Election Security in our Hackable World

I wear a lot of hats as the Montpelier, Vermont City Clerk, and in my capacity as election administrator for the state Capital for six years now, it should come as no surprise that a frequent topic of conversation has been the security of our elections systems.

In an attempt to respond to concerns expressed by my constituents, I decided to brush off my IT credentials (I have served as a network and database administrator for political parties and non-profits in the past ) to get a first-hand sense of the threats rather than just tacking to the winds of either the doomsayers or the nothing-to-see-here crowds. Now a CEH (Certified Ethical Hacker) and looking at security for the first time from the outside in, I can respond with a smidge more authority on the question “should we be worried?”

The answer is yes and no.

Let’s start with the bad news. Our voter registration databases are potentially hackable. If networked or wirelessly enabled, our voting machines are potentially hackable. Period. Granted it’s likely no easy task – and could potentially involve months, even a year or beyond’s worth of patience on the part of a would-be saboteur, but the potential is there. Why? Because if it’s connected to the internet in any way, shape or form, any system is potentially hackable. Consider for a moment that the highest profile hacks of the last couple years have included names such as the CIA, the NSA, and Verizon (the latter being a company that sets the standards on security over many of our day-to-day commercial transactions).

If they can be hacked, anybody can. That’s simply a reality we have to come to terms with.

But there’s also good news. Yes, computer security is a moving target (and if anyone ever tries to claim that any system is 100% locked down, they’re either uninformed or trying to reassure their customers on the value of whatever hardware or software they’re peddling), but if those tasked with protecting our electronic implementations of democracy are truly vigilant, it doesn’t have to be a crisis.

We all grew up hearing news reports about misplaced boxes of absentee ballots, incorrect registration lists, or even the legendary “hanging chads” in one jurisdiction or another – often many. These were failures of the system that required election officials to step back and engage their fault tolerance procedures and protocols, often dragging out final results for weeks.

If we’re all doing what we should be doing as election professionals, electronic mischief in our voting systems doesn’t have to be more impactful than those low-tech issues of the past (which themselves have been minimized by the technology). As long as we have the right procedures, protocols and policies in place, when our systems get hacked (and they will be), we should prove just as resilient. Those procedures should include:

• Policies, such as election-day voter registration, that make voting smoother and easier, rather than harder. All states are now legally required to have centralized voter registration databases. These databases must be easily accessible by election administrators. This means that voting rolls are likely the most common target of hackers, which could lead to registration data being changed or deleted. If a state’s policies are designed to discourage voting, these hackers will have an easier time sabotaging voter access. If a state’s policies are instead designed to look out for the voter, it’s less likely that any damage will be irreversible on Election Day. Same-day registration is an ideal example.
• Keeping 100% current on security technologies and best practices. This isn’t just a matter of having the best software, this is having 24-hour vigilance on those networks. If a state doesn’t have that type of IT staffing infrastructure, they’re better off having that data cloud-based in the most secure servers possible where the host’s staff is watching 24/7. There is always room for improvement in this regard – particularly when it comes to user-end practices such as regularly changing passwords, avoiding phishing scams, etc.
• Minimizing remote access. Where it’s possible to keep election machines stand-alone and non-networked, do it. If they are networked, avoid wireless connectivity if at all possible – and especially avoid connecting voting machines to the internet. Make the physical security of the machines a top priority.
• Backups, both digital and analog. Regular, secure backups of data and networks, obviously - but also physical backups such as paper ballots. Make a paper trail.
• Election Administrator training. As any hacker can tell you, it is the wetware (users) that are all-too-often the weakest link in the chain of access. The truth is that the days of election administrators being just another group of end-users with little or no understanding of their computers or their infrastructure need to come to an end. This is not to say that election admins need to become computer admins. That isn’t practical, and probably isn’t even desirable. But it is necessary for the systems and threats to be de-mystified by all of those professionals with their hands on the proverbial wheel. Election administrators don’t need to be able to be versed in port scans and buffer overflows, but we do need to have a strong conceptual understanding of how our systems work as well as what the threats are – if for no other reason than to be able to engage competently and confidently with vendors, IT staff, and the citizens we serve.