Senate Intel offers election security guidelines
- By Derek B. Johnson
- May 09, 2018
A May 8 report on election security by the Senate Select Committee on Intelligence calls for paper backups for state voter registration databases, risk assessments for voting machine manufacturers and better sensor technology for state and local election systems.
The committee recommended two-factor authentication for state voter registration databases, better sensors around election systems to detect malicious activity, paper backups for state voter registration data and assessments for third-party vendors like voting machine manufacturers to ensure they're meeting baseline security standards.
Cybersecurity experts have long called for states to institute paper records for their voting machines, and the Senate Intel report reiterated that advice, but the recommendation to do the same for state voter registration databases takes on new importance after the committee found activity around as many as six states' election infrastructure that went beyond mere scanning and targeting of public websites.
"In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals," the report stated.
Furthermore, the call to install better sensor technology around state and local election systems comes after a recent Senate hearing where a Department of Homeland Security official acknowledged that the department could not definitively state how many states were targeted by Russian hackers in the lead up to the election because some states lacked the necessary technology to detect malicious or suspicious activity.
"It is possible that more states were attacked, but the activity was not detected," the report stated. "In light of the technical challenges associated with cyber forensic analysis, it is also possible that states may have overlooked some indicators of compromise."
The report also highlighted the critical role that voting machine manufacturers play in election cybersecurity and expressed concern that "federal government authorities have very little insight into the cyber security practices of many of these vendors."
Members of Congress including Sen. Ron Wyden (D-Ore.) have pressed voting machine companies for more insight into their cybersecurity practices over the past year, finding that three of the top five manufacturers do not employ a chief information security officer. Many manufacturers have been reluctant to open their systems up to third-party review by security researchers.
Derek B. Johnson is a former senior staff writer at FCW.