In an upcoming election that is sure to be one of the most contested of our time, voters across the country have expressed valid concerns about election interference and its impact on American democracy. The looming possibility of election tampering has been a key talking point for candidates and pundits alike.
In an attempt to anticipate all of the potential angles of election interference and prepare government officials to manage threats on Election Day, one cybersecurity company has created an immersive simulation exercise called Operation Blackout.
Operation Blackout: Simulating Election Interference
Bomb threats are being called into a local post office. Traffic lights are malfunctioning throughout the city. Fake stories about a COVID-19 outbreak among poll workers are circulating on the internet. All of these events are taking place in the fictional town of Adversaria, the central location of Cybereason’s Operation Blackout simulation exercise.
Sometimes preventing criminal behavior requires thinking like a criminal, and Operation Blackout allows its participants to do just that. There are more ways to undermine the legitimacy of November’s election than tampering with voting equipment or the ballots themselves. Distractions, disinformation, and disasters could all prevent voters from getting to the polls in the first place.
“I think the attention for the most part has been by security professionals on: how do you hack the electoral rolls? How do you hack the machinery of voting? That’s important; it’s not all there is,” Sam Curry, the chief security officer at Cybereason, explains.
Cybereason’s holistic approach to election security attempts to safeguard the entire voting process. The purpose of its Operation Blackout exercise is to prepare government officials for the unthinkable and train them to play offense rather than defense.
With a high-stakes election on the horizon, election offices across the nation are prioritizing election security. Curry says, “We want to make sure that the folks who are going to be administering (elections) – volunteers, local law enforcement, state and city governments – are aware of what might happen, and that they’re as prepared as can be.”
Hoping for the Best, Preparing for the Worst
Operation Blackout consists of a three-team system. Members of the Red Team focus on election hacking, coming up with as many ways as possible to undermine the election. The Blue Team is comprised of those responding to threats on Election Day and working on counter efforts against election interference.
Finally, the White Team’s role is to coordinate moves between the Red and Blue Teams. This team controls the simulation, deciding how both the Red and Blue Team’s moves are impacting the environment.
In the simulation, phases last 15 minutes each and represent different timeframes: three weeks before the election, two weeks before, one week before, and the day of the election. The Blue and Red teams are allowed to make both “development” and “action” moves.
A development move for the Red Team might be using deepfake technology to create videos that spread disinformation to voters. For the Blue Team, a development move could be requesting additional manpower on the ground from the federal government. An action move would then be the deployment of those plans: hacking a government official’s social media account to post the deepfake video, or mobilizing troops.
Who participates in the simulation? Players in the Red Team are often a mix of public and private sector individuals in city and state government, academia, and technology. This includes white-hat hackers, college students, security professionals, and Cybereason employees.
The Blue Team is made up of local law enforcement officials, city clerks, U.S. Secret Service members, and Department of Homeland Security officials. Previous simulations have included staff from governors’ and mayors’ offices and various IT staff from local police departments. Curry leads the White Team, along with other Cybereason staff members.
These simulations are held multiple times throughout the year in major cities across the U.S., where all branches of law enforcement are invited to attend. While the exercise would normally take place in-person, the pandemic has turned Operation Blackout digital and participants now meet over Zoom.
In the midst of the COVID-19 pandemic, government officials are already dealing with unanticipated concerns and vulnerabilities. Operation Blackout allows these individuals to train themselves in a realistically tense but low-risk setting, in which they can strategize and prepare for potential real-life crises.
Much lies upon the integrity of the 2020 election. If government officials can learn to expect the unexpected and practice forming plans to combat threats, they’re much more likely to react to election interference quickly and effectively.