Securing the Process for a Trustworthy ElectionA democratic election process should be free from interference, and to safeguard the integrity of voter data in the digital age, security practices must evolve to outmaneuver subversive threats. By: Tony Adams and Jake Dorval
Without Trust, Elections Lose Legitimacy
Democratic nations should have full confidence in the security and integrity of their electoral processes. No voter should ever wonder if their vote was manipulated in favor of a different candidate or outcome. Confidence can be difficult to obtain, easy to lose, and even harder to regain. There must be trust from the very beginning. Academic and independent research into election and voting systems have illustrated that the people, process, and technology supporting U.S. democratic processes are complicated, underfunded, and imperfect. Even inaccurate or sensational reporting about election security can test the public's confidence. Diminishing credibility in any democratic election could have potentially devastating implications for democracy overall, reinforcing the need to make election security and public trust top priorities.
Current Approaches Fall Short
Targeted cyberattacks can be extremely difficult to defend against because the level of sophistication, funding, time, skills, and resources available to the attacker are usually all far greater than non-targeted cyberattacks. In the fall of 2019, The U.K.'s Labour Party experienced two cyberattacks directed at their party's main platform. The Distributed Denial of Service (DDoS) attacks only caused disruptions but were troubling nonetheless given that they occurred during an important election cycle. By any definition, these attacks would not be considered sophisticated, but they still impacted productivity and public confidence. Conversely, the broadly publicized 2016 Democratic National Committee email breach leaked more than 19K emails to the public. Sophisticated malicious hackers conducted this attack after secretly gaining access and having remained largely undetected.
In addition to targeting political parties and individuals, research shows it is possible to compromise voting machines under the right conditions. These examples illustrate how easy it is to lose the public's trust and why it's so critical to build robust and secure election processes. Thankfully, many people are working to improve security across different sectors – from government agencies to private enterprises to nonprofit organizations to concerned independent security researchers – to help prevent interference – especially here in the United States.
Starting Points to Strengthen Election Security
Several factors come into play when thinking about securing election systems. Like everything else, good security starts with basic cyber-hygiene. This applies to election administrators, poll workers, and vendors who are all critical stakeholders in defending elections from malicious activity. Across the U.S., state and local officials should be regularly conducting cybersecurity awareness training that focuses on phishing attacks, password and passphrase best practices, incident response readiness, etc. People are both the most essential and the most vulnerable resources in an organization which is why security training should never be considered one-and-done.
Next, technicians and security teams should work closely with election officials and vendors to regularly assess their election systems, with special focus on identifying components that have direct exposure to the Internet. While some components will require 24x7 presence (i.e., online voter registration databases), others may benefit from filtered access behind a firewall or may be blocked entirely from the public. Poorly understood architectures or misconfigured systems often lead to services and data that are remotely accessible and easily exploitable.
After identifying and addressing the most obvious exposures, skilled penetration testers should be employed to test hardened systems. These experts apply advanced methodologies that may uncover vulnerabilities or weak processes that go unnoticed by in-house technical teams. A good assessment by a reputable third-party penetration testing team will not only identify where an adversary may focus their resources, but it should also include recommended improvements to address any discovered gaps.
Robust election systems are central to the public's democratic processes. Therefore, it's not uncommon for good faith researchers from the security community (AKA white hats) to voluntarily assess voting systems. If you're responsible for running elections, consider providing a clear path for researchers to disclose their discoveries; consider presenting a security.txt file on your public site and have an internal process ready for handling an unexpected vulnerability disclosure. For researchers struggling to connect with an election official, the newly formed EI-ISAC can be a helpful resource for bridging the divide.
Benefits of Adopting the Solution
Maintaining good cybersecurity hygiene and working with skilled security teams can help bolster defenses and trust. The election community is already hard at work leveraging independent testing labs and other pen-testing firms which help perform some of the security tests for elections infrastructure.
Taking a more proactive step with cybersecurity will reinforce public trust in the system and can help improve confidence in the electoral results. Make no mistake that while proactive security measures are not commonly known to the public at large, information security pros are acting behind-the-scenes. Air-gapping – or isolating voting machines from unsecured networks – is a common safeguard implemented to prevent malicious hackers from gaining access. Although this is an important tactic, vulnerabilities can cause connected machines to appear air-gapped, demonstrating the vital need for security redundancies.
For example, cybersecurity expert Alex Halderman shared how an adversary could potentially employ a spear-phishing campaign to exploit external memory cards used to program machines with new ballots, bypassing the air-gap and compromise the devices with malware. Without visibility into how officials and organizations secure their processes, collaboration with independent security researchers and pen-testers presents an important opportunity to help find unknown vulnerabilities before the bad guys can exploit them. After all, at the end of the day, all technologies have vulnerabilities so it's up to us to find and fix them before someone with malicious intent can take advantage.
Reliable Election Results Require Collaborative and Continuous Action
Voters just want to be able to go to the poll, cast their ballot, and leave with full confidence that the results are fair, honest, and correct. Those running for office or spearheading a referendum also seek an accurate outcome that reflects the will of the voters. To enable that, we must secure the electoral process and make it a priority to do so. Governments and other entities responsible for election data and processes should make certain they're taking the necessary steps to protect themselves from cyberattacks and consider third party confirmation to help facilitate the restoration of public trust. Perpetual security tests and ongoing research should be implemented for every single part of the process. As always proper cybersecurity hygiene is a must, and its importance should not be overlooked or undervalued.
Finally, to rebuild and maintain the public's trust and confidence in the election process, there should always be an auditable way to view results such as using paper ballots and post-election risk limiting audits. Attackers will not stop trying to influence and interfere with elections, but by strengthening our election security processes, we can better defend against them and help safeguard the system to operate as intended.