Election security’s sticky problem: Attackers who don’t attack votes

Let’s say it’s four weeks until Election Day 2020 and threat actors are busy at work planning to disrupt the election. Election officials are working to thwart their nefarious plans: Who will come out on top? That’s the biggest question Operation BlackOut sought to answer in a simulated election event held on Aug. 19.

More than 40 cybersecurity professionals gathered virtually in the event organized and managed by Cybereason to see whether the essential mechanisms of an election were subject to successful attack and whether they could, to any significant extent, be defended. The participants came from law enforcement, government, security consulting, and academic organizations, divided into red and blue teams contending over a successful election in the mythical city of Adversaria.

One of the rules of the simulation was that voting machines were off-limits: The red team couldn’t assume that the equipment for actual voting was vulnerable.

And that led to an interesting situation and philosophical question: If what the adversary was attacking and what the defenders were protecting were two different things, could both sides claim success?

To read the full version of this story, visit Dark Reading.