Get My Score

Voting Vulnerabilities are Real

voting vulnerabilities

Regardless of Potential Vulnerabilities - We Must Vote

With less than six days until one of the most important elections in recent history, coverage of potential vulnerabilities has never been greater.  Compared to 2016, the typical voter is more aware of any threats, and probably more scared.  There is a concern that people will just stay home, thinking that their vote will be compromised, as captured in a recent Pew Research Center Survey

mid-term election vulnerabilities

Given that the vote is fundamental to our democracy, this isn’t good. But, as the New York Times summed it up, even though or voting process is vulnerable and outsiders are looking to sow pervasive doubt over the integrity of American elections--the only chance we have is to vote. 

As we look back as early as a decade ago and confirmed just this last summer at DefCon, researchers identified vulnerabilities in both the voting machines as well as state election infrastructures. During the lead-up to 2016, Russia actively probed for security gaps.  Given that elections fall under state jurisdiction, the potential attack surface varies widely depending upon whether paper records are maintained, the training of personnel, and the chain-of-custody of voting results.  Best practices are summarized here.  One alarming statistic is that, although states can take advantage of federal programs to vet their systems, less than half actually requested it as of the end of October.  This where the types of attacks have become much more sophisticated over the last two years.

However, there are other, indirect threats as well, over which individuals have more direct control.

Recently, McAfee published a good rundown on deficiencies in state election websites.  Here, the threat is not at the polling place, but beforehand, with an unsuspecting voter fooled into going to the incorrect polling location entering personal information.  The cat may already be out of the back regarding the latter threat, with security firms reporting that over 35 million voter records are now available on the dark web.   These types of threats, in terms of sheer numbers of voters impacted, can be more destructive than the small percentage of voting machines that may (or may not) be compromised. 

And, we’re increasingly aware of the potential impact of social networks in spreading disinformation.  Unlike 2016, the Facebooks and Twitters of the world have realized their roles, both positive and negative, and are attempting to put the necessary checks in place.  But they will be hard-pressed to stay a step ahead of the hackers.

Hopefully, with additional focus, federal dollars, and press overwatch, Nov 6th won’t present any issues.  And even if we run into some concerns, the strength of our overall voting democracy will prevail, as long as we continue to believe, stay resilient, and vote.

For voter registration and other critical infrastructure officials looking to protect future cybersecurity threats check out the Cavirin Playbook, "Leveraging NIST CSF".

 

 

 

0
0
0
s2sdefault

© 2018 Cavirin Systems, Inc. All rights reserved.