In November, the Senate Homeland Security Committee approved the bipartisan DOTGOV Online Trust in Government Act of 2019 (S. 2749), legislation introduced by Senators Gary Peters (D-MI), Ron Johnson (R-WI), Amy Klobuchar (D-MN) and James Lankford (R-OK) to help state and local governments transition to a .gov domain. The program is funded through the Department of Homeland Security’s (DHS) Homeland Security Grant Program and is a key step toward improving cybersecurity and making it easier for citizens and businesses to differentiate between legitimate websites and ones set up by bad actors. With the 2020 elections fast approaching, it is more important than ever that state and local governments transition to government validated web domains to avoid election tampering and disinformation.
The security of elections depends on solid election infrastructure and sound cybersecurity practices. An attack to the U.S. election infrastructure does not require the hacking of physical voting machines or tampering with ballots. Instead, attackers can utilize disinformation campaigns to focus on vulnerable gaps at the county and state levels, where many constituents get information online from their local election boards.
Last year, McAfee released research on the security of election infrastructure at the individual county and state levels. The research revealed that the majority of local county government and county election board websites were using poorly validated domain names using .com, .net and .us, rather than government validated .gov domain names, which must pass a U.S. federal government validation process.
Bad actors looking to tilt an election outcome can easily set up fraudulent local election sites using the easier-to-obtain domain names and spread disinformation about polling locations or voting procedures through bogus email addresses. McAfee’s research into this issue since the 2018 midterm elections suggests that the lack of .gov usage could be a critical election security gap in states likely to be highly contested in the upcoming 2020 presidential election.
At McAfee, we believe that DHS should work closely with local governments to enable the widespread adoption of .gov domain environments. The DOTGOV Online Trust in Government Act is critical to protecting local and state governments from bad actors and encouraging states and localities to adopt a validated .gov domain. The provision in the legislation that enables States and local governments to leverage DHS grants to support their adoption of .gov domains makes a great deal of sense and needs to be funded in the President’s next budget.
The countdown to the 2020 elections is underway, and disinformation remains a top concern for election officials and lawmakers. DHS must ensure that government-validated election sites are easily identifiable by the public through increased use of .gov domains. This transition is a pivotal and necessary step toward improving the security of our election infrastructure.