Hackers still employ these strategies but are evolving in robustness and intricacy. Innovations make it
            harder  for  analysts  to  execute  incident  response  and  isolate  threats.  Novel  techniques  arise  yearly,
            determined to compromise public trust and dismantle democratic systems.

            Historically  destructive  attacks  motivated  the  U.S.  Cybersecurity  and  Infrastructure  Security  Agency
            (CISA)  to  act.  The  organization  was  formed  after  the  Russian-catalyzed  decommissioning  of  voting
            servers in 2016, which released confidential candidate communications and instigated spear-phishing
            emails meant to sway results.

            The group presented an election strengthening program to the National Association of State Election
            Directors and the National Association of Secretaries of State to decrease digital risks. It onboarded new
            hires with election expertise and distributed them nationwide. It will conduct reviews of state-specific
            election processes and machinery.



            AI and Deepfakes

            AI phone calls became rampant in New Hampshire as the state approached its primary election window.
            The robocalls sounded like President Joe Biden and caller IDs falsely showed Kathy Sullivan’s name, a
            former  party  chair.  The  impersonation  delivered  a  message  to  discourage  people  from  voting.
            Remediation  demanded  FCC  involvement,  investigators  and  multiple  cease-and-desist  orders  to  the
            guilty telecoms company.

            The  event  signified  a  shift,  demonstrating  how  threat  actors  will  leverage  AI  capabilities  to  spread
            disinformation and dismantle voting rights. Generative AI, deepfakes and chatbots deepen the issue
            because AI’s versatility keeps expanding. For example, hackers may use data poisoning in a machine
            learning database to fix outputs, leading to falsely informed determinations.

            Solving these unprecedented attack variants needs a multipronged plan. New Hampshire prepared by
            establishing a voter suppression law, but more action is necessary to expound upon AI-specific rules at
            a federal level. The Biden administration issued an executive order in 2023 to construct policies for dual-
            use foundation models because of how much data they train and their accelerating development.

            CISA recommendations and up-and-coming compliance framework suggestions from organizations like
            NIST, ISO and OWASP are outlining AI security opportunities applicable to voting systems.



            Phishing

            Phishing has always been a problem for election officials. The COVID-19 pandemic increased the amount
            of absentee ballots and online voting registrations, causing the number of digital communications related
            to elections to skyrocket.










            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          176
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.