voting (vchal/Shutterstock.com)

INDUSTRY INSIGHT

No time for stalling: The urgent need for an election hacking response

On July 13, the Justice Department indicted 12 Russians for interfering in the 2016 presidential election. Unfortunately, much less progress has been made on addressing the growing threats to election security. With the 2018 midterm elections just a few months away, addressing those concerns is essential to the integrity of democratic institutions and U.S national security.

Although there has been much focus on Russian interference in the 2016 presidential election, cyberattacks on elections are not a new phenomenon. The Obama and McCain political campaigns were both compromised a decade ago. The difference now is the increasing ability of attackers to target elections at all administrative levels. Adversaries are honing their election interference skills globally and applying many of the lessons learned to operations in the United States. At the same time, election security legislation remains stalled and reactive, making campaigns and election officials vulnerable targets this fall and for the foreseeable future.

Election interference is increasingly a global challenge and attack on democratic institutions. In June, the website of a presidential candidate in Mexico was hit with a distributed denial-of-service attack during an election debate. In Taiwan, a spike in cyberattacks on the government is coinciding with increased disinformation in the lead-up to the country's local elections in November. According to Freedom House, data manipulation and disinformation impacted at least 18 elections globally in 2016.

As disinformation and cyberattack tactics become more accessible, prolific and successful, more attackers are adopting those strategies at elections at all administrative levels. In 2016, voter registration rolls in Galesburg, Ill., were compromised not because they were specifically targeted, but due to vulnerabilities that matched the ones the hackers were exploiting. Most state systems were targeted during the 2016 elections, and at least a handful were compromised, according to “60 Minutes” and NBC reports. Earlier this year in Knox County, Tenn., the website of the election committee was disrupted by a DDoS attack the night of the election. Officials later learned the attack was a distraction for a more sophisticated compromise of their networks. Government officials have already publicly stated that two 2018 campaigns have been targeted with DDoS attacks.

Despite the mounting evidence of past and potential foreign and domestic election interference, national policy has yet to seriously address this modern threat. The Protecting the American Process for Election Results Act was introduced last September to require best security practices and auditing capabilities. The Defending Elections from Threats by Establishing Redlines Act, introduced in January, would use national security tools and responses to deter foreign intervention. Neither proposal has advanced beyond the introduction. We have also seen the bipartisan Secure Elections Act  and the Protecting American Votes and Elections Act introduced without further action.

As proposed legislation piles up, the omnibus budget bill included $380 million for election security, 55 percent of which has been allocated to 26 states largely for patching and some training. At the same time, states are pursuing self-funded election security, resulting in great variation in security across the states. Some still lack any audit capabilities. For instance, Virginia recently replaced the touchscreen voting machines deemed most vulnerable, but five states still use such machines without any paper trail. These investments are necessary but are not sufficient to instigate the policy changes and technical modernization required for comprehensive election security.

Election security is multifaceted and involves disinformation campaigns and attacks on voter registration rolls, political campaigns, candidates and voting machines. Such interference chips away at democratic integrity. Given the global, national and local evidence of attacks on election security, it is essential to move beyond denial and partisanship and implement impactful, proactive and forward-looking policies with the resources to implement them. The legislation exists, but until election security is prioritized and well understood, state and local election officials and candidates must fend for themselves against well-resourced and motivated attackers.

About the Author

Andrea Little Limbago is the chief social scientist at Endgame.

inside gcn

  • high performance computing (Gorodenkoff/Shutterstock.com)

    Does AI require high-end infrastructure?

Reader Comments

Wed, Jul 25, 2018 Secure Our Vote

Upgrading our system is a team effort, and shouldn't be up to the federal government alone. There needs to be support from local and state governments in order for this to work. Support from the federal government needs to be consistent in order for election security to sustain itself. The $380 million from Congress is a great start, but states and localities need more. Some states like Vermont only got $3 million. States and localities don't just need money, but IT and software assistance, along with post-election audit resources. However, no matter, we everyone needs to stop thinking of election security as a hurdle to jump over but rather a long term investment into the state of our democracy. For more information or to join the coalition that's working towards this, go to secureourvote.us and sign the petition. We'll reach out to you and work one-on-one with you from there.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group