Justin Fier, Director of Cyber Intelligence | Friday November 4, 2016
No one can deny that the 2016 U.S. election is generating thoughtful discussion on the intersection of voting and cyber-security for the first time since 2000.
We have witnessed a high-profile hack of the Democratic National Committee, and attacks on voter registration databases in 20 states, there is now a certain rise in fear justified in these actions. We live in a new era of threat, where foreign powers don’t hesitate to use cyber-tools for economic and political gain. The White House blamed Russia for the Democratic National Committee hack, but they aren’t the only nation-state willing to engage in this sort of cyber-warfare.
Additionally, to make matters even more complicated our voting machines are in urgent need of a revamp. In 2006 it was proved that in less than a minute, an e-voting machine could be hacked and installed with vote-changing malware, and it can even be done remotely. Even worse the reliability of the e-voting machines was proven when North Carolina lost 4,438 votes because of a system error.
In my opinion, and most states opinions, we think paper ballots are the answer. Only five states use digital voting alone currently and 75 percent of all voting is done via paper ballots.
But after the 2000 election, when the ‘hanging chads’ forced millions of votes to be invalidated, it became clear that paper ballots are not only unwieldy, but incorrect. Two years later, and America was introduced digitized voting and registration databases. These machines were overwhelmed with errors, and many of them are still in use today.
Growing concern over election meddling prompted 33 state election agencies to petition the Department of Homeland Security for aid. The Department of Homeland Security reacted by offering “cyber hygiene scans on Internet-facing systems as well as risk and vulnerability assessments.”
Cyber-security for the future has to go beyond one-off scans and retrospective assessments. They need to consider intelligently monitoring and analyzing millions of devices — from voting machines to vulnerable IoT devices — so that they will lessen the risk from unknown threats. Whether it is a state-sponsored hack or tampering from a politically motivated insider, the integrity of our elections is at stake, and its security deserves the upmost awareness.