McAfee: Lack of Verified Election Websites Could Pose Cybersecurity Issues For 2020 Election

McAfee’s survey of 13 states considered “critical” in the presidential election found that 83 percent lacked .GOV validation, which verifies websites as being run by official local governments.

The cybersecurity practices of county election websites could pose a significant election security threat for the 2020 presidential election, according to new research by cybersecurity firm McAfee.

Of the 13 states projected to be “critical” in the 2020 presidential election, 83 percent of county election websites lacked .GOV validation, meaning that they have not purchased a .gov web domain and therefore have not been verified as legitimate sites by the federal government. In Iowa, that number jumps to nearly 89 percent, and in New Hampshire, 90 percent of websites lack the validation.

Security experts worry that the lack of verified websites will make it easier for malicious actors, particularly foreign adversaries, to create fake government websites and spread misinformation about voting locations and results, potentially affecting the final results out of those counties.

“Without a governing body validating whether websites truly belong to the government entities they claim, it’s possible to spoof legitimate government sites with fraudulent ones,” Steve Grobman, McAfee’s Senior Vice President and Chief Technology Officer, said in a statement. “An adversary can use fake election websites for misinformation and voter suppression by targeting specific voters in swing states with misleading information on candidates, or inaccurate information on the voting process such as poll location and times.”

McAfee’s survey focused on Arizona, Florida, Georgia, Iowa, Michigan, Minnesota, Nevada, New Hampshire, North Carolina, Ohio, Pennsylvania, Texas and Wisconsin, which together count for 201 of the 270 electoral votes necessary to win the presidential election. About 46 percent of county election websites in these states did not have HTTPS encryption as well, meaning that information shared on the site’s pages is not encrypted upon submission.

“In many cases, these websites have been set up to provide a strong user experience versus a focus on the implications that they could be spoofed to exploit the communities they serve,” Grobman said.

Only about 33 percent of main county websites in Arizona were not validated by .GOV, giving it the best percentage of all of the states surveyed. McAfee noted that many county websites try to make their domains easy to remember (“votedenton.org”) and may not have the resources to transition to a .GOV domain, which requires submitting evidence of legitimacy to the government.

In turn, McAfee supports The DOTGOV Act of 2020, which would require the Department of Homeland Security to support .GOV adoption for local governments with new guidance and financial support.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3