ST16-001: Securing Voter Registration Data

["US-CERT" <US-CERT () ncas us-cert gov>]

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

ST16-001: Securing Voter Registration Data [ https://www.us-cert.gov/ncas/tips/ST16-001 ] 09/15/2016 08:16 PM EDT 
Original release date: September 15, 2016

  

*Overview*

Voter registration databases (VRDB) and election systems are rich targets and may continue to experience frequent 
attempted intrusions. This problem is not unique to individual states—it is shared across the nation. The keys to good 
cybersecurity are awareness and constant vigilance.
 

*What are the threats that may place voter data at risk?*

Malicious actors may use a variety of methods to interfere with voter registration websites and databases. Some methods 
of attack are listed below.


  * *"Phishing emails"* attempt to manipulate users into clicking on a malicious link or downloading a malicious file 
attachment. Systems infected through phishing attacks act as an entry point for threat actors to spread throughout an 
organization, steal voter information, or disrupt voting operations. For guidance to defend against phishing, see the 
United States Computer Emergency Readiness Team (US-CERT) Tip on Avoiding Social Engineering and Phishing Attacks [ 
https://www.us-cert.gov/ncas/tips/ST04-014 ]. 
  * *"Structured Query Language (SQL) injection "*is an attack technique that attempts to subvert the relationship 
between a webpage and its supporting database, typically to obtain information in the voter registration database. See 
US-CERT’s Publication on SQL Injection [ https://www.us-cert.gov/security-publications/sql-injection ] for more 
information. 
  * *"Cross-site scripting (XSS)"* *"vulnerabilities" *allow threat actors to insert and execute unauthorized code in 
web applications. Successful XSS attacks on voter registration websites can provide the attacker unauthorized access to 
voter information. For prevention and mitigation strategies against XSS, see US-CERT’s Alert on Compromised Web Servers 
and Web Shells [ https://www.us-cert.gov/ncas/alerts/TA15-314A ]. 
  * *"Denial-of-service (DoS)"* *"attacks" *prevent legitimate users from accessing information or services. A DoS 
attack can make a voter registration website unavailable or deny access to voter registration data. Contact your 
Internet service provider (ISP) to discuss ways they can help block DoS attacks targeting your organization. For more 
information on DoS, see US-CERT’s Tip on Understanding Denial-of-Service Attacks [ 
https://www.us-cert.gov/ncas/tips/ST04-015 ]. 
  * *"Server vulnerabilities"* may be exploited to allow unauthorized access to sensitive information. An attack 
against a poorly configured server running a voter registration website may allow an adversary access to critical 
information and to the supporting voter registration database itself. See US-CERT’s Tip on Website Security [ 
https://www.us-cert.gov/security-publications/website-security ] for additional information. 
  * *"Ransomware"* is a type of malicious software that infects a computer system and restricts users' access to system 
resources or data until a ransom is paid to unlock it. Affected organizations are discouraged from paying the ransom, 
as this does not guarantee access will be restored to a compromised VRDB. For more information on ransomware, see 
US-CERT’s Publication on Ransomware [ https://www.us-cert.gov/security-publications/Ransomware ].
  

*What prevention measures should I employ to protect against these threats?*

DHS encourages election officials and network administrators to implement the recommendations below, which can prevent 
as many as 85 percent of targeted cyber attacks. These strategies are common sense to many, but DHS continues to see 
intrusions because organizations fail to use these basic measures.   


  * *Application whitelisting –* This is one of the best security strategies as it allows only specified programs to 
run while blocking all others, including malicious software. 
  * *Patch applications and operating systems –* Vulnerable applications and operating systems are the targets of most 
attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points 
available to an attacker. 
  * *Restrict administrative privileges –* Limiting user permissions to only necessary functions may prevent malicious 
software from running or limit its capability to spread through the network. 
  * *Understanding firewalls – *When anyone or anything can access your network at any time, your network is more 
susceptible to being attacked. Firewalls can be configured to block data from certain locations (IP whitelisting) or 
applications while allowing relevant and necessary data through. 

A commitment to good cybersecurity and best practices is critical to protecting voter registration data. Here are some 
questions you may want to ask of your organization to help prevent attacks against voter registration websites and 
databases:


  * *Backups*: Do we backup all critical information? Are the backups stored offline? Have we tested our ability to 
revert to backups during an incident? 
  * *Risk Analysis*: Have we conducted a cybersecurity risk analysis of the organization? 
  * *Staff Training*: Have we trained staff on cybersecurity best practices? 
  * *Vulnerability Patching*: Have we applied appropriate patching of known system vulnerabilities? 
  * *Application Whitelisting*: Do we allow only approved programs to run on our networks? 
  * *Incident Response*: Do we have an incident response plan and have we practiced it? 
  * *Business Continuity*: Are we able to sustain business operations without access to certain systems? For how long? 
Have we tested this? 
  * *Penetration Testing*: Have we attempted to hack into our own systems to test the security of our systems and our 
ability to defend against attacks?
  

*How do I respond to unauthorized access to voter registration data?*

*"Implement your security incident response and business continuity plan"*. It may take time for your organization’s IT 
professionals to isolate and remove threats to your systems and restore normal operations. In the meantime, you should 
take steps to maintain your organization’s essential functions according to your business continuity plan. 
Organizations should maintain and regularly test backup plans, disaster recovery plans, and business continuity 
procedures.

*"Contact law enforcement or DHS immediately"*. We encourage you to contact your local FBI field office, the FBI 
Internet Crime Complaint Center [ http://ic3.gov ] (IC3), or DHS’s National Cybersecurity and Communications 
Integration Center [ https://www.us-cert.gov/report ] (NCCIC) immediately to report an intrusion and to request 
incident response resources or technical assistance.

________________________________________________________________________

Author: US-CERT Publications________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]