In 2016, hackers linked to Russian intelligence compromised U.S. voter databases, hacked the Democratic National Party, leaked confidential emails, and used social media platforms to spread disinformation that would sway the presidential elections.
While there is no evidence that the 2016 poll results were altered, Russians without a doubt accomplished their goal to sow discord among the American people. Faith in democracy and the U.S. electoral process is shaky at best, with many people asking: will the 2020 elections be safe from foreign tampering?
Cybersecurity experts aren’t so sure.
Are Polling Machines Safe from Hackers?
Propaganda campaigns aside, a major concern around election security is the vulnerability of voting booths themselves. Because the government purchases election booths from third-party manufacturers, the make, model and function of booths varies from state to state. While some states use paper ballots to tally votes, many use paperless voting machines. These paperless machines collect and send voting results electronically, leaving no paper trail by which officials can audit, recount or truly verify votes.
While government officials claimed that voting machines are not connected to the internet, cybersecurity experts discovered that at least three dozen states’ voting systems were online — and vulnerable. These voting machines have modems that connect to mobile internet.
But why would a voting booth need to be online? Blame our culture of instant information. These connected voting booths are built to quickly relay unofficial results to the media and the public. On top of modem connections, the operating systems on many voting machines are hopelessly outdated. One cybersecurity expert investigating ballot-marking machines at Defcon found that some machines were running on a version of Windows over 15 years old. This sort of outdated technology is extremely vulnerable to exploitation.
There is currently no legislation prohibiting the use of internet-connected or paperless voting machines, and many states still use them. Despite that congress allocated $380 million to states toward improving election security, nearly one-third of states still used paperless voting booths in 2019. In 2020, it’s estimated that only 12% of votes will be cast on paperless machines.
What Paper Trails Can’t Prevent
Unfortunately, voting machines and paper trails are just the tip of the elections iceberg. Elections ecosystems involve much more than just voting booths — consider voting registration databases, social media and more. And as evidenced by Russian interference in the 2016 elections, there are many ways to sway democracy, from misinformation and propaganda to spearphishing attacks.
What’s worse: Russia’s previous attacks may have simply been “dress rehearsal” for the 2020 elections, according to FBI Director Christopher Wray.
Social media platforms Twitter and Facebook played a major role in disinformation campaigns leading up to the 2016 elections. Advertising and spreading false information on these platforms is inexpensive and extremely far-reaching, making social campaigns ideal for election meddlers. Experts worry that social media companies aren’t doing enough to police their platforms. Facebook in particular has not committed to thoroughly fact-checking or monitoring political ads.
Ransomware attacks are also a concern during election season. 2019 saw a slew of ransomware attacks on government bodies, with four U.S. cities falling victim to ransomware in December alone. A ransomware event on election day would be a critical blow to U.S. democracy.
Christopher Krebs, Director of the Cybersecurity and Infrastructure Security Agency, voiced concerns about ransomware attacks on centralized information. Voter registration databases are an especially vulnerable target. Not only is voter data centralized, making it easy to attack, it’s critical on elections day when poll workers need access to voter information.
Poll books and submission systems used at voting sites are also easy targets for hackers. Poll books are essentially lists of registered voters that poll workers use to confirm voters’ eligibility to cast their ballots. In 2016, lists of registered voters were compromised by Russian hackers. While targeting these systems may not change the outcome of elections, they would certainly sow discord by casting doubt on the election results.
How Can the U.S. Secure the 2020 Elections?
The answer to this question isn’t easy, but cybersecurity experts agree that it begins with more government funding. While congress’s $380 million boost to cybersecurity was much needed, a once-per-decade lump of funds will not prevent meddling from malicious cybercriminals. Technology evolves rapidly, and so do the tactics of hackers. It’s important for the government to regularly provide funds for continual improvements.
Moreover, a defense-in-depth strategy that provides paper trails and offline backups would not only bolster election security, but also citizens’ faith in the democratic process.
Is Your Organization’s Data Secure?
As we enter a new decade, the lines between cybersecurity and politics are blurred. Take for example the Equifax data breach, only recently revealed to be the alleged work of state-funded Chinese hackers.
Now more than ever, it is critical to secure your organization’s data. Bluefin is here to help. We specialize in security technologies, including tokenization and point-to-point encryption (P2PE), to protect payment and PII/PHI data. With Bluefin solutions, sensitive information never traverses your system, so that if a breach does occur, hackers get nothing.