The US government plans to launch a program in roughly one month that narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election, Reuters reports.
Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data, the report said.
“We assess these systems as high risk,” an unidentified senior US official was quoted as saying.
The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department, fears the databases could be targeted by ransomware, a type of virus that has crippled city computer networks across the United States, including recently in Texas, Baltimore and Atlanta.
“Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” said Christopher Krebs, CISA’s director.
“That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”
A ransomware attack typically locks an infected computer system until payment, usually in the form of cryptocurrency, is sent to the hacker.
The effort to counter ransomware-style cyberattacks aimed at the election runs parallel to a larger intelligence community directive to determine the most likely vectors of digital attack in the November 2020 election, according to current and former US officials.
“It is imperative that states and municipalities limit the availability of information about electoral systems or administrative processes and secure their websites and databases that could be exploited,” the FBI said in a statement, supporting the Homeland Security initiative.
CISA’s program will reach out to state election officials to prepare for such a ransomware scenario. It will provide educational material, remote computer penetration testing, and vulnerability scans as well as a list of recommendations on how to prevent and recover from ransomware.
These guidelines, however, will not offer advice on whether a state should ultimately pay or refuse to pay ransom to a hacker if one of its systems is already infected.
“Our thought is we don’t want the states to have to be in that situation,” said a Homeland Security official. “We’re focused on preventing it from happening.”
– Contact us at [email protected]