With the Democratic National Committee cyberattack far more widespread than originally thought, fears of foreign power using cyber-espionage to influence this November’s election are growing, and real. It’s also prompted concern that hackers may shift focus to an even more vulnerable target: your vote.
Voters in 43 states will cast their ballot for the next president using aging electronic voting machines, many now ten years old with dated software lacking proper security. Despite machine manufacturers’ repeated claims of their integrity, high-profile studies have shown hackers can alter vote tallies on these notoriously-penetrable machines within minutes. Tactics available to hackers are numerous and growing: A distributed denial-of-service (DDoS) attack would disable voting machines or the back-end servers, preventing voters from participating in the election. Deleted voting records ahead of Election Day would expunge names from the registered voter rolls. And malware could be used to “steal” an election by tampering with voting machine hardware or software.
In 2012, the nonprofit CountVotes.org found that each state handles their own security in strikingly-different ways. While 22 states have paper-based voting systems and conduct audits, another 25 states conduct no post-election audits at all. Most disturbingly, the study found that only five states--Minnesota, New Hampshire, Ohio, Vermont and Wisconsin--are the best prepared and require the ballot accounting and reconciliation best practices, which include among the criteria requiring verifiable paper records, routine audits and polling place contingency plans in the event of machine breakdowns. Even if the vast majority of precincts took voting integrity seriously, it only requires a handful of districts to cast doubt on an entire election. (Remember Florida’s “hanging Chad” from the 2000 election?) And even if no tampering occurs, a lack of audit trails makes it easy to create controversy when officials have no ability to counter suggestions of malfeasance.
Planning for voting security
Our government security professionals need the visibility to closely monitor voting machines systemwide. They must be able to stop a breach no matter where it starts and otherwise ensure the integrity of the voting system through audit trails, paper back-up ballots, and other forms of assurance to the voting public. And we must require streamlined, consistent protocols so the leaders of our patchwork state-run voting systems are held accountable for audits and paper trails to demonstrate the integrity of any given vote. The federal government also has a responsibility to start treating election security as national security, and to share national threat intelligence and countermeasures with states and local governments.
To protect our voting system, we need to accept that breaches are inevitable, and adopt consistent policies across states to best prevent, detect and respond to attacks so that they are stopped before they wreak havoc. While most states have abandoned Internet-based electronic voting systems--for now--ancillary components of the voting process are online, including voter rolls and the networks of companies that make voting machines (and remain at risk).
And as we look to the future and the rise of online voting, we need to prepare for when this is a viable option. That means giving the elections supervisory body operational visibility and control. While much of the existing research focuses on preventative technical controls, operational controls to quickly identify anomalous activity, investigate and, if required, take action should be required for Internet voting. Like any network with thousands or even millions of endpoints, the question isn’t whether a breach will occur, but when and how quickly the breach can be detected and successfully mitigated. This is particularly important with elections, as any doubt that cannot be quickly verified is potentially disastrous. If the best practice for large organizations is to know who and what is on the network at any given time and have a process in place when the breach occurs, why should our election system function differently? The Federal government should stipulate that such systems should be designed so that regular maintenance can also occur easily and securely--ensuring that any identified vulnerabilities can be quickly mitigated.
What we can do right now
While we can’t make most of the much-needed changes before the coming election, we can demand voter-verified paper receipts for all precincts who offer electronic voting. This is even more important in light of concerns being expressed that the election process is “rigged.” And looking forward to 2020, the modern IT strategies protecting the nation’s largest business and government networks can and should be applied to a national voting system.
Last year, the Obama administration signed an executive order outlining a strategy to protect our critical infrastructure against cyber attacks. It was an important first step in our nation’s cyber-defense, and one we hope will be expanded to include explicit national policies to protect our election system. As we’ve seen in the string of recent high-profile political hacks, our democracy’s future may depend on it.
Also on Forbes:
