Another out of cycle post, this one directed to anyone who is running balloting operations for the upcoming elections. I make jokes all the time about our next president being elected by the Russian Cyber Army, the Chinese Peoples Liberation Army Unit 61398, the ISIS Cyber Caliphate, or the Syrian Electronic Army. But this is a potential reality, and US-CERT has released a publication advising local election officials and those that support the information technology systems and networks that support it.
It turns out, not surprisingly, that electronic voting systems, and voter registration databases, are subject to the same sorts of attacks that have been plaguing other businesses. The warn to be on guard for phishing emails, ransomware, server vulnerabilities to exploits such as SQL injection, cross-site scripting.
Solutions include having good working (tested) backups, application white-listing, patching and updating, controlling administrative privileges, and setting up firewalls to block traffic coming from or going to overseas IP addresses. They also advise inviting a penetration tester in to try and uncover exploitable vulnerabilities that may exist.
If you are working with systems that will be used in the coming election, please take a moment to read their article.