Elections

Is low-tech the answer to election security?

Electronic voting 

Some experts say that given uneven IT security requirements for voting systems, the best protection against election hacking may be less technology.

"Based on my experience, I don't have a lot of confidence" in the security of election equipment, said Alex Halderman, director of the University of Michigan's Center for Computer Security and Society, at a Sept. 8 Brookings Institution discussion.

"Our election systems are known to be vulnerable," he said, adding that even if they were not manipulated by a foreign government in 2016, "I think it's a matter of time... [attacks] will only be more sophisticated going forward."

Halderman's research includes information security testing on the exact machines used by states during federal elections.

"The machines have vulnerabilities that could allow someone to hack in and alter the software that's running on them," he said. "You don't even need physical access to the machines."

Nor do the machines need to be connected to the internet to be prone to manipulation, Halderman added.

"With just momentary access to the memory card that's used to program the ballot for the election, we could insert vote-stealing software that would then reprogram the machine... and select whoever we wanted as the winning candidate," he explained.

Halderman added that even if American machines were not manipulated by a foreign government in 2016, "I think it's a matter of time" before vote tampering occurs, if the vulnerabilities are left unaddressed.

The Department of Homeland Security has stated that Russian hackers probed election systems in 21 different states in the lead-up to the 2016 election, but found no evidence of actual vote tampering.

In response to allegations of Russian attempts to influence the 2016 election, DHS designated election systems as critical infrastructure, a move that raised concerns from state election officials.

A Sept. 1 New York Times article on voting machine security observed that many state and local officials were reluctant to accept outside help to address potential security gaps.

Retired four-star Gen. John Allen said that "now, in many respects, the first line of defense of American democracy, and last line of defense of American democracy, is in the hands of our states and our counties."

Allen, a 40-year Marine veteran and co-director of Brookings' Center for 21st Century Security and Intelligence, added, "while the process of voting is certainly a local issue, it's really a national security issue."

"The problem is, there are very unlevel approaches from county to county and state to state across the country" whose capacities for cyber defense can be very limited, said Allen. "One of the reasons is because we don't impose federal standards on this process."

Halderman suggested that while installing layered defenses and purchasing more secure technology would help, he advocated for less reliance on technology in the electoral process.

"Essentially, what we need is a system that relies on physical fail-safes" and conducts paper-based post-election audits, he said.

A Brennan Center study estimated that replacing paperless machines nationwide would incur a one-time cost between $130 million and $400 million. Halderman added that, based on his own estimate, conducting post-election audits for every federal race would cost about $20 million annually.

In June, Sen. Amy Klobuchar (D-Minn.) introduced legislation that would direct DHS resources and information to state and local government to protect them against cyber threats.

Dean Logan, registrar-recorder and county clerk for Los Angeles County, said he was encouraged by the bill, but noted that the bill hasn't gained much legislative traction.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.