The 2016 election season has been unique for reasons beyond the U.S. presidential candidates: For the first time, widespread reports of cyberattacks on voting systems and hacks of political organizations’ correspondence are disrupting — and influencing — the U.S. election process. … The problem is compounded by another sobering fact: The current U.S. voting infrastructure is a compilation of older, unsophisticated technology blended with newer digital electronics that often don’t work well together. This system requires patching — much like an operating system that constantly needs updating to prevent newly discovered vulnerabilities from being exploited. As a result, cybersecurity for our political process is not just about protecting our political representatives’ emails, but also about protecting the methods and machines we use to count the votes. The older the computer and operating system, the more vulnerable it is, and the same applies to voting machines. For instance, there is a voting machine in use in Louisiana, New Jersey, Virginia and Pennsylvania that has been in use since 1990 and hacked by a college professor — to draw attention to the device’s high vulnerability level — in seven minutes.
Additionally, the physical security of the machines themselves is very weak; the lock on the voting machine hacked by the college professor — the Sequoia AVC Advantage — was picked in about seven seconds by one of the professor’s students. The Sequoia machine hacked by the professor also had unsoldered ROM chips on the motherboard, which he easily wedged out — making it simple to replace them with ones programmed by a hacker. For example, the firmware on these chips could be programmed to throw off the machine’s results, altering the tally of votes.
Electronic voting machines are the property of privately owned corporations, and the software that is run on them is proprietary. As cybersecurity professionals attempt to study the voting machines, they are faced with a lack of cooperation from the voting machine companies that view the machine code as intellectual property. As a result, they’re stymied in efforts to research how best to protect the data the machines collect — further hindering the development of universal cybersecurity standards for voting machines.
Full Article: Lack of cybersecurity standards leaves election process vulnerable.