While virtually every industry and domain is flourishing and being revolutionized by technological advances, more than three-quarters of U.S. citizens will vote for their next president on paper ballots this November. The main reason for this is concern over cybersecurity threats against the electoral system and process. In the wake of major breaches, such as the hacking of the Democratic National Convention and attacks against voter registration databases in at least two states, it is now feared more than ever that the presidential elections might be influenced or compromised by nation-states such as Russia. And that’s why any form of technology being used in elections is generally frowned upon and regarded as a potential attack vector for malicious actors. But is this a pattern that has to repeat itself every four years? Are we doomed to choose our leaders in settings that one expert described to me as reminiscent of the dark ages for fear of major hacks, or is it possible to see future elections leverage the full power of the newest tech without fearing cyber threats?
To answer the question, we must know what are the vulnerable components of an election, what are the threats and how can we leverage technology to protect one of the most valuable achievements of mankind against those threats? To guarantee the full integrity of an electoral process, you need to protect two things: the results and the process. Results account for technologies that directly affect the vote counting and the outcome of the elections.
This is the area where cyber attacks can have the most damaging effect, because, if possible, a well-placed hack can bring into question the integrity of the entire electoral system. Electronic voting machines, which replaced the older punch card system following the 2000 presidential election’s vote-counting debacle, are being shunned for their outdated and vulnerable technology. Most are more than a decade old and are running Windows XP, which is no longer supported by Microsoft. And they are being decertified by states for their security issues.
“In terms of voting equipment, manufacturers must secure their code and physical components used to execute the code,” says Edward Robles, CEO of cybersecurity tech company Qondado. “Could someone reprogram the equipment to alter the vote tally, redirect votes, or simply fail to record certain votes at intervals, etc.? Unfortunately all of this has been proven possible and researchers have gone so far as to hack a voting machine into a working Pac-Man arcade game.”
In another case, researchers found vulnerabilities in voting machines that would allow anyone within half a mile to modify every vote, undetected. And the steps to do so required no technical expertise.
Full Article: What it takes to secure the elections | TechCrunch.