General security

Election security issues for 2020

March 19, 2020 by Greg Belding

In this episode of Infosec’s Cyber Work Podcast series, host Chris Sienko spoke with Adam Darrah about foreign vote tampering and other election security concerns for the upcoming 2020 election. 

Adam is the Director of Intelligence at Vigilante ATI and an expert on Eurasian political and social machinations, with a focus on Russia and disinformation campaigns. He previously acted as the Director of Intelligence at Infoarmor and worked for the federal government for eight years, filling in knowledge gaps regarding national security matters.

What kinds of security breaches, tampering and issues actually happened in the 2018 election?

First, Adam provides some context on election operations from an intelligence perspective in the lead up to the 2016 elections. There are three areas of intelligence: human, signals (which is where adversaries eavesdrop on our communications) and open-source information (which is where disinformation campaigns fall). Open-source can be offensive or defensive and 2016 was the first time we saw foreign governments aggressively expand into this area of intelligence. 

There weren’t many noteworthy news stories about issues from the 2018 election. For some reason, there weren’t many attempts to misinform voters, and it’s almost like they purposely got their hand caught in the cookie jar in 2016 to send us a message. Adam believes this was because our adversaries are sophisticated and pivot fast, so they most likely just moved onto the next way they will try to destabilize our democratically-elected government.

Are there still any problems that have not been rectified since 2018? Are there new attack vectors?

In short, yes. Adam is not a cynic; he believes that what is great about this country is that we uphold the rule of law, not rule by law or arbitrary enforcement of the law. Enemies of this country still enjoy freedom of movement and that’s OK — we are not a police state. 

With this said, our adversaries are still using the first two intelligence areas listed above against us. As for the open-source area, we are still seeking voter information being leaked on the dark web and legitimate businesses leaking as well, so these traditional threat vectors still persist.

One of your areas of expertise is Central Eurasian security intelligence issues and election security. Are there things we should be watching or learning from in this part of the world?

Let’s use Russia as an example, which Adam adds is his primary area of expertise. He has a lot of respect for their culture, but they have been using disinformation campaigns on their people for a long time now. They like to “prep the battlefield” by controlling the message, or the narrative, that the people hear. Then they arbitrarily enforce the law against a friendly, approved opposition and when they get the result they want on election day, they relax. 

These techniques have been perfected on their soil, and then they simply turned them against the United States elections. 

Adam adds that it has been heartbreaking watching how this disinformation campaign has turned us against each other to a certain degree. He believes they have waged a successful and sophisticated campaign against us.

Disinformation campaigns, along with physical hacking, have used social media to inject voter cynicism into public discourse. How do we turn this trend of cynicism around?

Adam recommends that we learn to fall in love with our country and ourselves again. This includes being OK with people not seeing things the way you do and respecting people that think different from you, who are not like you and who are on the other side of the aisle. We need to fall back in love with the Great American Experiment again. Remember that it is OK to lose, and you will wake up the day after and everything will be all right in the world. 

Adam adds that he does not specifically know how to win the hearts and minds of his countrymen but that we should learn to trust the inner voice we all have and not let absurd news or information seen online to make us so angry or excited. Just breathe and everything will be OK. Even something with an ambiguously benevolent name like fact-checking sends a chill down half of the country. 

Our adversaries conduct these campaigns against us because they work, but we should not accept this as the new reality. We should not let it stop us from shaking hands when the election is over and the die has been cast.

Where do you start when you want to find out if news is true or not?

We have accepted a false premise that our adversaries have chosen a side in our elections. They usually just lean on the open door that will lead to the most chaos. 

From his experience, Adam says they view us as being just like us but better at faking that we live a free society. They have turned the cynicism that central Eurasia has against our political system, and that it has worked. We are more tribal and more like them than previously thought.

How can voters take power into their own hands, being that it is unlikely that new voting legislation will pass in time for the 2020 election?

We need to trust ourselves and our inner voice and use it when we see absurd things coming across the newswire and social media. It is already illegal to tamper with the election process and this will not change, though it is selectively enforced. Do not do anything illegal for your own political tribe and learn to respect the American voter: everyone is entitled to their own opinion and to have their voice heard. 

What scares Adam is that when people do not get the result they want, they turn to legislation to overturn elections. This has occurred in other countries. He also thinks that it will take us down a scary road if the current temper tantrum persists. This country is still great, and this message needs to be disseminated. 

How do we safeguard against groups like Cambridge Analytica that try to sway elections?

Secure your S3 boxes and buckets! The thing with groups like Cambridge Analytica is that they are using legal techniques that others in the private sector do, so there isn’t much we can do about that. 

What Adam is nervous about is adversaries infiltrating his circle of friends on social media to inject misinformation. This may be unpopular, but all parties and candidates engage in activity like this — which makes it all the trickier to address. 

What social engineering concerns should voters be aware of heading into the 2020 election?

Your online and electronic footprint is your own, so own it! Don’t click on everything you see online. Get a grip of where your email and identity are being used for marketing purposes and unsubscribe from unsolicited emails. Be purposeful, be smart, be vigilant, trust your inner voice and have a security mindset and you will be well equipped heading into election season.

Can you give us any tips or strategies to sort truth from fiction regarding the 2020 election?

Adam’s advice about this is to just breathe! If what you are reading is too sensational or too enraging, you are probably already becoming an unwitting participant in a disinformation campaign. Turn off the TV, detox from social media and the internet, and listen to your inner voice. 

It all comes down to how the individual reacts, and only you can control this. Social media specifically triggers an addictive part of the human mind, and Adam believes that one day everyone will snap out of its hypnosis. 

Can you suggest certain ways to bring the voting populace more up to speed with security concerns and considerations for the 2020 election?

It may sound cliché but if you see something, say something. In Virginia, Adam once encountered people trying to get people to register to vote long after it was legal to do so. When he confronted them, they fled. If this happens to you, or even if you get emailed asking you to register after it is legal, walk away or ignore it. This country belongs to us, the people, which is a uniquely American thing. Take ownership as a voter and realize that you are more informed than you think.

With the possibility of physical tampering or cyber tampering, what balance is to be found between social engineering and physical tampering?

Social engineering is ongoing, especially when conducted by a nation state, and is happening right now. With regard to securing our votes at the electronic security level, it will be about partnerships between public and private entities. The public sector can learn a lot from what we do in the private sector to secure our information. Spreading expertise between disciplines will help us prepare for 2020 and beyond.

What would be in an ideal voting machine that is not there currently?

Adam thinks that an ideal voting machine would be one that does not transmit information ever. When you transmit, you open up a proverbial screen door. In short, minimize transmission.

If you were given a magic gavel to pass laws to make elections more secure, what laws would you pass?

He would not change laws per se, but rather, he would use this power to calm people and make their heart rates go down. Along with this, Adam would make a 24-hour internet connectivity mandatory.

Summarize your fears and hopes for elections to come

His hope is that we fall in love with each other again as a country and stop demonizing each other. In terms of fear, Adam fears that we will double down on the frightening path of polarization we are currently on. We need to learn to love again and get back to being the way we were, and he believes that we will get there one day.


In this episode of Infosec’s Cyber Work podcast, Chris Sienko and Adam Darrah delved into what is weighing on the minds of many — election security going into the 2020 election. To watch this podcast yourself, you can find it on the Infosec YouTube channel here

Posted: March 19, 2020
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.