Proposition: Voting Systems Are Vulnerable–No

Despite hacks against the Democratic National Committee, the Democratic Congressional Campaign Committee, and the Arizona and Illinois voter databases, many state and industry officials feel confident in the security of elections systems in the upcoming election.

“While no system is 100 percent hack proof, elections in this country are secure. Perhaps as secure as they’ve ever been,” said David Becker, executive director of the Center for Election Innovation and Research.

Becker laid out four reasons why citizens should have confidence in the security of their voting systems:

  1. The system is highly decentralized into state and local divisions. “There isn’t a single or concentrated point of entry for a hacker,” said Becker, explaining that, because different states and localities use different voting machines, there is no single avenue for a hacker to go about effecting all, or even a sizable portion, at once.
  2. Voting machines are kept securely. “It’s exceedingly difficult to gain unauthorized access to even one of these machines,” said Becker.
  3. Machines are not connected to the Internet. “Without connectivity it would require a hacker to have unfettered physical access,” said Becker.
  4. Paper ballots act as an audit. Becker listed Arizona, Colorado, Florida, Nevada, North Carolina, New Mexico, Ohio, Pennsylvania, Virginia, and Wisconsin as swing states, which are a more likely target for hackers, that require a paper ballot redundancy that would catch any vote interference. Approximately 75 percent of voters will be able to verify their votes through paper ballots.

Many of the swing states are also confident in their ability to protect from and respond to an attack.

“Every county has to have in place and maintain minimum security procedures relating to their voting system, the voting process and the administration of elections,” said Meredith Beatrice, director of communications at the Florida Department of State.

The two presidential candidates have been polling closely in Iowa, but the state has full confidence in the fairness and security of its elections.

“Iowa is one of the nation’s leaders in election integrity,” said Paul Pate, Iowa Secretary of State. “We have one of the most professionally trained elections teams in the country. We partner with all 99 county auditors in the state to make sure the process is done right and every Iowan’s vote counts. Our state’s elections director is nationally certified and almost every county auditor’s office in Iowa includes state-certified election officials.”

Iowa’s voting systems undergo a variety of tests and patches leading up to and immediately before Election Day. The state is also careful to keep each machine separate and deliver the results from each precinct separately to the auditor’s office.

Tom Schedler, Louisiana Secretary of State, explained that it is essential for election security to keep voting machines separated like this.

“I think it’s important to remember that we never link voting machines together,” said Schedler. In his own state, cartridges containing the data from each machine are transported to a laptop that is kept on a closed loop, to transfer the data for counting. As a result, the data never gets online, and voting machines don’t have a chance to infect each other. Without an online avenue, hackers would have to access the machines physically.

Wayne Williams, the Colorado Secretary of State, said that his state also keeps all of its tabulation systems offline.

“It is important to note that scientists have only succeeded in hacking voting machines when favorable conditions existed that do not exist on Election Day,” said Schedler, explaining that those conditions required unfettered and uninterrupted physical access to the machines.

Critics have said that even if the election machines themselves are secure, the fact that voter registration databases can and have been hacked indicates another threat to the election system.

“A voter registration system is a database, mandated by Federal law, which stores information about individual citizens that are registered to vote in the state,” wrote Virginia Department of Elections Commissioner Edgardo Cortés in a letter to the Virginia elections community. “In Virginia, this system (VERIS) is maintained by the Department of Elections and is the primary election management tool for local election officials. The department follows all appropriate guidelines and state requirements for maintaining system security, including conducting routine vulnerability scanning and other security measures.”

Even in the instance of a database hack, supporters of the secure argument state that database backups and contingency plans would enable election officials to get the system back up and running without too much chaos.

“While it would certainly be disruptive to have registration systems hacked as we saw in Arizona and Illinois, voters could still vote. And Election Day would still occur,” said Schedler. “When one component goes down, we have other components that come in.”

States are also relying on an information sharing framework, to quickly detect whether threats found in other states are affecting their systems.

“If we find something, we refer it to the FBI,” said Lynn Bartels, the communications director for the Colorado Secretary of State. She also explained that her state participates in The Multi-State Information Sharing and Analysis Center, which sends alerts when other state systems have been hit.

“The Electronic Registration Information Center, or ERIC, is a data center that states voluntarily choose to join,” said Becker, describing another information sharing option available to states. “They share information so they can tell when a voter record is out of date so that they can notify that voter and make sure that voter gets the right information at their new address, and also reach out to all the people who are eligible to vote but not yet registered and direct them to the easiest way to register.”

Jessie Bur
About Jessie Bur
Jessie Bur is a Staff Reporter for MeriTalk covering Cybersecurity, FedRAMP, GSA, Congress, Treasury, DOJ, NIST and Cloud Computing.
No Comments

    Leave a Reply