Cyber security concerns around voting should be around the processes involved rather than just the electronic equipment used, according to Steve Grobman, senior vice-president and chief technology officer at security firm McAfee. Underlining this issue, he discussed a recent discovery by McAfee of a “big gap” in the security of the way US local jurisdictions communicate with their constituencies. Because US elections are decentralised, being run at a state and local level rather than at a federal level, with every state and locality choosing how to do things, there is very little uniformity. “We have found two big issues with the way local jurisdiction communicate with their constituencies,” said Grobman. Although these issues are US-specific, he told Computer Weekly that the issue is likely to be global given that the failings in the US are underpinned by a lack of cyber security skills, which is a challenge facing most countries around the world.
“Clearly local governments in democracies around the world are not going to be able to compete from a compensation perspective with the private sector, so having the best cyber security defenders running the systems that take care of elections is likely to be a common challenge.”
The first issue identified in the US, said Grobman, is the use of top-level domains (TLDs) that are not standardised and often not regulated for issuance by the government.
“We found, for example, that a lot of the jurisdictions are using .com, .net and .org for their official voting information sites,” he told a news conference