Earlier this month, Homeland Security Secretary Jeh Johnson held a conference call with election officials across the country, stressing the importance of securing the voting technology used in the nation’s elections and offering federal help for the job.
The presidential election—and countless state and local elections—is less than three months away, but it is never too late or too early to think about the security of our electoral infrastructure. As we move from physical paper and punch-card ballots to networked electronic technology, this new infrastructure is subject to all of the threats and risks of our existing IT networks and systems. And if history has taught us anything, it is that any system can be breached.
Securing electoral systems is complicated by the fact that there is no one system. Although we elect national leaders, the federal government does not run elections. That is left to the states and there are something like 9,000 election jurisdictions throughout the country. These conduct polling in densely populated urban areas and in sparsely settled rural areas. They have different requirements and challenges and operate under different laws and policies. There are many types of voting systems in place, relying in varying degrees on electronic technology, with different implementations of each technology. The result is a patchwork of systems rather than a single coherent infrastructure.
Sec. Johnson can offer local officials the help of the U.S. Election Assistance Commission and the National Institute of Standards and Technology, but that’s about as far as he can go. Whether states, counties and cities accept his offer is up to them. NIST, working with the EAC, has developed technical Voluntary Voting System Guidelines to help ensure the security of voting systems. But these are voluntary, and like all guidelines cannot by themselves ensure complete security.
There is a nugget of good news in all of this, however. The same diversity that complicates securing voting systems also complicates an effective nationwide attack.
Putting aside the crazy talk of a “rigged election,” swinging the vote in a national election by hacking would not be easy. It would require strategically targeting vulnerable systems in key precincts and counties in key states. Effective exploits would have to be developed for different systems, and attackers would have a limited window of opportunity. Voting systems are not operating online continuously; even if an attack is made through a county or city’s IT network, the voting system could not be compromised until it is connected. Once successfully compromised, attackers would have to carefully cover their tracks and monitor projected voting results so that changes could be made to achieve the desired outcome without creating suspicion.
All of this would be resource intensive, with a small margin of error. Shifting too many votes in too few places could draw attention, so all or most of the hacks would have to be successful. And the attackers would have to hope that someone on the opposite side was not doing the same thing and cancelling out their efforts.
This is not to say that such an attack is not possible. There have been instances in which a national election has been determined by the votes—legitimate or not—in a single key area (Chicago in 1960 and Miami-Dade County in 2000). And a United States presidential election would be a high-value target for attackers—possibly high enough to make it worthwhile for another nation (I’m looking at you, Putin) to invest in an attack.
So here is my advice for election commissions:
• Pay attention to security. Use the Voluntary Voting System Guidelines, talk to other counties and states, and accept Homeland Security’s offers of help.
• It’s not just your voting system. Whatever your system is connected to also has to be secured. This probably means all of your networks and IT systems need to be hardened as critical infrastructure, which probably means they will require a higher level of security than they currently have.
• Don’t expect electronic voting technology to be a money saver. The level of security and monitoring required to assure that the systems—and the systems they connect with—are protected will probably require a significant investment.