Latest News

DHS may increase protections for voting systems to thwart hackers

Homeland Security Secretary Jeh Johnson said Wednesday the federal government should consider designating the U.S. election process as “critical infrastructure” to give the voting system greater protection against cyber attacks.

Johnson made the comment in response to a reporter’s question about whether electronic voting machines are vulnerable to hackers in November’s presidential and congressional elections. There are more than 9,000 state, county and city jurisdictions that collect and tally votes throughout the nation.

“We are actively thinking about election cybersecurity right now,” Johnson told reporters at a newsmaker breakfast hosted by the Christian Science Monitor.

If the voting system was designated as critical infrastructure, it would allow theDepartment of Homeland Security to strengthen protections for the election process and make it a bigger priority, Johnson said. The secretary plays a central role in deciding what public and private sectors should receive the designation.

Critical infrastructure is defined by DHS as “sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety.”

Currently, 16 sectors have been given the designation, including transportation services, energy, nuclear reactors, emergency services, the chemical industry, the defense industrial base, communications, and financial services.

“I do think we should carefully consider whether our election process is critical infrastructure,” he said.

Johnson said DHS plans to contact state and local election officials soon to ensure that the strongest possible precautions are taken to protect the integrity of the voting systems. In the longer term, the government needs to invest more money in protecting the electoral process, Johnson said.

Questions about the security of electronic voting systems have been raised in the wake of last month’s revelations that the Democratic National Committee had been hacked. Johnson said DHS is not yet prepared to attribute that hack to the Russian government or any other specific actor, despite widespread reports that Russia may have been involved. The FBI is investigating the attack.

A spokeswoman for the National Association of Secretaries of State said state election officials have not been informed of any specific threat to the voting process.

“NASS is not aware of the existence or the presence of any credible threats reported by any national security agencies,” said Kay Stimson, the group’s communications director.

She said the de-centralized nature of voting in America actually helps thwart hackers. Each state runs its own voting system even for national presidential elections.

“It’s also important to point out that our election systems are not Internet-based systems,” Stimson said. “The are closed systems.”

About 60% of states have post-election audits to help guard against any direct manipulation of the voting process, she said.


Election Fraud

Washington Post: By November, Russian hackers could target voting machines

As we’ve said before, voting machines are in fact hackable. They can be hacked by unsophisticated means, and if you add in Russian hackers who are by all intents and purposes, extremely sophisticated, these machines are probably very vulnerable to being hacked.

From The Washington Post:

Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands of internal emails just before the party’s convention began, U.S. intelligence agencies have reportedly concluded.

The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation’s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November — that our election systems and our voting machines could be vulnerable to a similar attack.

If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is essential. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don’t see.

Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way — politically, economically or in cyberspace — and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there’s no guarantee the next country that tries to manipulate our elections will share your preferred candidates.

Even more important, we need to secure our election systems before autumn. If Putin’s government has already used a cyberattack to attempt to help Trump win, there’s no reason to believe he won’t do it again — especially now that Trump is inviting the “help.”

Over the years, more and more states have moved to electronic voting machines and have flirted with Internet voting. These systems are insecure and vulnerable to attack.

But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified.

We no longer have time for that. We must ignore the machine manufacturers’ spurious claims of security, create tiger teams to test the machines’ and systems’ resistance to attack, drastically increase their cyber-defenses and take them offline if we can’t guarantee their security online.

Longer term, we need to return to election systems that are secure from manipulation. This means voting machines with voter-verified paper audit trails, and no Internet voting. I know it’s slower and less convenient to stick to the old-fashioned way, but the security risks are simply too great.

There are other ways to attack our election system on the Internet besides hacking voting machines or changing vote tallies: deleting voter records, hijacking candidate or party websites, targeting and intimidating campaign workers or donors. There have already been multiple instances of political doxing — publishing personal information and documents about a person or organization — and we could easily see more of it in this election cycle. We need to take these risks much more seriously than before.

Government interference with foreign elections isn’t new, and in fact, that’s something the United States itself has repeatedly done in recent history. Using cyberattacks to influence elections is newer but has been done before, too — most notably in Latin America. Hacking of voting machines isn’t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.

Last April, the Obama administration issued an executive order outlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical. And while they’re a hodgepodge of separate state-run systems, together their security affects every one of us. After everyone has voted, it is essential that both sides believe the election was fair and the results accurate. Otherwise, the election has no legitimacy.

Election security is now a national security issue; federal officials need to take the lead, and they need to do it quickly.