A House panel heard from several experts who offered recommendations on securing elections infrastructure.
A Nov. 29 House hearing on the cybersecurity of voting infrastructure highlighted warnings about some machines used to cast votes and the software used to tally them, but officials were positive about the progress being made and the low likelihood that an attack could actually switch any votes.
Several experts who testified at the hearing, held by the House Oversight Committee's subcommittees on information technology and intergovernmental affairs, recommended that states should begin switching -- if they haven’t already -- away from direct-recording electronic voting machines.
Matt Blaze, a computer science professor at University of Pennsylvania, said the complexity of DRE machines makes them very hard to secure. The vote tallies stored in internal memory, ballot definition parameters displayed to voters and electronic log files used for post-election audit are all subject to alteration.
These vulnerabilities were put on display at the July DEFCON Voting Village, which Blaze helped organize, where every voting machine on display was hacked in one way or another.
But Tom Schedler, the Louisiana Secretary of State, said the Voting Village was not a realistic test of the devices.
“Machines that have been hacked at attention-grabbing conferences like DEFCON do not take into account any of the security/safety measures … and are not set up in real world election environments by any stretch of the imagination,” Schedler testified. “To me, that is not an accurate test or a level playing field.”
Schedler said he is confident in his state’s voting infrastructure, which includes DRE machines. He added that Louisiana tries to ensure that even poorer counties have the same voting machine security that wealthier ones do.
Virginia decided to decertify its DRE machines just 60 days prior to election day and just two weeks before absentee voting in this past election, Virginia Commissioner of Elections Edgardo Cortés said.
“In terms of our switch over to paper, our biggest obstacle was time,” he said.
But Virginia was able to work with the state’s IT agencies to get new machines tested and with local officials to get them deployed on time, he said.
Further, an attack from a nation state try to change votes across the country would be easy to spot, according to Christopher Krebs, the senior official performing the duties of the under secretary in the National Protection and Programs Directorate of the Department of Homeland Security.
“Mounting widespread cyber operations against U.S. voting machines at a level sufficient to affect a national election would require a multiyear effort with significant human capital and information technology (IT) resources available only to nation states,” Krebs testified. “The level of effort and scale required to significantly change a national election result, however, would make it nearly impossible to avoid detection.”
DHS is working alongside the Election Infrastructure Subsector Government Coordinating Council on a plan for securing election systems now that they are considered critical infrastructure, he added.
The witnesses provided a number of recommendations for how to secure election infrastructure in their testimony, including:
Optical scan: These systems consist of a paper ballot filled out by the voter and a digital scanning system that records the ballots. The hard copy ballot allows for audits and provides a backup should anything go awry with the digital side of the process. Moving all voting over optical scan systems would “leave a direct artifact of the voter’s choice,” Blaze said.
Audits: Audits should be mandatory “after every election to detect software failures and attacks,” Blaze recommended. Voting systems will always rely on software in one way or another, but, he said, post-election audits "ensure that the integrity of the election outcome does not depend on the herculean task of securing every software component in the system."
Funding: Congressional funding to localities “is a critical need” for ensuring the security of elections, Cortés said. Susan Hennessey, a fellow in National Security in Governance Studies at the Brookings Institution, said additional resources should be conditional on localities meeting best practices outlined at a federal level.
Standards: All voting equipment should receive a federal certification and election administrators be trained and accredited, Cortes said. Hennessey advocated a national strategy that puts in place “neutral standards and thresholds” be set up before the next national election.
Regulation: Regulating the voting machine vendors is also necessary, Hennessey said. Government must not only set security standards for the machines, but also require the manufacturers to undergo routine penetration testing.