On Thursday, Cybereason, a Boston-based cybersecurity firm, will game out an exercise that puts pretend hackers up against pretend city emergency responders to see what would happen if cybercriminals aimed to disrupt an election by keeping people from voting.
The experiment is happening without computers, however.
Why it matters: There are dozens of ways to interfere with an election without touching voting equipment, ranging from causing traffic jams to blasting air conditioning in a polling place on an already cold day. Nearly all of our attention to election security has focused on attacks Russia has already tried or on the most obvious target — the voting machines themselves. But the next wave of attacks won't play by the rulebook we expect bad guys to use.
Tabletop exercises are group games that are sort of like a two-team Dungeons & Dragons — no computers, just paper and brains. It's an interesting scenario to play out in your head. What needs to happen ...
- Voters need to know where and when to vote. A hacker could conceivably depress voter turnout by uploading false stories about polling place changes or extended hours for polls that plan to close on time.
- Voters need to get to the polls. Hackers could close a major bridge, preventing people from getting to the polls. They could tie up transportation by informing bus drivers they've been given an extra day off.
- Voters need to wait in line to cast a vote. False reports of gun violence near polling places or a nearby explosion might reduce the amount of time someone might be willing to wait.
Ross Rustici, Cybereason's senior director of intelligence services, says the experiment likely will be harder for the pretend city team which has to anticipate and defend, but the more difficult it is now, the better prepared local and state officials may be come the midterms.