States across the nation are ramping up their digital defenses to prevent the hacking of election systems in 2018. The efforts come in the wake of Russia’s interference in the 2016 presidential election, which state officials say was a needed wake up call on cybersecurity threats to election systems and infrastructure. … Security experts are still divided over the extent of hacking risks to actual voting machines. Some say that because many different voting machines are used across the country and because they are not connected to the internet, that would make any large scale attack hard to carry out. … But others contend that digital voting machines are vulnerable and could be targeted to influence actual election outcomes. “Some election functions are actually quite centralized,” Alex Halderman, a University of Michigan computer science professor, told the Senate Intelligence Committee in June. “A small number of election technology vendors and support contractors service the systems used by many local governments. Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters.”
… Most states use a combination of paper ballots and scanners to record digital votes, meaning that a paper record exists and can be audited. Some, however, use only paperless voting machines. Cybersecurity experts like Halderman have advocated for the use of what are known as risk-limiting audits, a method that checks election outcomes by comparing a random sample of paper ballot results, if they exist, to their corresponding digital versions.
Last month, Colorado hired a Portland-based startup to develop software for the state to conduct risk-limiting audits starting with off-year elections in 2017.
The state made the decision to begin implementing these audits before the revelations about 2016 hacking, but Dwight Shellman, manager of county regulation and support at the Colorado Department of State, said that the decision “bear[s] on the issue” of growing cybersecurity concerns. “The bottom line is, this is the world we live in now,” Shellman said. “This is the new threat landscape.”