McAfee: Lack of Verified Election Websites Could Pose Cybersecurity Issues For 2020 Election

McAfee’s survey of 13 states considered “critical” in the presidential election found that 83 percent lacked .GOV validation, which verifies websites as being run by official local governments.

  • By Haley Samsel
  • Feb 05, 2020

The cybersecurity practices of county election websites could pose a significant election security threat for the 2020 presidential election, according to new research by cybersecurity firm McAfee.

Of the 13 states projected to be “critical” in the 2020 presidential election, 83 percent of county election websites lacked .GOV validation, meaning that they have not purchased a .gov web domain and therefore have not been verified as legitimate sites by the federal government. In Iowa, that number jumps to nearly 89 percent, and in New Hampshire, 90 percent of websites lack the validation.

Security experts worry that the lack of verified websites will make it easier for malicious actors, particularly foreign adversaries, to create fake government websites and spread misinformation about voting locations and results, potentially affecting the final results out of those counties.

“Without a governing body validating whether websites truly belong to the government entities they claim, it’s possible to spoof legitimate government sites with fraudulent ones,” Steve Grobman, McAfee’s Senior Vice President and Chief Technology Officer, said in a statement. “An adversary can use fake election websites for misinformation and voter suppression by targeting specific voters in swing states with misleading information on candidates, or inaccurate information on the voting process such as poll location and times.”

McAfee’s survey focused on Arizona, Florida, Georgia, Iowa, Michigan, Minnesota, Nevada, New Hampshire, North Carolina, Ohio, Pennsylvania, Texas and Wisconsin, which together count for 201 of the 270 electoral votes necessary to win the presidential election. About 46 percent of county election websites in these states did not have HTTPS encryption as well, meaning that information shared on the site’s pages is not encrypted upon submission.

“In many cases, these websites have been set up to provide a strong user experience versus a focus on the implications that they could be spoofed to exploit the communities they serve,” Grobman said.

Only about 33 percent of main county websites in Arizona were not validated by .GOV, giving it the best percentage of all of the states surveyed. McAfee noted that many county websites try to make their domains easy to remember (“votedenton.org”) and may not have the resources to transition to a .GOV domain, which requires submitting evidence of legitimacy to the government.

In turn, McAfee supports The DOTGOV Act of 2020, which would require the Department of Homeland Security to support .GOV adoption for local governments with new guidance and financial support.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3