Cybersecurity, Election Infrastructure, and the Potential for Online Voting: A Series — Part 5
This is the fifth and final part of a blog series. Click here to read the Part 1, Part 2, Part 3, or Part 4 of our series.
Conclusion
Solving the varied and complex problems of election infrastructure requires that a number of corrective measures are taken. In order to protect voter databases, the Cybersecurity and Infrastructure Security Agency (CISA), a part of the United States Department of Homeland Security, recommends that organizations responsible for maintaining and protecting these databases take the following five steps to ensure their security. First, out-of-date operating systems and applications should be patched to reduce vulnerabilities. Next, databases should be protected with “allow lists” which permit only specific, permitted software to be run within the system while blocking all others. Third, database administrators should apply the widely used security principle of least privilege, providing administrative privileges only to those who need them. Fourth, database administrators should implement input validation, which sanitizes user input and helps prevent web application attacks such as SQL injection and cross-site scripting. Finally, CISA recommends the use of appropriately configured firewalls to prevent unauthorized intrusion into the system (Cybersecurity & Infrastructure Security Agency, 2020).
Election security experts have long agreed on several measures to secure voting machines. Governments should provide funds to upgrade system hardware and software, as well as to train election staff, and some of this has been taking place since the 2016 election. Several states have taken steps to update their voting machines, including Michigan, Florida, and Ohio. A second recommendation is that all voting machines produce a paper ballot that can be used to verify voters’ intent. In 2016, 14 states used paperless machines for some of their voting, and about 27.5 million votes were cast on paperless machines. In the intervening four years, states have committed to reducing or eliminating the use of paperless machines (Cordova McCadney et al., 2019). Experts estimate that in the 2020 election, 95% of ballots will be cast with a verifiable paper trail, increasing from 75% in 2016 (Bracken & Eaton, 2020). And finally, after elections, jurisdictions should conduct audits, comparing election outcomes to paper records ensuring that votes were recorded and counted correctly (Cordova McCadney et al., 2019).
The new frontier of online elections presents potential benefits but also a host of new challenges. While making voting easier and potentially boosting voter participation, online elections may be more vulnerable to attack, and their validity may be difficult to verify. While the possibility of online voting may be worthy of further exploration, securing the existing election system should be our first priority.
Christopher King and Shlomo Ross have just completed their certification at Fullstack Academy Cyber Bootcamp and are pursuing careers in Cyber Security
Click here to read our whole report
If you enjoyed this series, please feel free to like and share it with family and friends.
Sources:1) Cybersecurity & Infrastructure Security Agency. (2020, June 30). Security Tip (ST16-001) Securing Voter Registration Data. Cybersecurity & Infrastructure Security Agency. Retrieved October 26, 2020, from https://us-cert.cisa.gov/ncas/tips/ST16-001 2)Cordova McCadney, A., Howard, E., & Norden, L. (2019, August 13). Voting Machine Security: Where We Stand Six Months Before the New Hampshire Primary. Brennan Center. Retrieved October 26, 2020, from https://www.brennancenter.org/our-work/analysis-opinion/voting-machine-security-where-we-stand-six-months-new-hampshire-primary 3)Bracken, K., & Eaton, A. (2020, October 18). How Will the U.S. Combat Election Day Cyberwarfare? With Paper. New York Times. Retrieved October 26, 2020, from https://www.nytimes.com/2020/10/18/us/elections/voting-machines-paper-ballots.html
