Marcus Fowler is SVP of Strategic Engagements and Threats at Darktrace and CEO of Darktrace Federal.
2024 is an election year unlike we’ve ever seen before. By the end of the year, voters will have gone to polls in countries home to nearly half of the world’s population. Meanwhile, the potential for global disruption in 2024 looms larger and larger.
While cyber actors threatening elections is not a new phenomenon, there are no “norms” in cyberattacks, and the continued widespread adoption of AI has the potential to enhance the unpredictable nature of cyber operations and help bad actors achieve new levels of disruption at scale. There is no question that malicious state and non-state actors will attempt to disrupt and/or compromise voting and voter confidence—and it won’t be “more of the same” compared to 2020. I believe it will be worse.
Early Threats To 2024 Election Security
Following 2020’s chaotic election cycle, the Cybersecurity and Infrastructure Security Agency (CISA) implemented the #Protect2024 campaign to prepare agencies for potential threats and strengthen public trust in the U.S. electoral process. However, the rise of AI has lowered the barrier for entry for threat actors, granting them tools that can increase the speed, scale and sophistication of their cyberattacks and generate convincing content to sow widespread confusion or disinformation. Even when cybersecurity efforts successfully stop a cyberattack and prevent direct election interference, unsuccessful cyber operations coupled with targeted disinformation campaigns can still undermine voter confidence. For CISA and others involved in the voting process, quick and clear communication will be critical to countering false information.
AI tools are already being used to support disinformation. OpenAI recently issued a report that revealed its tools have been leveraged by foreign influence operations based out of countries including Russia, China and Iran. These findings were echoed by the Department of Justice (DOJ)—which recently seized domains and fake social media accounts tied to an AI-powered social media bot farm used to spread misinformation. In New Hampshire, deepfakes of President Biden were used to make robocalls and spread disinformation to local voters—and these threats only scratch the surface of AI’s ability to amplify cyber tactics.
The Election Threat Landscape
There are several threats government organizations should be prepared to defend against as elections near.
• Insider Threats And “Hacktivism”: While information can accidentally leak because of employee error, governments should beware of the risk of insider threats stemming from malicious insiders—like disgruntled employees with strong political motivations or third-party “hacktivists” that seek to leak information for political gain or to weaken an organization’s influence. Hacktivists are already impacting the current election landscape in the U.S., as a hacktivist group released two gigabytes of data belonging to the Heritage Foundation to the public, including the personal identifying information for government personnel and other political figures. As political divisions grow in both size and hostility, so do hacktivists’ willingness to directly interfere in elections.
• Targeted Phishing Campaigns: The ability of threat actors to use AI to generate more convincing emails is an ever-increasing threat, as they can enhance the effectiveness of their targeting campaigns. These tactics are already impacting election cycles. In April of this year, a variety of politicians, advisers and journalists in the U.K. were targeted by a series of WhatsApp-based phishing attacks for eighteen months. Additionally, a recent report from Google exposed targeted phishing campaigns against U.S. presidential campaigns by state actors. Political campaigns themselves must prioritize cybersecurity, as any stolen information resulting from successful phishing attacks can be quickly weaponized and manipulated to cause further political division and distrust.
• Tampering With Voting Technologies: As election processes grow increasingly reliant on technologies like voting machines and online voter registration systems, these critical tools expand voter access—and the attack surface that bad actors can exploit. In April, Georgia’s Coffee County fell victim to a ransomware attack that forced the county to sever connections to the State’s voter registration system—showcasing the effectiveness of these attacks and their potential to cause further disruption in months to come.
Enhancing And Maintaining Public Trust In Elections
From a cybersecurity standpoint, there are proactive measures that governments can take to protect the integrity of their election processes, starting with good cyber hygiene and security testing of all voting systems and devices. Once those are validated, proactive defense requires governments to develop and maintain continuous monitoring of their cyber environments, with an in-depth understanding of “normal” activity on their networks. Whether it’s insider threats or unauthorized activity from external sources, understanding anomalous activity and the ability to enforce normal operations can thwart potential cyberattacks in real time and ensure operational confidence and resilience. Governments should conduct thorough reviews of their internal security measures to identify opportunities to further educate personnel and/or implement AI-powered tools that can respond to potential threats in real time.
Beyond strengthening their internal security measures, governments must prioritize decreasing the spread of mis- or disinformation. For example, governments can share educational resources to help identify falsified content, like deepfakes or social media bots sharing fake news. Preventing AI-powered misinformation requires vigilance in verifying the sources of any information that appears inaccurate, heavily biased or even just “too good to be true.” By arming citizens with the necessary AI literacy skills required to interpret and reject said content, governments can weaken the overall effectiveness of these campaigns.
Protecting 2024 And Beyond
The mere suggestion of tampering or external involvement in a country’s electoral process can derail an election cycle. With the countdown to the next election ticking, governments must ensure they are prepared for advanced threats to protect their election integrity and maximize public trust. Best practices for election security provided by agencies like CISA should be considered the starting point—not the assured solution—of an entity’s cyber defense strategies. By proactively evaluating potential vulnerabilities in systems, people and processes before an incident occurs, governments are better positioned to successfully build upon these frameworks, harden their networks and help maintain public confidence in the voting process.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?