up individual user keys into fragments that are distributed among multiple people. Therefore, administrative access to users’ accounts is achieved only when all key shards are present, so there is no single administrator who attackers can compromise to gain access.
 

Third, it’s time to do away with passwords. According to the report of the 2019 Verizon data breach investigations, 80% of hacking-related breaches involve compromised and weak credentials. Rather than depending on fallible passwords, secure communication systems should now grant account access using a private encryption key. A 256-bit encryption key has a lot of different possible combinations of characters — nearly 10 to the 78th power, the same as the number of atoms in the universe — and is not crackable with existing computational power. Because the key is stored only on the user’s physical device, remote access isn’t possible.
 

Finally, it is important to protect the most sensitive communications from socially engineered phishing and spoofing attacks. Traditional digital communications provide an opening for impostors to trick users into clicking on dangerous links or leaking information. When only known users are able to communicate with each other about an organization’s most confidential information, that risk of “lookalike” accounts is eliminated. The strongest security systems don’t depend on users to be perfect, or to always exercise good judgment. They make sure that data is safe even when humans are flawed. Getting at this “insider threat” is crucial.
 

Security is a serious matter for organizations of all types, not just political parties during an election season. Organizations should rethink their security preparedness with a deeper understanding of the adversaries’ capabilities. They need to make the shift to secure systems modeled around these four core principles — including adopting ready-to-use encrypted communications systems for email and file-sharing.
 

Between now and Nov. 3, 2020, there should be few higher priorities than improving security to stop hackers and foreign powers from threatening American democracy itself.
 
Admiral Stavridis served as the 16th Supreme Allied Commander at NATO.