Between rigorous testing and certification, risk-limiting audits and assistance from the Cybersecurity and Infrastructure Security Agency, state and local elections are vastly more secure – even if the public doesn’t know it.
Government elections officials must do a better job of communicating the multilayered defense processes that ensure secure voting, election security experts said.
Speaking at an Sept. 1 Election Assistance Commission (EAC) event marking the 20th anniversary of the Help America Vote Act, panelists detailed changes in the last two decades that have made elections secure, starting with testing and certification procedures.
“The majority of states require that a voting system is either certified by the EAC or tested by a voting system test lab,” said Traci Mapps, vice president at SLI Compliance, a testing laboratory accredited by the EAC to ensure voting systems comply with federal standards. “Sharing that information with the public with their elections, officials, their voters, would be beneficial.”
The testing and certification process includes not just functional testing but also document review, hardware testing, secure source code reviews, trusted builds and targeted security testing, Mapps said. SLI has also worked with election officials to conduct “pre- and post-election configuration checks to verify that only certified or expected versions of the software -- and no unauthorized software -- is present on the election system that could compromise the integrity of the election process,” she said.
Certifications also can help address the newer, more sophisticated cybersecurity threats.
“Twenty years ago, if I told you that the adversary in our elections was a foreign nation state, that's Russia or China or Iran or somebody else, you would have said, ‘That's crazy!’” said Dan Wallach, a computer science and electrical and computer engineering professor at Rice University. “It creates an amazing challenge, but also an amazing opportunity to create these federal state and local partnerships to bring the expertise to bear on the problem.”
According to Mona Harrington, acting assistant director for National Risk Management Center at the Cybersecurity and Infrastructure Security Agency, “hundreds of election officials and private sector election infrastructure partners” have signed up for CISA’s cybersecurity services, which include scans for vulnerabilities on internet-connected infrastructure as well as in-depth penetration testing. Additionally, she said, all 50 states have deployed the intrusion detection sensors known as Albert sensors.
Because the role of election officials has greatly expanded beyond “simple election administration to a position more akin to technology and information managers and IT managers,” Harrington said, CISA resources have also been invaluable to state and local elections officials that don’t have the expertise to deal with increasing volume and complexity of cybersecurity threats.
Another way to boost confidence in election integrity would be if the public better understood the role of risk-limiting audits. These audits are based on the idea that when it comes to counting votes, computers are fast but hard to trust, Wallach said. Human vote counters, on the other hand, are “very secure” but very slow, especially when there are millions of votes to count.
Unless an election is very close – which often triggers a hand recount anyway – a risk-limiting audit can quickly and efficiently produce “a 95% confidence interval that you have the correct outcome,” Wallach said.
The math behind the technique shows that in a statistically relevant random sample of ballots, “you only have to prove that any possible error is smaller than the margin of victory,” he said. “As long as you can prove that to a high degree of statistical certainty, then you can say, ‘I'm confident we have the correct winner’ and do it with a lot less work.”
“It's a really important way of improving election transparency that doesn't require any really new technology,” Wallach said. Plus, it’s much faster. “If we can provide publicly visible procedure, then that can help mitigate some of the misinformation,” that surrounds the voting process, he said.
The multilayered, or defense-in-depth, approach to voting security means if an elections office is using the right policies and procedures, they can build resilience to different threats, Wallach said. “It's not to say that somebody can't hack the computer, but we're going to make that harder. And it's not to say that somebody can't stuff the paper ballot box, but we're going to make that harder too. But combining them together we can defend against both. And all of that raises the bar.”