Critical Read

Voting machines are critically vulnerable

What: "Hacking Elections is Easy! Part 1: Tactics, Techniques and Procedures," a report by the Institute for Critical Infrastructure Technology

Why: Voting technology is a hot topic this election year. Recent news reports revealed that the FBI was investigating the targeting by foreign hackers of voter registration databases in Arizona and Illinois. Threats to election technology have prompted the Department of Homeland Security to consider putting the systems under protections similar to those that safeguard the nation's energy grid and financial systems.

According to a new report from the Institute for Critical Infrastructure Technology, that might be a good idea. The U.S. election system relies on disparate technologies run by states and municipalities that are potentially easy prey to a wide range of bad actors.

Voting machines are nothing more than "stripped-down computers using outdated operating systems possessing every conceivable vulnerability that a device can have," the report states.

According to the authors, a hack would not have to affect a wide range of systems. Targeting only a few systems in a swing state could be enough to alter the outcome of a national election.

In addition, the candidates present a tempting electronic target via social media, websites, and other online and electronic assets. A hacktivist or someone with a bad attitude and a little know-how could cause a major disruption during an election with a well-placed denial-of-service or man-in-the-middle attack, according to the report.

Phishing email messages could open the door to all of that, as could supply-chain insiders. An employee at election machine and technology makers could illegally access the machines at storage sites. The authors noted that at the time of the report's publication, Premier Election Solutions (which was formerly Diebold Election Systems) had open positions for interns and contractors.

Voting machines have been vulnerable for some time, according to the report. In 2007, California officials asked 42 researchers to do "red team" penetration testing of machines made by Diebold, Hart InterCivic and Sequoia Voting Systems. The researchers said they were struck by the banality of the many critical flaws and vulnerabilities they found, which showed a pervasive lack of consideration for even basic security measures.

The institute released the first part of its study ahead of Hewlett Packard Enterprise's Protect 2016 conference, which will be held Sept. 13-16 in Maryland. It plans to release "Hacking Elections is Easy! Part 2" on Sept. 5.

Verbatim: "Voter machines, technically, are so riddled with vulnerabilities that even an upstart script kiddie could wreak havoc on a regional election, a hacktivist group could easily exploit a state election, an [advanced persistent threat] could effortlessly exploit a national election, and any corrupt element with nothing more than the ability to describe the desired outcome could order layers of exploits on any of the multitude of deep web forums and marketplaces."

Click here to read the full report.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.