59.7 F
Washington D.C.
Tuesday, September 26, 2023

What Will It Take to Modernize Elections Safely and Securely?

In a country that prides itself on democratic process and where convenience is king, many electoral systems remain shockingly archaic. While cautious tradition has played a role in slowing the modernization of elections in the U.S. and many other democracies around the world, the security and integrity of election results remains the main barrier to progress.

But why is there a need to modernize at all? Aside from contemporary expectations that digital accessibility of public sector services is a ‘must have’ across society, major issues such as low voter turnout can be more effectively addressed by simply making it easier to vote. That inevitably means we must turn to technology.

As a result, the pressure to build a voting process that includes web-based or even mobile-based voting capabilities is very real, and many lawmakers would like to see the development of reliable and trustworthy solutions. However, the atmosphere of suspicion created by foreign interference in the last election, for example, means progress is extremely slow. It is also not mandated that state and local governments update their systems, and very little, if any, guidance is provided.

Current Threats to Voting Systems

Even before votes are placed and counted, one of the most serious issues is the manipulation of the voting public in general. Dummy accounts across social media platforms such as Facebook and Instagram are created by ‘bad actors’ to influence voters by seeding political messages or smearing specific candidates. As such, they pose a very significant threat to the integrity of the whole process.

Then there’s the concern that voter registration databases, which are used to validate voter eligibility, could be the target of ransomware attacks in the runup to the election. These are tangible risks, and according to an article published by Reuters, lawmakers in Florida have been warned it’s likely that there will be a repeat of 2016’s foreign election interference.

Add to that risks to the voting process itself. The security shortcomings of our aging paperless voting systems continue to be highly problematic, even though we are now in an election year. For example, there is real concern among the cybersecurity community that some voting machines being used this year are far from secure because they may still be running Windows CE 5.0 – an operating system that is now over 15 years old. As one expert put it in a report published on NPR.org, “I wouldn’t even use this to control a camera at my house. Or my toaster.”

But, almost 12% of 2020 ballots – that’s 16 million votes – could be submitted via paperless voting machines, according to a 2019 report by the Brennan Center for Justice at NYU School of Law. Even though $380 million is being provided by Congress to help states upgrade their voting systems, the report argued that more work needs to be done to maximize security.

So, where do we go from here? While recent legislation is taking government organizations in the right direction when it comes to cybersecurity best practices, there is room for improvement that could put the nation on the right path to a more modern election process we can all trust.

For instance, to combat the threats to the electoral process, the Cybersecurity and Infrastructure Agency (CISA), part of the Department of Homeland Security, is implementing a program that “narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election.”

Prevention is clearly a focal point for their work. As Reuters reports, “CISA’s program will…provide educational material, remote computer penetration testing and vulnerability scans as well as a list of recommendations on how to prevent and recover from ransomware.”

Looking to the Future

The move to more convenient voting methods – particularly the use of smartphones – is an inevitable consequence of their wider impact on society. In the U.S., Seattle has become the first place to offer online voting to over a million voters in an upcoming local election. Smartphones are one of the ways people can cast their vote — delivered via Amazon cloud, the process will be watched with interest by authorities across the country and beyond. Success may increase confidence that convenience can be combined with security to help increase voter turnout, but the security industry is watching the trial with cautious skepticism.

On a national level, local governments may eventually be required to appoint a cybersecurity leader for each state. The nascent Cybersecurity State Coordinator Act is intended to improve incident response and information sharing between federal and state governments. In addition, the bill details that each coordinator should also act as “a principal federal cybersecurity risk advisor” and is tasked with raising awareness of the resources provided by the federal government to increase cybersecurity resilience. But is just having a liaison between state and federal enough?

It remains to be seen whether these various initiatives result in a fully joined up strategy to counter the risks of outside interference in domestic voting. With the 2020 election process now underway, maintaining confidence in the system has never been more important. The acid test will be the emergence (or not) of any evidence of interference in the electoral process — and, in the longer term, whether the modernization of the system has moved forward significantly by 2024.

Steve Moore
Steve Moore, formerly of Anthem, Inc., is Vice President and Chief Security Strategist at Exabeam, where he helps drive solutions for threat detection and response, as well as advise customers in breach management and program development. Prior to joining Exabeam, Moore spent more than seven years at Anthem, in a variety of cyber security practitioner and leadership roles. Most recently, he served as Staff Vice President of Cyber Security Analytics, and played a leading role in the response and remediation of the data breach announced in 2015. He also brings deep experience working with legal, privacy and audit staff to improve cybersecurity and demonstrate greater organizational relevance.

Related Articles

- Advertisement -

Latest Articles