Election Security Spotlight – Internet of Things (IoT)
What it is:
The Internet of Things (IoT) is a term used to describe physical devices (other than computers, phones, and servers) that are connected to the internet, and can collect and share data. The devices that comprise the IoT can also include ordinary objects that have had sensors added to them, allowing them to communicate in real-time without a user being physically involved. Examples of IoT devices include wearable fitness trackers, smart speakers, thermostats, lightbulbs, cars, and anything else that can connect to the internet or “talk” to other devices.
IoT devices must have sensors, which allow them to collect data from their environment. In addition, the devices must have a connection to transmit the data, and be uniquely identifiable, which is usually done through an IP address. IoT devices use multiple methods of communicating and transmitting their data, such as two devices exchanging data with each other using a Bluetooth connection. Other IoT devices can connect directly to an internet cloud-based service to exchange data, usually over Ethernet or Wireless Internet (Wi-Fi). The diagrams below, courtesy of the Internet Architecture Board, outline these two methods.
Why does it matter:
IoT devices can be found in almost all aspects of modern life. Norton has estimated that by 2025, there will be over 20 billion IoT devices around the globe. It is likely that IoT devices will be used within an election office, or wider state or local network, providing opportunities for an adversary to negatively impact an election or election network.
Many IoT devices are vulnerable to compromise and could serve as a means for an adversary to infiltrate an election network. Often these devices are mass-produced and identical, providing opportunities for an adversary to learn how to infiltrate them. An IoT device with a default or weak password could be hacked into by an adversary with a list of common default passwords, which is readily available on the internet. IoT devices that are not routinely patched or updated could be compromised by an adversary exploiting a known flaw in software. Compromised IoT devices could then be used to disrupt election office networks. For example, malware could be loaded onto an unsecured election office network through a connected IoT device that has been compromised.
Vulnerable IoT devices can accessed and have information stolen, or the devices manipulated in a way that could cause a physical disruption. Alternatively, IoT devices in buildings could be hacked into remotely to physically disrupt a polling station. While this is different from a more traditional cyber-attack, it could still pose a risk to election events. For example, a fire alarm system, if not properly secured, could be triggered remotely, or a heating system could be shut off, both of which could delay voting, vote tabulation, or other election day activities.
Beyond the direct compromise of an election network, there is also the risk that IoT devices, particularly those that have poorly secured connections, could be hijacked and turned into a botnet. This botnet could be used to target an election network. IoT devices that were compromised and added to the botnet could be used to launch a Distributed Denial of Service (DDoS) attack. Large botnets composed of IoT devices have caused disruptions in the past. It is possible that a DDoS attack on a particular server or web-hosting provider could negatively impact an election office even if it wasn’t the target. On the other hand, election IoT equipment that has been compromised and added to a botnet could be used to conduct malicious activity against others.
What you can do:
Update and patch IoT devices to reduce the risk of an attacker exploiting a known weakness. Reduce the vulnerability of all devices by changing their default passwords to passphrases in accordance with the latest National Institute of Standards and Technology (NIST) guidance. Securely configure IoT devices that must be connected to an election network, and monitor the network for any potential intrusions.
Election networks should be properly segmented to prevent any unauthorized access. Elections-related work (vote tabulation, reporting, etc.), should only occur on a trusted network, and secure election workstations and servers should not interact with public workstations. Election offices should use a centrally managed anti-malware software to defend workstations and servers.
No tactic can completely prevent a large-scale DDoS attack. Election offices should ensure that there is a clearly defined backup plan in the event a DDoS attack occurs during an election. Similarly, a backup location for election day activities should be identified, in the event that there is a physical disruption. Filtering ports, enabling firewall logging, and configuring firewalls and IDS and IPS devices to sound the alarm on anomalies in network traffic could reduce the risk of a DDoS attack severely disrupting an election network. Election offices should maintain an effective partnership with their Internet Service Provider (ISP) and know what assistance they can provide in the event of a DDoS attack. Preventative services such as those provided at no-cost by Cloudflare and Google will mitigate instances of these attacks. More information on these types of attacks and how to respond is available in our Guide to DDoS Attacks.
The EI-ISAC Cybersecurity Spotlight is a practical explanation of a common cybersecurity concept, event, or practice and its application to Elections Infrastructure security. It is intended to provide EI-ISAC members with a working understanding of common technical topics in the cybersecurity industry. If you would like to request a specific term or practice that may be of interest to the elections community, please contact firstname.lastname@example.org.