Moran Zavdi is the founder of Nucleon Cyber, which provides actionable, proactive cyber threat intelligence for organizations.
In my previous article, I examined the characteristics of the 2016 U.S. election interference events from a cybersecurity point of view. The amount of publicity surrounding the 2016 events enables us to achieve a much broader understanding and further discuss approaches that can help in dealing with such events.
While our focus here is on the 2016 events, it’s important to acknowledge that subsequent attacks have not necessarily been less successful. In fact, they have often become more sophisticated over time. In many cases, they can accomplish psychological effects on large populations to affect large masses of people.
Looking back at the 2016 events, we can conclude that it yielded several significant outcomes.
• It laid bare vulnerabilities within the electoral process, prompting an urgent call for enhanced cybersecurity measures.
• Public trust in the democratic system suffered a blow, resulting in ongoing concerns about the integrity of elections.
• Diplomatic relations between the United States and Russia experienced strain due to these allegations.
• It ignited conversations on how to effectively detect and counteract election interference.
Building A National Strategy To Reduce Election Tampering Risks
The integrity of the electoral process is fundamental to the health of democracies anywhere. This article aims to examine some of the complexities from the cybersecurity perspective of elections and discuss strategies to better detect and mitigate these evolving risks.
To ensure the integrity of national events, it is crucial for national entities to develop and implement a comprehensive cybersecurity strategy that encompasses the key pillars of cybersecurity. In addition to standard common and less common practices, let’s focus on how such a strategy can encompass deception techniques.
The suggested approach is designed to help improve the effectiveness, detection and prevention of cyber threats by implementing different types and measures of deception to better improve and protect.
Reinforcing Early Warning Systems Using Deception
To proactively detect cyber threats, deception tactics and techniques can be used to serve as part of an early warning system aimed at alerting about potential threats. Key points for an effective deception strategy include:
• Network Simulations: Simulate diverse network environments to identify a wide array of threats, adapting to different attack vectors.
• Realistic Deception: Decoy systems are designed to be indistinguishable from real systems to effectively mislead attackers while maintaining distinct characteristics for monitoring.
• Monitoring And Analysis: Continuous, sophisticated monitoring systems are in place to analyze intruder activities, providing insights into their strategies.
• Response Planning: Establish rapid response protocols to swiftly address identified threats, ensuring systems are fortified in a timely manner.
Implementations Of Deception
Deception can be done in many different ways. Below are a few examples.
1. Application Level
It’s possible to set up a fake voting website that looks exactly like the real one but with a few differences. This way, when hackers try to mess with the deceptive infrastructure, you can learn their intent and capabilities. This might include identifying if they are aiming to interfere with elections or whether they are motivated by other reasons such as financial gain.
In the above scenario, one could implement such deception techniques in several different ways and should choose the right technique for the specific situation.
• By developing “fake pages” inside the app that no one other than hackers should get to.
• By installing traps or honeypots that support specific communication protocols.
• Using platforms that provide intelligence as a service, such as adversary-generated threat intelligence (AGTI) platforms.
2. Fake Campaign Infrastructure
The previous point covered how national infrastructure can be used for specific events. However, warping specific assets, such as a specific candidate’s campaigns with deception measures, can increase the discovery of actors. Such infrastructure can include different artifacts integrated into websites, emails and other online tools used by politicians during elections. Creating deceptive assets can confuse attackers while not being noticed by regular users.
Here are some actionable steps to implement such measures.
• Identify critical assets: Analyze the campaign’s online presence to identify key assets like websites, email servers and social media accounts. Focus on those most likely to be targeted by attackers.
• Implement deceptive measures: Introduce decoy elements such as fake email accounts or web pages. These should be believable and designed to attract attackers.
• Monitor and adapt: Regularly monitor these assets. Update and adapt the deceptive elements as needed, ensuring they remain effective and undetected.
3. Misinformation Traps
Misinformation traps refer to strategically designed channels for the controlled distribution of false or misleading information. By strategically introducing false stories or misleading information into an environment, analysts can observe how and where these falsehoods spread, who amplifies them and how quickly they gain traction.
Practical examples of implementing such traps include:
• Developing A Controlled Environment: Create hidden channels where false stories can be introduced. This could be a website or social media account accessible only to targeted groups of people who have malicious intent. Share specific information with specific groups and see how it spreads and by whom.
• Ensuring Secrecy: Take measures to ensure these channels are not easily discoverable by the general public.
• Monitoring The Spread: Use analytics tools to track how the misinformation spreads and who shares it. For example, you can use free analytics software such as Google Analytics to track who accesses specific content or web pages.
Strengthening Democracy Against Cyber Threats
The 2016 U.S. presidential election interference pointed out some of the vulnerabilities that exist in democratic systems and the threats that can come from the digital realm. It’s important for national strategies to incorporate lessons from these and other incidents with a particular emphasis on how deploying deception technologies can help with having a better early warning system. Such technologies are important to identify, alert and handle cyber threats efficiently.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?