Is there a weaponized case of deja vu coming for the election?!
The following military war game exercises were orchestrated “in partnership with both with public and private sector professionals,” rehearsing scenarios that could confuse and subvert the American People by deliberately sabotaging our upcoming election. Don’t let them fool us again. Don’t let them divide us. UNITED WE STAND!
March 20, 2020
Mike Pompeo: “We’re in a live exercise here”
August 19, 2020 | BY ALLIE MELLEN | Cybereason
“Lesson Learned: Elections can be targeted by anyone looking to cause chaos, not just by nation state threat actors. It’s critical to understand that it doesn’t take very much time, money, or effort to cause some level of confusion.”
“Recent times have seen election tampering by special interest groups and foreign powers in the United States, Europe and Asia. With looming, late 2020 elections across the world and a global pandemic underway, Cybereason has been hosting election security tabletop exercises in partnership with both public and private sector professionals to test our resilience to possible disruptions.
OPERATION BLACKOUT SUMMARY OF EVENTS
VIRTUAL EDITION – AUGUST 19, 2020
This was a simulation with professionals playing the role of hackers and actual law enforcement officials drawing off their experience to respond to disruptions. No actual hacking was conducted during the exercise.
The goal of the tabletop exercise is to examine and advance the organizational responsiveness of government entities to an anarchic group’s attempts to undermine democratic institutions and systems of governance in the republic.
Most election security discussions and exercises focus on the mechanics and minutiae of hacking election equipment or contaminating and violating the integrity of voter roles. This exercise explicitly excluded targeting election equipment from consideration to focus instead on everything else in the electoral system.
The scenario pitted a team of veteran law enforcement officers and government officials against a group of ethical hackers, academics and security professionals from the private sector. The law enforcement team was the Blue Team: Adversaria Task Force, and the ethical hackers were known as the Red Team: Kill Organized Systems (K-OS) hacktivist group.
The game administration and control as well as ad hoc role needs in the game sequence was controlled by a Control Team, run by Cybereason. A Cybereason-staffed team both adjudicated the event and provided government support options as appropriate.
The event took place in the fictional city of Adversaria in the weeks leading up to a typical election day. Turns in the simulation lasted 15 minutes of real time, modeling 3 weeks from the election, 2 weeks from the election, 1 week from the election, and the day of the election. The event started with a short strategy turn and was followed by three additional turns.
Once both teams had submitted their turn moves, the Control Team decided how these moves impacted the simulation. They then informed the teams of any changes to the environment, and teams pursued the next round of moves. Each team is allowed a set of two actions and one development per turn, known as their turn moves.
RED TEAM MOVES:
- Development: A development is a capability the team wishes to develop so they may use it on subsequent turns. For example, the Red Team may wish to develop the capability to use deep fake technology. They would need to expend a development turn to develop the capability, then they may use the capability on the next turn in the game.
- Action: An action is a capability the team wishes to expend during a turn. For example, the Red Team may wish to gain access to the social media accounts of the local government. They would need to expend an action turn to use this action.
BLUE TEAM MOVES:
- Development: A development is a capability the team wishes to develop, typically by asking for assistance by calling up reserves, calling on other agencies, or by getting assistance in other ways. For example, Blue Team may wish to call the federal government (the Control Team) for additional support if they need more boots on the ground. They would need to expend a development turn to develop the capability, then they may use the capability on the next turn in the game.
- Action: An action is an assignment of a group of officers to a task. For example, the Blue Team may wish to deploy 100 police officers to polling stations at zones 3, 4, and 7. They would need to use an action to deploy the officers during a turn.
There is a lot of leeway for what makes up an action or development. In a single action, one may accomplish several goals. For example, the Blue Team may expend one action to deploy 100 police officers to polling stations at zones 3, 4, and 7, while also using the same action to send harbor patrol to watch bridges. For both teams, action turns can be turned into development turns if so desired, but the reverse was not allowed.
The Control Team determines what moves are too far out of scope for the turn:
You Can’t Prepare for Every Scenario
- To this day, the adversary still has the advantage over the defender. They are able to take actions across a huge spectrum of possibilities, whereas law enforcement must work within the bounds of the law. It is impossible for law enforcement to prepare for every scenario an attacker might implement.
- Lesson Learned: It’s critical for law enforcement to proactively prepare and be aware of the potential actions an attacker may take. These tabletop exercises give law enforcement a deeper understanding of what can go wrong and how, so they may use that information to develop processes that prepare them for the worst outcomes.
ACTIONABLE INSIGHTS FOR LAW ENFORCEMENT AND GOVERNMENT
Communication is Key
- Use Media Effectively: Broadcast media is the bully pulpit. Make sure it’s used effectively to help counteract the effects of misinformation through other channels.
- Use Multiple Channels: Have several alternate means of communication. Assume that cell phones can be compromised, social media is unreliable, and that radios have weaknesses like jamming. Make sure to practice out-of-band communications, and have a default contingency to establish central communications and coordination.
- Don’t Forget Radio: The amateur radio service can provide alternate means of communications in the event of an issue with the main communication channels. Having a local amateur operator part of the ARRL at precincts or dispatch can help tremendously in the event main communication channels fail.
Developing Technology Poses Unknown Threats
- Coordinate with the Private Sector: Coordinate with major providers of infrastructure and transportation ahead of time, including private companies that provide the technical aspects of that infrastructure. Understanding where things like the power grid are vulnerable can help prevent potential attacks on key utilities.
You Can’t Prepare for Every Scenario
- Collaborate with Other Government Agencies: Take advantage of government resources to augment existing law enforcement and provide additional intelligence. Use peacetime to establish relationships with cyber centers and other levels of government. Make sure that the police department has a means to communicate with the rest of the government and has existing relationships with the city communications office. The police department and the city press officers should be coordinated in the event of an incident and should convene in the event of a crisis.
- Develop Playbooks: Run specific-to-your city tabletop exercises that account for existing idiosyncrasies in your community, city, and other relationships. In a crisis, you don’t want to be thinking about “how” to do things or what your options are, but should be running playbooks like a well oiled machine. If professional sports teams work this way on the field, local government and law enforcement should be just as prepared around elections.
- Take Region Into Account: As with any good police work, understand the regional nuances and sensitivities in the community to adequately prepare for when they will be manipulated or put at odds.
- Consider Non-conventional Scenarios: Law enforcement and government should always try to think outside the box. Even though their role is limited to public safety, and crime prevention, recognizing that there are possibilities for physical safety issues from infrastructure is key.
- Deploy Early: Ensure good resource deployment prior to the elections by having a police presence in place before the event. This will lead to less of a psychological impact on civilians if more officers must be deployed, especially in areas where law enforcement is viewed with distrust.
FEEDBACK AND NEXT STEPS
While each subsequent election security simulation improves on the one before, the consensus was that this was a solid immersive experience for practicing cyber incident readiness much as war games prepare the military in times of peace. These exercises will continue to be critical as we get closer to the November 3rd election and beyond in order to consider every possible avenue of attack and prepare a strong defense.
Cybereason would like to thank all participants for their willingness to dedicate valuable time and energy to this event, and for their faith in suspending disbelief to engage in an immersive tabletop experience.
Finally, no actual hacking was performed and no innocent bystanders, hackers, networks, systems, police officers, students, social networks, or republics were harmed in the course of this simulation or its aftermath.”