Committee urges broader election security protections
- By Derek B. Johnson
- May 10, 2018
The Senate Select Committee on Intelligence is calling for states to tighten the screws on election security, urging them to move toward protecting voter registration databases with paper backups and two-factor authentication, conducting risk assessments on voting machines and deploying better sensor technology across their election infrastructure.
Paper records for voting machines have long been championed by cybersecurity experts, and the Senate Intel Committee reiterated that advice in its May 8 report. But the committee went further, recommending the same protections for state voter registration databases after activity around as many as six states' election infrastructure was discovered that went beyond mere scanning and targeting of public websites.
"In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals," the report stated.
Furthermore, the call to install better sensor technology to detect malicious activity around election systems comes after a recent Senate hearing where a Department of Homeland Security official acknowledged that the department could not definitively say how many states were targeted by Russian hackers in the lead up to the election because some states lacked the necessary technology to detect suspicious activity.
"It is possible that more states were attacked, but the activity was not detected," the report stated. "In light of the technical challenges associated with cyber forensic analysis, it is also possible that states may have overlooked some indicators of compromise."
The report also highlighted the critical role that voting machine manufacturers play in election cybersecurity and expressed concern that "federal government authorities have very little insight into the cyber security practices of many of these vendors."
Members of Congress including Sen. Ron Wyden (D-Ore.) have pressed voting machine companies for more insight into their cybersecurity practices over the past year, finding that three of the top five manufacturers do not employ a chief information security officer. Many manufacturers have been reluctant to open their systems up to third-party review by security researchers.
This article was first posted to FCW, a sibling site to GCN.
Derek B. Johnson is a former senior staff writer at FCW.