5 fixes for U.S. election systems
What: A report from the Harvard Kennedy School's Belfer Center for Science and International Affairs, titled "Hacking Chads: The Motivations, Threats, and Effects of Electoral Insecurity."
Why: Reports of Russian-backed attempts to hack Democratic Party systems and breach state voter databases have spotlighted the cyber vulnerabilities surrounding U.S. elections. And "while a foreign intelligence service is likely the most persistent and capable threat," authors Ben Buchanan and Michael Sulmeyer note that "there are other actors, such as terrorist groups, partisan activists, and groups with narrow parochial interests, which might seek to manipulate an election."
Buchanan and Sulmeyer, both affiliated with the Belfer Center's Cyber Security Project, detail the different risks and recommend five steps aimed at improving the cybersecurity of elections.
Findings: There are vulnerabilities at several different levels of U.S. election systems, the authors warn, and the potential attacks fall into three categories:
"those that target the confidentiality of data or systems, those that target their integrity, and those that target their availability."
Voting machines themselves can be compromised, but the larger risks lie in voter databases and the local- and state-level tabulation and reporting systems. The authors also warn that verification systems used to determine voter eligibility could be targeted to obstruct legitimate voters, create delays at the polls and force the use of provisional ballots.
To mitigate such risks, the report recommends steps "for improving the cybersecurity of elections, showing their integrity, and guarding against threats":
- The federal government should designate election systems as critical infrastructure.
- States should "purchase and deploy voting machines that generate a voter-verifiable paper audit trail," and the federal government should fund those investments.
- States should "expand their use of pre-election security audits to identify and remediate vulnerabilities."
- "States should establish or improve their post-election audit procedures, applying statistically rigorous methods to increase confidence in the reported results."
- The federal government should work to deter other nations from attempting election-focused cyberattacks, and "outline a clear policy on the seriousness of electoral interference."
Takeaway: " It is too late to fully mitigate this danger in 2016, but the cybersecurity of future elections should be a paramount concern. ... The risk simply isn’t going away."
More: Read the full report here.
Troy K. Schneider is editor-in-chief of FCW and GCN, as well as General Manager of Public Sector 360.
Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.
Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.
Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.