State and local government leaders in the US feel underprepared and under-resourced for the election security challenges facing them in 2024, and they're especially worried about AI interference, according to a new poll.
A survey commissioned by cyber firm Arctic Wolf shows officials are concerned that artificial intelligence tools could be used to supercharge disinformation campaigns and phishing attacks targeting election workers.
"The findings of this survey [highlight] concerns that state-sponsored and espionage threat groups will use the elections for phishing lures and social engineering attacks, while Ransomware-as-a-service groups may also target election infrastructure to disrupt election preparations for financial gain," the firm said in a statement.
Arctic Wolf polled more than 130 state and local government officials, including those responsible for IT and cybersecurity systems, to determine which AI-powered threats they worry about the most. Disinformation campaigns (50.7%), phishing attacks (47.1%) and hacking attempts in the election process, websites and systems (45.6%) top the list of threats.
"These AI-generated falsehoods can target specific demographics, exploit pre-existing biases, and amplify divisive issues, thereby influencing public opinion and potentially swaying election outcomes," the survey pointed out.
While phishing has long been a favorite tool for cybercriminals, the proliferation of AI has elevated its sophistication to new heights, according to Arctic Wolf.
"AI-powered phishing attacks can now craft hyper-personalized and convincing messages tailored to exploit the psychological vulnerabilities of individuals," the firm said. "By analyzing vast datasets, threat actors can glean insights into a person's political affiliations, preferences, and even recent online activities, allowing them to create deceptive messages that appear trustworthy, with the goal of deceiving individuals into disclosing sensitive information."
Officials are also worried about: Ransomware on election infrastructure (28.7%); technical glitches or failures (25%); manipulation of election results or voter rolls (16.9%); tampering with electronic voting machines or systems (14%); and cloud services compromise (10.3%). Just 4.4% of those polled said they are "not concerned" about cyber incidents.
While foreign interference from China and Russia remains a significant concern for election officials, fears of attacks coming from the US itself are now top of mind for many -- almost 20% of respondents select it as the source they are most concerned about, behind only China.
"With the two-party electoral system of the United States, extreme partisanship has become more common, potentially stoking fears among election leaders that domestic Individuals or groups with varying political motivations may act on behalf of their own interests," the survey noted.
The survey also shows that more than half of respondents reported they are not at all prepared or only somewhat prepared to detect and recover from election-targeted cyber incidents. Adding to the feelings of unpreparedness is that election officials and administrators are expecting a significant uptick in the volume of attacks compared to what they saw in 2020 -- almost half expect an increase, while less than 3% believe they will see a decrease.