Election security drill pits red-team hackers against DHS, FBI and police

Written by

A year from the 2020 election, sophisticated exercises to help secure the vote are kicking into high gear.

On Tuesday, executives from the Boston-based firm Cybereason will conduct a tabletop exercise testing the resolve of officials from the Department of Homeland Security, FBI, and the police department of Arlington County, Virginia, among other organizations.

The fictional scenario will involve attackers from an unnamed foreign adversary laying siege to a key city in a U.S. swing state. Hacking, physical attacks and disinformation via social media will be on the table as the attackers seek to flip the vote to their preferred candidate — or sow enough doubt among voters to undermine the result.

One of the objectives of the red team — technical specialists from Cybereason and other private organizations — is voter suppression. That is exactly what Russian operatives aimed to achieve in 2016 and what, according to U.S. officials, they could strive for again in 2020.

What participants learn from Tuesday’s event can be worked into future election-security drills, which will only grow more frequent as the 2020 vote approaches.

“The idea is to showcase … how things interconnect that you’re not aware of,” Yonatan Striem-Amit, Cybereason’s CTO and co-founder, told CyberScoop. “What happens when you combine a physical threat and a social media campaign at the same time?”

“Generally, people don’t think enough about the fusion of physical and cyber — especially around Election Day,” said Striem-Amit, who will lead the red team.

It will be a cat-and-mouse game of four rounds. The blue team, including personnel from DHS’s cybersecurity division and the Secret Service, will have to choose what infrastructure to prioritize in their defenses while reassuring voters that voting will take place as planned. The red team will respond by trying to attack an unexpected target.

Exercise scenarios like this one, which challenge conventional thinking about how an attack might go down, often target the soft underbelly of infrastructure. A drill held by Cybereason last year, for example, saw the red team disable traffic lights in a fictional city to keep people from reaching the polls.

That exercise featured the Massachusetts police. The drill Tuesday at the Washington, D.C., office of the law firm Venable will have much more of a federal focus. Striem-Amit said he will be watching how well federal officials consider cascading scenarios in which an attack on one piece of infrastructure affects others.

On the menu of attacks will be a compromise of media outlets that report election results, Striem-Amit said. Ransomware, which has been a thorn in state and local officials’ side, could also come into play.

“There are a lot of things you can do to create … mayhem,” he said with a smile.