Security gaps could undermine confidence in election results
- By Mark Rockwell
- Oct 19, 2020
It only takes one small breach to dent confidence in the nation’s election systems, according to a digital rights and technology expert.
While the Cybersecurity and Infrastructure Security Agency (CISA) and other organizations have made great strides since 2016 to shore up local election infrastructure, “cybersecurity is an active process. Threats are constantly changing and evolving, so we need to keep making the case that election officials need to prioritize cybersecurity and not be complacent," said William Adler, senior technologist for elections and democracy at the Center for Democracy and Technology.
Adler's comments came during an Oct. 16 conference call with reporters. He and other officials at the technology and digital rights advocacy group explained the variety of threats facing the upcoming elections, from voter suppression to misinformation about mail-in ballots and cybersecurity. Even an unsuccessful attack, if detected and publicized, can sow misinformation and undermine confidence, which is a Russian goal, according to Adler.
"It doesn't have to be a major breach or an altering of election results," he said.
The 3,000 county governments across the U.S. responsible for maintenance of local election systems offer multiple points of potential vulnerability. "It's possible one of those counties is doing a less-than-stellar job. Even an insignificant breach in a small county can sow misinformation about state-wide or country-wide issues," said Adler.
Advances in cybersecurity capabilities and services from CISA and vendors don't help financially strapped county governments acquire new equipment or needed upgrades.
"Too many counties are using devices with known security vulnerabilities, no paper trail, or both," he said.
Out-of-date or vulnerable technology means local governments have to be very aware of physical security measures to protect the software, according to Adler. Some lapses in physical security have already been noted this election season, he said. However, localized attacks on voting machine software and other tactics are difficult to scale up to have any significant impact on larger election results, he said.
This article was first posted to FCW, a sibling site to GCN.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.