An association of state officials has published an open letter that seeks to strengthen public confidence in the electoral process, in light of research that has raised questions about the security of voting machines. The National Association of Secretaries of State’s (NASS) letter calls on Congress to avoid using political rhetoric or proposing legislation that may damage confidence in the election systems. State officials are “working overtime to help the public understand the components of our election process and some of the built-in safeguards that exist,” the letter stated. “Voting systems are spread out in a highly-decentralized structure covering more than 9,000 election jurisdictions and hundreds of thousands of polling locations.” Despite NASS’s argument that the decentralized structure of election systems creates added security, a series of reports on voting machine infrastructure suggests another view. In an email to SCMagazine.com, James Scott, senior fellow at the Institute for Critical Infrastructure Technology (ICIT), noted that the lack of a centralized system creates added risks. “The lack of a National system just means that some states manage secure election systems while others lack the resources or expertise to do so,” he wrote. “An attacker only needs to compromise the results of one or two pivotal states in order to alter the results of the election.”
Indeed, a recent report by the Brennan Center for Justice titled “America’s Voting Machines at Risk” highlighted several local areas that provide case studies the risk of vulnerabilities in swing states. The report, written by Brennan Center deputy director of the democracy program Lawrence Norden and voting rights researcher Christopher Famighetti warned of series flaws in Los Angeles County; Travis County, Texas; and Denver.
There could be potentially damaging cybersecurity risks to the upcoming US election process, according to Michael Patterson, founder and CEO of Plixer. He noted in an email to SCMagazine.com that while not all states use Direct Recording Electronic (DRE) voting machines, “many do.”
Patterson noted that the devices could be vulnerable to hackers or malware if connected to the Internet and could allow an attacker to alter vote tallies or launch denial-of-service attacks that would render voting impossible. “Either scenario would be unprecedented and without clear remediation action plans, the outcome of the election would be left very much in doubt,” he wrote.