What became secondary (if that) in the political fireworks display surrounding the report’s release is the intentional, systematic interference in our democratic process by foreign powers that it uncovered. There’s nothing like a compromised presidential election to shine a national spotlight on the importance of cybersecurity.
And this is one of those cases where even the appearance of impropriety is as damaging as if votes are actually altered.
“When it comes to the adversary, they’re not necessarily looking to explicitly change votes or change results, but create the perception that something might have happened,” said Ben Spear, director of the newly established Elections Infrastructure arm of the Information Sharing and Analysis Center (EI-ISAC).
As is covered in detail by GT Staff Writer Andrew Westrope in Cybersecurity and Democracy Collide: Locking Down Elections, there are myriad efforts to secure election infrastructure underway. From Washington, D.C., to state capitols to county registrars’ offices, professionals whose livelihoods revolve around preserving the integrity of the vote are collaborating to close gaps and resolve vulnerabilities.
While many states were wary at first, the Department of Homeland Security classified election systems as “critical infrastructure” in 2018. In addition to laying the foundation for EI-ISAC, the move brought more resources, coordination and threat-sharing among officials across the country.
Secretaries of state similarly report a better condition of preparedness now than for the last election cycle, with some funding flowing toward tools like malware detection and staff to assist smaller local governments. Sensors were deployed in order to keep an eye on traffic to election websites and detect intrusions into voter databases.
There are ample reasons to remain vigilant.
In late August, a voter in the Mississippi gubernatorial election captured video of a voting machine repeatedly changing her vote from the candidate she selected (Bill Waller Jr.) to Tate Reeves. Several other instances of the malfunction were reported, leading to calls to technical staff, taking the questionable machines out of commission for the moment.
While this case reportedly only affected a couple dozen votes in an election that was decided by a spread of more than 26,000, undermining voter confidence can have sweeping effects. Add to that the proof in the Mueller report that voter registration databases in all 50 states were probed by bad actors. No evidence was found that information was altered, but again, it threatens voter confidence in the democratic process.
There’s a role for tech leaders in government here to help underscore the importance of needed resources, for both technology and training around voting systems. We cover another critical issue — patch management — in a separate feature (see p. 38), but its importance bears repeating. Aging systems are only as good as their last patch. And keeping those current takes resources too.
But even with “foolproof” technology in place to safeguard fair elections, experts broadly point to the importance of a backup plan — namely the availability of an auditable paper trail — if something goes awry on Election Day.
Chris Krebs, the inaugural director of DHS’ Cybersecurity and Infrastructure Security Agency, backed up this widely held belief at a conference in August, underlining the need for the marriage of modern election technology with manual tools. “Gotta get auditability,” he said. “I’ll say it: Gotta have a paper ballot backup.”
