Protecting the US voting infrastructure [Q&A]
It's two years since international forces interfered with the security of the US elections. However, with the US midterm elections behind us and the presidential elections ahead, vulnerabilities in the country’s voting infrastructure still remain.
Simply put, it's not hard to hack into US voting systems. Don't believe it? Just ask the 11-year old who hacked a replica of the Florida election website to change results in under 10 minutes. We might not have seen widespread cyberattacks on the day of the midterms, but as we saw multiple opportunities for hacking and disruption in the run up, the presidential elections are already at risk.
To learn more about the vulnerabilities in the US's voting infrastructure, why it's so easy to hack, and what municipalities can do to address these issues before the 2020 elections, we spoke with Mike O'Malley, VP of strategy of Radware.
BN: Why do you think it's so easy for hackers to get into US voting infrastructure?
MO: Our country faces problems due to lack of consistency when it comes to individual state and county election systems. Equipment ranges from paper ballots to digital touch screens. What's more, some states use automated technology to count votes while others have people manually go through this process.
Additionally, there are more than 350,000 voting machines used in this country today, with two main types of machines being used: direct-recording electronic (DRE) machines and optical scan machines. While the latter relies on paper ballots, DREs are digital where voters make their selections on a touch screen -- and these machines are the biggest cause for concern. In addition, each locality has different vote tallying software with different vulnerabilities and generally an unprotected website. Because there are so many variables, all 50 states have different security vulnerabilities.
BN: Who is responsible for addressing these issues?
MO: Unfortunately, the responsibility is with local municipalities who are in large part not equipped to handle potentially sophisticated attacks from foreign governments. Think to yourself who's best equipped in government to protect against Russian Intelligence interference for example, certainly not your local county clerk.
BN: What can the federal government do to assist municipalities reduce the risks around election season?
MO: As a first step, the Department of Homeland Security (DHS) needs to educate every administrative staff member in state and local government about potential risks, including DDoS attacks and phishing scams. The more informed workers are, the likelihood of an individual compromising the system diminishes. Staff members should perform vigilant security hygiene -- not opening any attachments from suspicious sources and using best practices for password protection (like two-factor authentication). Finally, staffers should not conduct any non-government activity while on the network, as this can open up their municipality’s network to additional risks through malware and phishing scams.
BN: Looking ahead past the 2020 elections, what can the government do to ensure election safety?
MO: To be frank, the threats of potential interference on voting infrastructure will remain until the country is on a secure, nationwide election system. The federal government needs view this for what it is, a national security issue. In doing that, we need the will to make the necessary upgrades to prevent things like voter fraud, foreign interference and hacking of the infrastructure, and legislation needs to be enacted in order to standardize election infrastructure to limit vulnerabilities to make that happen. Looking ahead, new and emerging technologies like blockchain or digital IDs should be considered to improve upon the network. All in all, the protection of our elections is a matter of national security and needs to be addressed immediately.