Voting Security: Did Your Vote Count?

Voting Security: Did Your Vote Count?

The most recent elections is the most secure in the nation’s history. Or, is it? Government officials say it is the most secure ever.

Fewer voters are set to use the riskiest machines — electronic systems that leave no paper record — as compared to four years ago, and there is a whole-of-government approach to election security that never existed before.

"My confidence in the security of your vote has never been higher," said Chris Krebs, the director of the Department of Homeland Security's cybersecurity arm, in an election security video featuring a number of top national security officials released last month.

The same vulnerabilities exposed in Russia's attack on the 2016 election have not disappeared. Security experts have recommended that the United States spend billions of dollars to improve systems nationwide. Congress didn’t see it that way, allocating only a fraction of that.

And while social media companies have worked to control influence operations and lies that spread on their platforms, the federal government has declined to regulate those changes. Experts say bad information is still spreading rapidly online — helped by many Americans users who have helped to sustain the explosion of questionable material.
Article continues after sponsor message

Now, four years removed from an election that the intelligence community and bipartisan congressional committees agree was marred by an unprecedented level of interference, the U.S. is set to conclude another round of voting on Tuesday.

The Votes Themselves
Many Americans remain worried about the possibility that a foreign adversary could manipulate vote totals, there is no evidence this has ever happened in an American election — even in 2016 when Russian attackers were able to hack into the registration databases of a number of states.

Experts agree that actual votes would probably be the most difficult part of an election to successfully hack. The problem has only gotten tougher. In 2016, nearly 28 million voters cast ballots that did not have a corresponding paper trail: a major cybersecurity red flag.

This year, that number may be less than 10 million. Eliminating the paperless machines makes it more difficult for a cyberattack to affect votes and go undetected.

In many jurisdictions, including the state of Georgia, officials replaced their paperless machines with machines that print out a piece of paper that allows the voter to verify their selections before the ballot is counted.

This gives the voter the ability to vote using the machine, but then also to check to make sure their vote was recorded accurately.

The problem is, research suggests only a small number of voters actually check the paper the machine prints out, making it questionable at best whether an attack that changes voter selections actually would be caught by this method.

Audit Trail
The way officials can demonstrate that, Stark says, is through public auditing, a process that not every state uses. Even among the states that do some sort of audit, only a few do what are considered the "gold standard" of post-election audits, called risk limiting audits.

Proposed legislation from Sen. Ron Wyden (D-OR) to mandate such audits nationwide, but election reforms have gained little to no traction with the Republican-controlled Senate.

The Bottom Line
Your 2020 vote is almost certainly safe, but some security experts won't be fully satisfied until the majority of votes are hand-marked, and the auditing process is advanced and rigorous enough to validate the results.

Considering the disparate nature of U.S. elections, that reality is still a ways away.

Hacks that Don't Touch the Results
While actually affecting the vote totals remains difficult, other aspects of election infrastructure, like websites that post-election information, are significantly more vulnerable.

Many local governments haven't taken simple steps that would make it more difficult for attackers to set up fake websites to post fake results, for instance.

Cybersecurity and Infrastructure Security Agency officials said at a briefing last week that he expects attackers to try to target election websites to either deface them, or just shut them down for a period of time. Hackers often use attacks like this to claim "capabilities that far exceed what they're actually capable of."

These are sometimes referred to as "perception hacks," since they allow an adversary to sow doubt about the vote totals without ever gaining the sort of access needed to actually change them.

The Minds of the Voters
The easiest targets for American adversaries, however, are the minds of Americans themselves. Influence in this realm can take a number of forms.

Last month, thousands of American voters got an email that seemed to indicate an extremist group had access to their personal data: change your voter registration, the message commanded, and support President Trump — or else.

But the email actually came from Iranian operatives, looking to sow discord, according to the U.S. government.

Misinformation, specifically about voting, also continues to spread across social media. Facebook and Twitter have added labels on some material, but it's clear that isn't putting a stop to it. One analysis found that changing the font of a message or cropping an image was all it took to bypass Facebook's defenses, reported NPR's Shannon Bond last month.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3