Elections

Is low-tech the answer to election security?

Electronic voting 

Some experts say that given uneven IT security requirements for voting systems, the best protection against election hacking may be less technology.

"Based on my experience, I don't have a lot of confidence" in the security of election equipment, said Alex Halderman, director of the University of Michigan's Center for Computer Security and Society, at a Sept. 8 Brookings Institution discussion.

"Our election systems are known to be vulnerable," he said, adding that even if they were not manipulated by a foreign government in 2016, "I think it's a matter of time... [attacks] will only be more sophisticated going forward."

Halderman's research includes information security testing on the exact machines used by states during federal elections.

"The machines have vulnerabilities that could allow someone to hack in and alter the software that's running on them," he said. "You don't even need physical access to the machines."

Nor do the machines need to be connected to the internet to be prone to manipulation, Halderman added.

"With just momentary access to the memory card that's used to program the ballot for the election, we could insert vote-stealing software that would then reprogram the machine... and select whoever we wanted as the winning candidate," he explained.

Halderman added that even if American machines were not manipulated by a foreign government in 2016, "I think it's a matter of time" before vote tampering occurs, if the vulnerabilities are left unaddressed.

The Department of Homeland Security has stated that Russian hackers probed election systems in 21 different states in the lead-up to the 2016 election, but found no evidence of actual vote tampering.

In response to allegations of Russian attempts to influence the 2016 election, DHS designated election systems as critical infrastructure, a move that raised concerns from state election officials.

A Sept. 1 New York Times article on voting machine security observed that many state and local officials were reluctant to accept outside help to address potential security gaps.

Retired four-star Gen. John Allen said that "now, in many respects, the first line of defense of American democracy, and last line of defense of American democracy, is in the hands of our states and our counties."

Allen, a 40-year Marine veteran and co-director of Brookings' Center for 21st Century Security and Intelligence, added, "while the process of voting is certainly a local issue, it's really a national security issue."

"The problem is, there are very unlevel approaches from county to county and state to state across the country" whose capacities for cyber defense can be very limited, said Allen. "One of the reasons is because we don't impose federal standards on this process."

Halderman suggested that while installing layered defenses and purchasing more secure technology would help, he advocated for less reliance on technology in the electoral process.

"Essentially, what we need is a system that relies on physical fail-safes" and conducts paper-based post-election audits, he said.

A Brennan Center study estimated that replacing paperless machines nationwide would incur a one-time cost between $130 million and $400 million. Halderman added that, based on his own estimate, conducting post-election audits for every federal race would cost about $20 million annually.

In June, Sen. Amy Klobuchar (D-Minn.) introduced legislation that would direct DHS resources and information to state and local government to protect them against cyber threats.

Dean Logan, registrar-recorder and county clerk for Los Angeles County, said he was encouraged by the bill, but noted that the bill hasn't gained much legislative traction.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group