people using voting machines

Use of Aging Software on Voting Machines Raises Cybersecurity Concerns

Lawmakers are concerned about the use of out-of-date software on voting systems across the United States, but no new legislation has been passed in both chambers.

In the wake of revelations of Russia’s attempts to hack into American voting machines during the 2016 election, states have invested heavily in new systems with heightened security measures.

There’s just one problem: the software on the new machines is aging out and will soon not be supported with security updates by the company who produces it.

The vast majority of 10,000 election jurisdictions across the country use Windows 7 or an older operating system to program their machines, tally votes, make ballots and report vote counts, according to an Associated Press analysis published this week.

Windows 7 is set to reach its end of life in less than six months, on Jan. 14. Microsoft will stop providing technical support and producing patches to fix security vulnerabilities, putting many of these systems at risk of being hacked, the AP reported. However, the company said it would offer security updates for an added fee through 2023.

The impending security issues have already earned attention from lawmakers. Sen. Ron Wyden (D-Oregon) wrote to the federal Election Assistance Commission on July 12 to ask what the agency is doing to “address the looming cybersecurity crisis” caused by aging software.

“The continued use of out-of-date software on voting machines and the computers used to administer elections lays out the red carpet for foreign hackers,” Wyden wrote. “This is unacceptable. Now more than ever, the American people expect that the government is taking the necessary steps to secure our elections from foreign attacks.”

In his request for EAC’s knowledge of which states will likely have outdated software in the 2020 election, Wyden also notes that there are no nationwide, mandatory cybersecurity standards for elections and that the Department of Homeland Security did not collect data on which states used out-of-date software in the 2018 midterms.

“DHS revealed that it does not have that data, and, as such, has no idea how vulnerable our election infrastructure is to foreign hackers,” Wyden wrote, giving the chairwoman until July 26 to answer his questions.

Last month, the House of Representatives passed an election security bill that would give the EAC $600 million to enforce new requirements, including the use of paper ballots, updated software and the purchase of machines made in the United States.

But similar measures proposed by Wyden and his Democratic colleagues in the Senate have gotten nowhere due to Sen. Roy Blunt (R-Missouri) and other Republicans’ opposition to most federal election security legislation, The Hill reported. Blunt is the committee chair of the powerful Senate Rules Committee.

“New federal election laws would not be the right thing to do, so I assume we’d have no legislation like that come through the Rules Committee,” Blunt told The Hill.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities