The 2016 election year has been one fraught with digital insecurity as there are regular reports of another hack, leak or attempt to breach some aspect of the American election system.
From the DNC email hacks to compromised voter registration systems and Donald Trump’s own declaration that this year’s election could be “rigged,” an increasing amount of doubt has been stirred in the minds of Americans concerning the integrity of our voting system. And voters aren’t the only ones with apprehensions about the security of this year’s vote.
“There is absolutely valid concern about the security or hackability of e-voting systems with regard to the core foundational elements of a good voting system” Dana Simberkoff, Chief Compliance and Risk Officer at AvePoint, a Microsoft partner that helps companies migrate and protect their data, told IBTimes. “Specifically anonymity, accuracy, security and scalability,”
Doubts about the integrity of this year’s elections results reached an all-time high after news broke that attackers had compromised Arizona and Illinois’ voter registration databases. Twenty other states have confirmed breach attempts were made on their databases. In response to the breaches, the Department of Homeland Security issued a warning to election officials to take steps to enhance the security of their computer systems.
In an official statement concerning the attacks, DHS offered aid to states in strengthening the security of their voting systems prior to Election Day. According to the DHS, states requesting aid would receive cyber hygiene scans of their systems, risk and vulnerability assessments and education on best practices for securing voter registration systems. To date, 46 states have requested the DHS’s help.
While the collaboration between government entities is encouraging, there are mixed views on how vulnerable to attack this year’s election might be. From foreign actors like Russia allegedly waging ongoing cyber espionage attacks against the United States to the antiquated state of American voting machines, there is enough motive and potential for hacking to occur. The level of impact those attempts might make, however, remains up for debate.
In testimony before the House Judiciary Committee in September, FBI Director James Comey said there are valid reasons to be concerned about the integrity of state voter registration systems, but that the actual voting process remains “very, very hard to hack” because it is so “clunky” and dispersed.
“The beauty of the American voting system is that it is dispersed among the 50 states and it is clunky as heck. A lot of people have found that challenging over the years, but the beauty is that is it’s not exactly a swift part of the internet of things so it is hard for an actor to reach our voting process … it’s Mary and Fred putting a machine under the basketball hoop at the gym,’’ said Comey. “These things are not connected to the Internet.’’
Comey’s statement brings to light the two strongest arguments for why the American election system is difficult to hack: decentralization and air gapping.
Like many aspects of American government, our election system is decentralized by design. Each state, county and local government system is in charge of managing its own voting systems and those systems vary from place to place. Though most systems use incredibly dated and insecure voting machines, which have proven easy to compromise by numerous hackers, government official don’t see them as a major cause for concern due to air gapping, meaning none of the machines are connected to the internet or each other. The argument continues that, even if a single machine is compromised, it would take a massive and widespread effort to compromise enough machines across the nation to make any impact. This has lead some cybersecurity experts like Nicholas Weaver, of the International Computer Science Institute at the University of California, Berkeley, to assert that hacking the election via voting machine is basically impossible.
“Nobody is going to be able to change the outcome of the presidential vote by hacking voting machines,” Weaver told CNN. “The system is too distributed, too decentralized, too many implementations for any individual actor or group to make substantial change."
But not all security researchers agree. According to Simberkoff, where digital machinery is involved, the decentralization of the American voting process may actually make the system even easier to compromise.
“Because of the fundamentally decentralized nature of elections and the fact that elections are also often handled at a local level, there is tremendous variance in the sophistication and security knowledge available to local teams responsible for handling and managing the election machines,” Simberkoff told IBTimes. “Election staff in smaller towns may have less sophisticated computer skills and, therefore, may become bigger targets. But whether the results of a small town or large city are undermined, even a minor hack would be enough to shake the confidence of the entire electorate.”
Researchers at the Institute for Critical Infrastructure (ICIT), a cyber security think tank, agree with Simberkoff’s position noting that while there are a plethora off scenarios in which individual voting machines can be compromised at polling stations with under trained staff, there are problems that go even deeper.
In an interview with CNN, Denise Merrill, president of the National Association of Secretaries of State, admitted that due to the lack of funding, voting machines in many precincts are quite outdated and therefore vulnerable. She argued, however, that the American voting system still holds up quite well because of heavy regulations.
“They're [voting machines] tested both before and after [an election]. There are paper trails everywhere … by in large, I would say the American election system works very well," Merrill said.
But despite Merrill’s claims, the election system may not be as regulated as thought.
Election security is handled state by state, and most states follow standards developed by NIST and the Election Assistance Commission. True to Merrill’s statement, these standards do suggest all voting systems be vigorously tested against security standards and that systems certified by the EAC should not be connected to the internet. However, these are standards are completely voluntary.
Additionally, properly testing voting machines for vulnerabilities poses problems due to the nature of our black box voting systems. These systems include software that it is considered “proprietary,” meaning no one other than the developers themselves are given access to the machine’s specific coding to test it for vulnerabilities. This makes tampering by insiders easier to accomplish and more difficult to detect -- particularly if a machine is compromised with malware that automatically deletes its components after a given amount of time. In this scenario a machine could be compromised and no one would be the wiser.
The argument continues then that the paper trail protects the integrity of our votes; however, recent report by the ICIT titled “Hacking Elections Is Easy,” found that while roughly 70 percent of United States precincts rely on electronic voting machines, only 60 percent of states require any form of post-election audit via paper trails.
Additionally, seven states, including swing states like Pennsylvania and Virginia, use voting machinery that doesn’t generates a paper trail at all, making an audit nearly impossible. This means if a machine were tampered with in a region where paper trails are non-existent or audits are not mandatory, the integrity of the entire vote in that precinct could be called into question or worse, go completely undetected.
Though some experts contend rigging an election via voting machines would require compromising a multitude of voting machines across the nation, security researcher Tony Cole of FireEye, a leading U.S. cybersecurity firm, argues that a widespread effort may not be necessary at all.
“What people tend not to think about is the fact that we only have a limited amount of states that are really critical to the vote each year,” Cole told IBTimes. “In 2000 it was down to 400 votes. 400 is all it took. With a concentrated effort in these swing states, someone could potentially have an impact.”
Outside of targeting voting machines in swing states, Cole assert there are of other paths by which attackers could tamper with this year’s election. Though election officials cling to the security of their air gapped/non-connected systems, at some point the data does become connected and it is there that attackers can find an in.
“Say you are working on one of these large systems where you’ve actually brought in results from the different precincts or regions to a county or state level where the tabulation is taking place. How does that data get into that system? Usually by flash cards or USB drive,” Cole said. “And how do you ensure that those same disks don’t go into anybody’s system that’s sitting in the same room connected to the internet? That’s all it takes. We see air gapped systems compromised relatively frequently now through the use of exchangeable media like USBs and flash drives. That could certainly happen anywhere where there is internet connectivity if somebody makes a mistake or willfully works as an insider.”
If hackers were to target a election system, one place that might have the most disruptive impact would be during the tabulation process, ICIT co-founder James Scott told IBTimes. If an attacker, leveraging a Microsoft Access spreadsheet vulnerability, for example, could plant malicious software on a tabulating machine via some form of removable hardware or phishing attack, it could cause a major delay in processing results or require laborious recounts.
“It’s surprising to see how many experts just jump online saying this [an election hacking] can’t be done,” said Scott. “We saw the same things said about many medical devices and cars -- that they can’t be compromised. Given time and access, however, security researchers have proven that they can compromise pretty much anything.”
In addition to having numerous avenues through which attackers could target the American election system, researchers say there are several types of actors with varying motives and tools available who might look to make a mark on this year’s election.
“Many external parties have a vested interest in the American political system,” Scott said. “For example, Russia may attempt to influence elections to increase public distrust in our democracy over time as it already interferes in the elections of nations that it deems weak. On the other hand, a country like China might want to influence elections to dissuade voters from electing a Presidential candidate that might pass economic sanctions. Given how easy it is to impact election results, hacktivist, mercenary threat, or a lone-wolf threat actor could easily alter election results based on conspiracy theory, financial, or geopolitical motivations.”
“It could pretty much be anybody,” added Jim Walter, ICIT Contributor & Senior Researcher at Cylance SPEAR Team. “I mean it could be stealthy and sophisticated state actors like APT 28, hackers for hire on the dark web, or script kiddies using tools that are easy to access on dark web forums … many attacks that used to be quite sophisticated are now just point and click.”
While most experts are doubtful this year’s election will actually be rigged, the most concerning thing weighing on the minds of security experts and government officials alike is how news of any breach of the voting system on election day might impact American’s faith in our democracy.
The voting system represents the very lifeblood of a representative republic like the United States. Casting a ballot is one tangible way individual voters can impact their nation’s identity and culture; it is the foundational characteristic of our Democracy. Voters place their trust in this system, a system meant to ensure their ballots are kept secret, remain secure and are counted correctly. But if an election is compromised in any way, it could result in loss of faith in American government or the belief that an elected leader didn’t fairly earn the position.
“Anything that casts doubt on the veracity of the election process is in itself problematic,” said Simberkoff. “The actions of a single bad actor could be enough to subvert our entire election.”