Put aside your political leanings: there is evidence to suggest that 2020 election hacking in the U.S. is a real possibility.
We’ve already told you about the dire need for more secure voting machines; how more than a few Pennsylvania counties will be using out-of-date electoral systems by the time the 2020 elections take place; and how the general need for more secure elections is relevant after 2016.
Now, a recent Reuters report says that the U.S. government will soon launch an initiative to protect voter registration databases in order to minimize 2020 election hacking.
The same systems compromised by Russian hackers
The systems the government aims to protect are the same voter eligibility machines which were compromised by Russian hackers in the 2016 election, says the Reuters report.
A senior U.S. official told Reuters that these internet-connected systems are assessed as a “high risk;” specifically for ransomeware, a type of virus which has recently affected city computer networks in Texas, Baltimore, and Atlanta, Reuters said in their story.
They work by locking out an infected system until a payment is sent to the perpetrator.
The government program will alert state’s election officials to thoroughly prepare for ransomware attacks with educational materials, penetration tests, and vulnerability scans.
The problem with this plan
I sense one key issue with this plan, and it is one I’ve noticed over and over again during the past few years: this plan will not make recommendations to states in regards to whether or not they should pay hackers in the event of a successful ransomware breach.
Because, according to what one official told Reuters, the idea is that they want to prevent these attacks from happening in the first place.
That seems a bit short-sighted, no?
Ask any reasonable, experienced IT professional about whether a data breach is likely, and they’ll likely tell you it’s a case of “when,” not “if.”
It’s great that the U.S. is finally starting to take potential 2020 election hacking seriously, but if they want to truly put a plan in place to handle it, that plan has to include a “if all else fails” clause. Wouldn’t you expect the same for your organizations’ or business’ data security?