No matter which way you lean on the political spectrum, it’s probably safe to say that the last 3 years have been unlike anything you’ve seen in America. From a company perspective, we are not going to wade into this except for one exception that falls into our passion for cybersecurity, specifically regarding election security.
I’ve been keenly watching how this story has played out since the 2016 election. One of the more interesting moments came in July 2019 when the Senate Intelligence Committee’s probe into the last presidential election year found that Russia had targeted election systems in all 50 states. At least 21 states reported actually being breached in some way, but fortunately most attempts were unsuccessful at extracting any data.
Lessons to Learn from Illinois
Illinois has become the most specific example frequently cited, as it actually did have the personal information of about 76,000 voters viewed by foreign actors, including names, addresses, partial Social Security numbers, dates of birth, and driver’s license numbers. While the voter database was compromised, the state’s ballot count was never in jeopardy, according to the state.
However, as reported in the Chicago Tribune, the Senate Intelligence Committee’s report noted that the Department of Homeland Security thought things could have been much worse in Illinois. “Russia would have had the ability to potentially manipulate some of that data, but we didn’t see that…with the level of access that they gained, they almost certainly could have done more.”
That statement, to me, implies that the Illinois State Board of Elections did not have any privileged access management (“PAM”) measures and solutions in place to keep hackers out of election infrastructure. Or, if they did, it wasn’t strong enough, probably because they were using legacy PAM approaches to protect against modern cyber-attackers.
As we wind down 2019 and head into another presidential election year, it’s clear that states are under even more pressure to secure their elections in 2020. This is not only because they’ve had 3+ years to learn from 2016, but also because the attacks they’ll face will likely be much more aggressive.
It's Not Too Late for 2020
Centrify wants to help ensure that we have a secure election with integrity, and to prioritize the private information of voters. We’ve recently launched a new program called Secure The Vote 2020, where we are making all of our Zero Trust Privilege services available to state, county, and city election boards at a 50% discount.
We know our election boards are under attack, we know that identity and credentials are the primary attack vector, and we know that most election board IT staffs are overwhelmingly overmatched when it comes to the challenges facing them. We also have a great white paper available to learn more about how to secure the vote with Zero Trust.
The state primary elections start in February, and there is still time to put our SaaS solutions in place for identity-centric privileged access management of critical infrastructure and systems. Don’t wait – act now. Go to www.SecureThe.Vote and protect our democracy.