McAfee: Midterm Elections Ripe for Manipulation

Written by Edward Gately
October 18, 2018

At McAfee's MPower Security Summit, Steve Grobman, senior vice president and chief technology officer, discussed findings regarding election security.

(Pictured above: McAfee’s Steve Grobman on stage at MPower in Las Vegas, Oct. 18.)

MCAFEE MPOWER — With midterm elections just weeks away, McAfee has been researching the possibility for manipulation — with disturbing results.

The findings were shared during a briefing at this week’s McAfee MPower Security Summit in Las Vegas. About 3,000 partners and customers attended the conference.

Steve Grobman, McAfee’s senior vice president and chief technology officer, said it’s too late to do anything about potential manipulation in the midterm elections, but his company is in the process of initiating discussions to help safeguard future elections.

“I would say there are definite risks of manipulation of the election process through a variety of means,” he said.

At the local level, there is very little, if any, regulation concerning political websites, which very often are not regulated for issuance by the government, meaning their URL isn’t .gov, but .com or .net, Grobman said. So anybody can go to GoDaddy and register a website domain that looks like that of a candidate running for office, he said.

“Some of the most basic cyber-hygiene practices are not being practiced by these jurisdictions,” he said.

Also, local jurisdictions are not requiring political websites to include secure sockets layer (SSL), which is the standard security technology for establishing an encrypted link between a web server and a browser, he said.

“SSL is not a new thing,” Grobman said. “It gives you a higher level of assurance that you’re communicating with the site you think you are communicating with.”

McAfee examined a number of battleground stages or states with interesting activity this election cycle, he said. The vast majority of jurisdictions don’t enforce SSL, meaning “an actor could have a much easier time injecting content into a site,” he said. More regulation is provided at the state level, but most elections are run at the county level, which are “doing things without much guidance,” he said.

And outside of websites, manipulation can come in the form of phishing emails, such as those to remote or rural residents saying the nearest polling place is far from their homes, “so there needs to be a healthy level of skepticism when consumers receive information about an election,” Grobman said.

In terms of election tampering, it’s critical that all voting has a physical paper trail, he said. Only a very small segment of the population is able to inspect voting machines to determine if they’re secure, “which is counter to the democratic process, so paper is incredibly important,” he said.

Also during the conference, McAfee CEO Chris Young said his company has realized its cloud native vision with its acquisition of Skyhigh Networks, a provider of cloud access security broker (CASB) software, and its Mvision product portfolio. Mvision is a cloud-native suite that allows customers to deploy security on their terms as they move to the cloud.

“We now offer a … solution that protects workloads, data and users across SaaS, PaaS and IaaS as you move your infrastructure, data and users to the cloud,” he said. “And we’re now making the cloud as secure as it is open. As you move to the multicloud world, Mvision moves with you. It’s true security as a service. McAfee is the only company providing you security from device to cloud, and doing it all in cloud.”