A cyberattack targeting critical infrastructure could disrupt the Nov. 6 midterm elections by suppressing voter turnout, security experts say.
The US economy includes interlocking "essential services" like the power grid, dams, water treatment facilities and telecommunication networks. Cybersecurity experts warn that if a cyberattack hits one of these sectors on or before Election Day, voters in key swing districts might have a hard time accessing essential voting information or getting to the polls.
Systems maintained by cities, states and the federal government are vulnerable because the infrastructure is old and often runs out-of-date software and because vulnerabilities are widely distributed on the dark web, said Theresa Payton, CEO of cybersecurity company Fortalice Solutions and former White House chief information officer.
"If [a remote access trojan] is discovered, that could potentially be that silent backdoor that lets somebody slip in [to] critical infrastructure, hiding under a sort of cloak of anonymity ... and ... leverage that backdoor to do bad things," said Payton.
In 2017 and 2018 security researchers discovered that Russian hackers were probing the US electrical grid. Although the grid is diverse with no single point of control, "they got to the point where they could have thrown switches," Jonathan Homer, chief of industrial-control-system analysis at the Department of Homeland Security, said in a Wall Street Journal interview.
Since the incursion, DHS has been working with states to help identify vulnerabilities. After the most recent Russian probe, the agency stated, "Over the course of the past year as we continued to investigate the activity, we learned additional information which would be helpful to industry in defending against this threat."
While it's unlikely that a cyberattack targeting the grid could turn off the power to the entire nation, swing districts are particularly vulnerable. Payton said that suppressing only a few votes might be enough to change the outcome of an election, and a well-timed attack could undermine voter confidence.
"We can't afford to have that happen," Payton said. "Our elections are considered some of the most free and open democratic elections in the world."
For more on critical infrastructure hacks and how they may affect the upcoming midterm elections, read the full story on CBS News.
Campaign 2018: Election Hacking is a weekly series from CBS News and CNET about the cyberthreats and vulnerabilities of the 2018 midterm election .
- Flaws in critical-infrastructure software could have meant catastrophe (CNET)
- Cybersecurity at power plants needs advice it can actually use (CNET)
- Atlanta hit with cyberattack demanding ransom for access to files (CBS News)
- Major cyber firm says hackers are targeting U.S. energy (CBS News)
- Massive flaw could give hackers full control of critical infrastructure (TechRepublic)