The US Cybersecurity and Infrastructure Security Agency (CISA) is promoting the use of FIDO authentication technology to help guard against cyberattacks during the upcoming US election. The organization is particularly concerned with phishing, noting that such methods are deployed in 78 percent of cyber-espionage incidents.
With that in mind, CISA is urging any organization that is involved in election activities to adopt more secure authentication protocols. In an advisory dubbed, “ACTIONS TO COUNTER EMAIL-BASED ATTACKS ON ELECTION RELATED ENTITIES,” the agency specifically advocated the use of FIDO2 security keys to protect cloud emails and other sensitive materials. CISA also suggested that FIDO keys are superior to other forms of two-factor authentication when guarding against account takeover attacks, and that election organizations should consequently adopt services that support the use of FIDO keys, such as Google Advanced Protection.
Both CISA and the FIDO Alliance framed the issue as a pressing national security concern for the United States in light of the 2016 election and the recent increase in infiltration activity. Email has been one of the most common attack vectors for cybercriminals, so protecting those systems is a top priority for those looking to maintain the integrity of US elections.
In that regard, FIDO stressed the fact that physical security keys can protect an account even if the password does become compromised, making it a viable option for election officials. American citizens have expressed concern about election security throughout 2020, while several municipal bodies have turned to biometric authentication for election access control.