Institute for Critical InfrastructureCybersecurity is a growing concern in many areas of government, including the 2016 U.S. presidential election, where officials are worried about the potential for a voter data breach. According to Time Magazine, the FBI has found that voter registration databases in Illinois and Arizona have already been hacked — and there are fears that these aren’t the only problems with the system.
Outdated Technology Could Cause a Breach
According to a report from the Institute for Critical Infrastructure Technology, the electronic voting systems used in elections are all too easy to hack, as they’re at least a decade old and lack even rudimentary security controls. Many are proprietary, with patches not available even for vulnerabilities that have been known for years. Additionally, the report found that few officials involved in the election process have much knowledge of or interest in security or cyber hygiene, and there’s no pressure on manufacturers to retroactively add security controls to outdated machines, and little budget available to purchase new ones. Earlier this year, 43 states were still relying on voting machines that were based on operating systems that include Windows CE and Windows XP, neither of which are still supported, meaning no updates are available to patch vulnerabilities.
There are many ways that security attacks could threaten these systems and make the election results suspect. Threats range from physical attacks, to social engineering schemes such as spear-phishing, which causes malware to be downloaded, to hacks against databases that could cause a voter data breach. The reduced functionality of these aging computers and their limited endpoint security mean that the machines used could be attacked at any stage by a hacker or an insider.
One Small Attack Could Be All It Takes
Because the processes and technology used vary widely from state to state, a widespread attack against the entire system isn’t feasible. But the report notes that a criminal attack in a swing state, which could be decided by as few as 400 votes, could derail the entire outcome of the election. Although many security attacks are financially motivated, there’s little financial incentive to hack an election — rather, most election hacks are politically motivated.
Preventing a Future Voter Data Breach
The democratic election process requires that the voting system can be verified from start to finish, with the integrity of votes guaranteed when they’re cast, collected and counted. In order to prevent a future election breach, IT infrastructure needs to built with security at its core, and comprehensive testing should be carried out to security precautions that are put in place. Additionally, budgets need to be increased so officials can purchase new, secure equipment, and all officials involved must be educated in order to increase cybersecurity awareness at all levels.
Interested in more ways that technology can shape the upcoming election? New ways to capture data are making it easier than ever to reach new voters.