Cybersecurity, Election Infrastructure, and the Potential for Online Voting: A Series

The Introduction

In recent years, the intersection of cybersecurity and elections has taken a prominent place in the public consciousness. Technological advancements in election systems, the explosion of social media, and sophisticated hacking techniques have combined to make elections a new frontier in international conflict. Recent history is rife with examples of successful election-related social engineering attacks, from spear-phishing individuals for the purpose of stealing sensitive data to vast social media campaigns intended to suppress voter turnout among targeted groups. However, societies dedicated to holding free, fair, and secure elections must consider another potential vulnerability — the election infrastructure itself.

Two main infrastructure targets for attackers intending to disrupt an election are voter registration databases and electronic voting and counting machines. Voter registration rolls stored on county boards of election computers across the United States provide vast territory for malign actors to influence elections. Electronic voting and counting machines, to varying degrees, could be subject to hacking operations at any point during their life cycle. In fact, since the 2016 election, intelligence and law enforcement agencies have detected evidence of attacks on both of these essential pieces of election infrastructure. Because faith in the integrity of elections is a cornerstone of democratic societies, the stakes in defending the machinery of elections could not be higher.

Photo by Element5 Digital on Unsplash

The Threat

Individuals and organizations dedicated to protecting American elections from cyber attack must consider a variety of threats. The National Institute of Standards and Technology divides threats into four categories which can be broadly defined as environmental, accidental, structural, and adversarial. Environmental threats, while potentially problematic, pose no unique threats to the integrity of voter registration databases or voting and counting machines. Accidental threats should be addressed, to the extent possible, by properly funding local boards of election to provide comprehensive user training. By far, structural and adversarial threats pose the greatest challenge to the integrity of elections.

Adversarial threats include those that are initiated by malign actors, and in the case of elections, those actors are most often nation states. While a number of countries have been implicated in attempts to influence American elections, including Russia, China, North Korea, Iran, and Saudi Arabia, only Russia and Iran have been identified as having gained access to critical elements of election infrastructure.

Photo by NeONBRAND on Unsplash

It is important to note the goals of election hacking are not limited to changing election results. While changing voter registrations or manipulating vote tallies may seem the most obvious goal, to do so surreptitiously may not have a serious impact on voters. As cybersecurity experts Matthew Blaze and Susan Hennessey noted in their congressional testimony in 2017, a more insidious effect is the erosion of citizens’ trust in election outcomes, and thereby the institutions of government and democracy itself (Subcommittee on Information Technology et al., 2019).

Click here for the next part of this series where we deep dive into the vulnerabilities of voter databases and the affects it can have on the overall election integrity.

Christopher King and Shlomo Ross are currently students completing their certification at Fullstack Academy Cyber Bootcamp

Click here to read our whole report

Sources: 
1)Subcommittee on Information Technology and The Subcommittee on Intergovernmental Affairs of the Committee on Oversight and Government Reform of the U.S. House of Representatives (2019) Cybersecurity of Voting Machines