Security gaps could undermine confidence in election results
Connecting state and local government leaders
It only takes one small breach to dent confidence in the nation’s election systems, according to a digital rights and technology expert.
It only takes one small breach to dent confidence in the nation’s election systems, according to a digital rights and technology expert.
While the Cybersecurity and Infrastructure Security Agency (CISA) and other organizations have made great strides since 2016 to shore up local election infrastructure, “cybersecurity is an active process. Threats are constantly changing and evolving, so we need to keep making the case that election officials need to prioritize cybersecurity and not be complacent," said William Adler, senior technologist for elections and democracy at the Center for Democracy and Technology.
Adler's comments came during an Oct. 16 conference call with reporters. He and other officials at the technology and digital rights advocacy group explained the variety of threats facing the upcoming elections, from voter suppression to misinformation about mail-in ballots and cybersecurity. Even an unsuccessful attack, if detected and publicized, can sow misinformation and undermine confidence, which is a Russian goal, according to Adler.
"It doesn't have to be a major breach or an altering of election results," he said.
The 3,000 county governments across the U.S. responsible for maintenance of local election systems offer multiple points of potential vulnerability. "It's possible one of those counties is doing a less-than-stellar job. Even an insignificant breach in a small county can sow misinformation about state-wide or country-wide issues," said Adler.
Advances in cybersecurity capabilities and services from CISA and vendors don't help financially strapped county governments acquire new equipment or needed upgrades.
"Too many counties are using devices with known security vulnerabilities, no paper trail, or both," he said.
Out-of-date or vulnerable technology means local governments have to be very aware of physical security measures to protect the software, according to Adler. Some lapses in physical security have already been noted this election season, he said. However, localized attacks on voting machine software and other tactics are difficult to scale up to have any significant impact on larger election results, he said.
This article was first posted to FCW, a sibling site to GCN.
NEXT STORY: It’s time for a better approach to cybersecurity