Securing voting machines is only half the battle
America has a long and colorful history of election fraud. The electoral shenanigans of Chicago and Cook County in Illinois are legendary. And there is the 1948 Texas Senate race that Lyndon Johnson won by 87 votes in the infamous Ballot Box 13 from Jim Wells County. Some cynics would say Johnson stole that election. But vote buying was an old and honored tradition in South Texas, and if Johnson bought more of them than his opponent, Coke Stevenson, well, Coke had no one to blame but himself.
Still, election officials should be doing everything necessary to ensure against fraud in elections. I’m not talking about the fear of millions of undocumented aliens throwing an election. I’m talking about the real threat of manipulating the results from polling sites through unsecured electronic systems.
With the growing use of electronics in elections, the security of network connections to voting systems is becoming increasingly important.
There are a variety of electronic voting systems, or systems in which electronics play some part. At one end of the spectrum is the direct-recording electronic system in which a vote is recorded directly on a computer-based machine with no paper ballot. At the other end is the optical scan system, in which marked paper ballots are scanned and tallied electronically. Regardless of the type of ballot, if the results are reduced to digital data they typically are stored electronically and transmitted over some type of network.
The Election Assistance Commission maintains Voluntary Voting System Guidelines that states can use to certify voting equipment. But the system is voluntary, and even a certified system has to be configured properly to work securely. Too often, little attention is given to how those systems are connected to networks.
“It seems to be a pretty much a greenfield area now,” said Rainer Enders, chief technology officer of NCP Engineering, which provides secure access systems and VPNs.
Once a system is connected to a network, it can be exposed to the whole world if proper security is not put into place. This means the data from the system could be intercepted or modified during transmission, or the system itself could be breached and meddled with.
To date there have been no reports of large-scale problems of this type, and the chances of it having an impact on Tuesday’s elections probably are small. But if the last 20 years of IT history security have taught us anything, it is that if something can be done, eventually it will be done. The stakes and the incentives in this type of crime are high enough to attract considerable unwanted attention.
Fortunately, securing a networked voting system presents no particular challenge, Enders said. It doesn’t matter what type of information is being sent over the network, the solutions are the same.
“It’s critically important that as soon as you connect it to an external network it is secure and you don’t allow any unauthorized connections,” he said. And all data must be encrypted. “That is mandatory.”
Officials should not take too much comfort in the fact that election systems typically are up and operating for only a short time. “It does shorten the window of opportunity, but I don’t think it protects you too much,” Enders said. If an election system is being targeted, the attacker knows what that window is and will exploit it. He might not have time for a low and slow attack, but brute force is always an option.
The bottom line: This data is critical. “Don’t take shortcuts,” Enders said. “Use good, best-of-breed, standards-based security.”
Posted by William Jackson on Nov 02, 2012 at 9:39 AM