U.S. Department of Homeland Security (DHS) officials now say it’s likely that in 2016, Russian hackers at least attempted to break into election systems in all 50 states. So far this year, there’s been no evidence of attempts of hacking election systems before the midterm congressional races, but federal, state, and local officials are still taking steps to keep any intruders at bay. Congress in March appropriated $380 million to help states beef up election security, and the DHS has been working with states to help them test and improve the security of their election systems. “The president has been clear, and the DHS and our interagency partners have been clear: We will not allow any foreign adversary to change the outcome of our elections,” Homeland Security Secretary Kirstjen M. Nielsen said at April’s RSA security conference in San Francisco. Hackers digitally flipping votes is the worst-case scenario, and it’s one that experts take seriously. Thirteen states use at least some voting machines that only record votes electronically with no paper backups, meaning a hack or even a malfunction could mean votes permanently altered or lost.
And despite the new legislation, at least 11 of those states won’t receive enough money from the federal government to replace all those machines by November, according to a recent report by the Brennan Center for Justice at New York University’s School of Law. Nor, says Lawrence Norden, deputy director of the center’s democracy program, will state legislatures necessarily make up the difference. “Election officials are eager to replace them,” he says. “That doesn’t mean the states are eager to provide the money.”
… Even in jurisdictions where voters manually fill out paper ballots with a pen or they’re generated by an interactive machine, votes are still generally tabulated using some sort of computer. And even election-related tabulators or voting machines that are never hooked up to the internet generally still get updated somehow, perhaps with a memory card or USB stick. Sufficiently skilled hackers could still manage to take them down or install malicious code on them if they get into the machine used to program the others, warns Marian K. Schneider, president of the nonprofit Verified Voting.
“If you can get in that computer, then you don’t need physical access to all the devices,” she says.