Illustration: Eniola Odetunde/Axios

Protecting elections from hacking threats means a lot more than protecting election systems from being hacked. Malicious hackers can find plenty of other ways to interfere with elections — notably by discouraging voting through election-day attacks on municipal systems.

Driving the news: Security firm Cybereason has been exploring that kind of election tampering in a series of tabletop simulations over the last year. Tuesday, at the third exercise — essentially a Dungeons and Dragons-style game for law enforcement, government employees and security researchers — a "red team" pretended to attack a city, while a "blue team" defended it.

How it works: Imagine a strategically placed traffic jam outside a polling place in a heavily Republican district. A hacker tampering with traffic lights is just one way someone could sway an election by influencing which voters can show up, all without touching the systems most associated with voting.

  • With so much focus on voting machines, we may be missing the threat of these kinds of attacks.

Here are additional lessons from Cybereason's games:

1. Everything is a weapon. The red team has used transportation, energy and gas, telecommunications, and government and emergency services networks in attacks. And it's easy to see how any aspect of infrastructure could be weaponized on Election Day, from causing a run on banks or a fire in a strategically chosen factory.

2. A key term to know: asymmetry. The main goal of local law enforcement, the first people who would respond to this type of attack, is to protect public safety. The main goal of someone disrupting an election is to, well, disrupt an election. The goals are asymmetrical — they don't require one group to lose for the other one to win.

  • That's something that could be exploited by the attacker. A fire at a factory near a polling place might mean city officials reroute voters to a different polling place. The city wins because people stay safe, yet the attacker wins because casual voters won't put in the extra effort to figure out where they need to go to vote.

3. It's good to have friends. Teams, often composed of law enforcement officials, have struggled to quickly call in federal agencies to handle the problems only federal agencies are equipped to solve or to request state resources when the local police are overburdened.

4. Worry about more than social media: Since 2016, the public has come to realize that social media disinformation is cheap and requires little technical background to launch. But it's not necessarily the most effective way for a sophisticated attacker to shape an election.

  • Social media meddling is "low-hanging fruit," said Sam Curry, chief security officer at Cybereason.
  • But it's a limited tool for affecting votes in terms of reach, effectiveness and time before being identified. For someone with technical skill, the traffic jam may cause more chaos and affect more votes.

The bottom line: The frightening truth is that all critical infrastructure is election infrastructure. Weak links anywhere can be exploited to shape how voters act.

Go deeper

The CIA's new license to cyberattack

Illustration: Aïda Amer/Axios

In 2018 President Trump granted the Central Intelligence Agency expansive legal authorities to carry out covert actions in cyberspace, providing the agency with powers it has sought since the George W. Bush administration, former U.S. officials directly familiar with the matter told Yahoo News.

Why it matters: The CIA has conducted disruptive covert cyber operations against Iran and Russia since the signing of this presidential finding, said former officials.

3 hours ago - Technology

Tech hits the brakes on office reopenings

Illustration: Annelise Capossela/Axios

Tech was the first industry to send its workers home when COVID-19 first hit the U.S., and it has been among the most cautious in bringing workers back. Even still, many companies are realizing that their reopening plans from as recently as a few weeks ago are now too optimistic.

Why it matters: Crafting reopening plans gave tech firms a chance to bolster their leadership and model the beginnings of a path back to normalcy for other office workers. Their decision to pause those plans is the latest sign that normalcy is likely to remain elusive in the U.S.

The existential threat to small business

Illustration: Eniola Odetunde/Axios

The coronavirus pandemic has changed the game for U.S. businesses, pushing forward years-long shifts in workplaces, technology and buying habits and forcing small businesses to fight just to survive.

Why it matters: These changes are providing an almost insurmountable advantage to big companies, which are positioned to come out of the recession stronger and with greater market share than ever.