Ransomware, botnets could plague 2022 midterms, NSA cyber director says
SAN FRANCISCO — The National Security Agency is concerned that ransomware and botnet attacks could be used in the upcoming midterms to further erode confidence that the U.S. can conduct safe and secure elections, a senior official said Wednesday.
“For us, we are worried about both ransomware and botnets because that's in our technical lane,” NSA Director of Cybersecurity Rob Joyce told reporters during a roundtable at the RSA conference.
“The worry in all of election security is trust and confidence that we've delivered a safe and secure election," he added. "If elections are subject to ransomware, or if there's a botnet that runs a denial of service, what you'll find is that's probably going to, in this day and age… escalate and be an issue of trust."
The somber assessment comes as Republican members of Congress and candidates at the federal, state and local levels continue to push unfounded claims that the 2020 presidential election was stolen.
Last month, the NSA and U.S. Cyber Command revealed new leaders of a joint election security task force that will work to protect the midterms against foreign interference.
Army Gen. Paul Nakasone, who helms both organizations and established the joint endeavor to guard the 2018 midterms against Russian meddling, has placed a premium on ensuring the security and legitimacy of the nation’s elections.
Joyce noted that NSA and Cyber Command are “background players” to the Cybersecurity and Infrastructure Security Agency (CISA), which is responsible for securing the country’s voting infrastructure, and the FBI, which tackles disinformation operations.
“We'll do intelligence, certainly, on disinformation, misinformation and other things,” he told reporters.
Earlier in the day, an election security expert warned that campaigns, which have been a perennial target for phishing attacks against personal and professional email accounts, could be struck by ransomware.
“A risk that I am most fearful of is the growing trend of ransomware attacks,” according to Ethan Chumley, senior security strategist for critical institutions for Microsoft.
He added that the pool of potential targets of phishing attacks has grown beyond the personal email accounts of candidates and their staff to include family members and personal advisors.
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.