Election Day 2018 is fast approaching, and when Americans head to the polls, will their votes be secured? That’s the burning question on the minds of many security experts. As important as these midterms maybe, the security and integrity of our American voting systems should also be at the forefront of the conversation. It’s a fair and reasonable question, and the answer can have a meaningful impact on the health of our democracy. It should concern every American of voting age.
Voting system security is subject to doubt and enormous scrutiny this year – and for very good reason. Unfortunately, our collective and heightened awareness of the threat model against our electoral process has yet to spur our government to produce solid security solutions, like a meaningful regulation or guideline for good cyber health at the state level.
However, these problems did not just ‘pop up’ during the last presidential election cycle. According to a recent report, more than half of our voting systems were left vulnerable to cyberattacks as far back as 2011. That vulnerability was due to an installed software that allows voting machines to be accessed and controlled from a remote location. It so happens that the software presents an even greater danger if it contains inherent security vulnerabilities, like malware. So, if a hacker tried to access an election management system remotely, it is plausible that they could take control of the machine and introduce a malicious code that would either disrupt the election or alter the results. Why would we willingly allow something like this to happen?
The stark truth is that hacking a voting system happens in as easily and as undetected a way as any cyberattack we’ve seen make headlines. When a threat is underestimated and the need for security is taken lightly, we are sitting ducks against the danger. In this state of being blissfully unaware, bad actors have too much time and opportunity to accomplish something bad – like stealing credentials, identities, bank accounts or votes!
You’ve heard the saying, “If it ain’t broke, don’t fix it.” Well, America’s voting system security is broken, and it’s a major problem that our government must fix. To understand how to properly fix something, we must first understand the full scope of the problem, so let’s start there.
Currently, American elections are handled at the state level, meaning that individual states own the rules and processes for voting within their borders. Often, individual state governments are unfamiliar with the voting system technology they’re using for elections because they don’t use it frequently enough. While Election Day happens once every year, states either don’t have large enough budgets to address expensive security issues proactively, or they don’t have the desire to prioritize security, since it carries a hefty price tag.
Add this financial strain to the fact that state governments often lack the personnel with technical expertise to protect the voting systems that store databases of registered voters and tabulate votes, and you have a recipe for being completely helpless against cyber warfare. Sadly, the most pressing concern becomes about logistics like, where do states store these machines between election cycles?
Next week, we’ll investigate what hopes we have that these issues can be resolved and security budgets prioritized, to bring about changes that ensure Americans can cast their votes with confidence and believe in the results of our electoral process.