Election Dissection caught up with David Levine of the Alliance for Securing Democracy about this week's news that Microsoft launched a preemptive strike against Trickbot, one of the world's most notorious hacker computer networks. Criminals have used Trickbot to attack banks, hospitals and local governments with ransomware in recent years. There's fear that Russia or other foreign entities could launch a ransomware attack to disrupt the 2020 count.
The actions by Microsoft, the U.S. Cyber Command and others indicate that the U.S. is in a far stronger position than it was in 2016, Levine said. Here are highlights from our interview.
Why was the Microsoft action against Trickbot important?
Trickbot is one of the world's most prolific distributors of ransomware, and ransomware is one of the biggest threats to the 2020 election. It can be used to hijack people's computers and IT systems. It can force victims to pay up to get them unlocked.
We know that Russian intelligence sources have commandeered cyber criminal botnets before. Microsoft's actions are really important because they're not only taking steps to protect against botnets, they're also trying to be proactive and reduce their capabilities.
Do the actions by Microsoft, the U.S. Cyber Command and the Department of Homeland Security show we're in a better position in 2020, compared with the last presidential election?
This is a perfect example of how we've made strides since 2016. We have a greater understanding of potential foreign threats, as well as more tools in the toolbox for how to prevent them, detect them and recover from them.
Election officials have done a number of things to help ensure our infrastructure is more resilient this time around. There's more information sharing between state and federal agencies. There's much more cyber training. There's much more testing of systems to identify vulnerabilities and fixing them.
In 2016, we were just trying to wrap our arms around the threat, what foreign interference might look like. Today, the FBI and the Cybersecurity and Infrastructure Security Agency [part of DHS] have been warning us every couple of days about emerging threats, including ransomware. This threat shouldn't come as a surprise to anyone.
What should state and local authorities be doing to guard against these threats?
Some of it is making sure they've got paper processes in place and backups of voter registration databases on hand to be able to recover. Election officials need to change passwords at appropriate intervals. They need to be doing the training.
Some big jurisdictions have their own IT and information security support. Others don't. If they identify issues in any of their networks, they need to loop in state and federal resources, like DHS, to identify, investigate and mitigate threats if possible.
If you see something unusual, something that looks different, it's incumbent to say something, to bring in IT and security experts as soon as possible.
