Even if voting machines never go online, digital threats to the US political system loom over this year’s midterm elections and, presumably, every election to come.
A full year after US intelligence agencies unanimously agreed that President Vladimir Putin directed a Russian operation to interfere in the 2016 US election, the Department of Homeland Security (DHS) informed 21 states their voting systems were probed by Russian groups.
Protocols that require state officials to have a security clearance to receive information about hacking attempts delayed this notification. Exacerbating the issue, DHS did not know whom to contact in each state because federal elections are coordinated on a state or county level, and leadership structures vary. Naturally, state election officials were not pleased with the delay.
The good news is, states are warming to DHS’s offers for voluntary cybersecurity audits and most are beginning to adopt DHS standards for election security. And the communication gap is narrowing. At a congressional hearing in March, Secretary of Homeland Security Kirstjen Nielsen said, “Today I can say with confidence that we know whom to contact in every state to share threat information. That did not exist in 2016.”
In the same hearing Nielsen admitted the 2018 midterms and future elections will likely be a target for Russian hacking attempts.
In an effort to better defend against hacks, Congress provided $380 million in grants through the Election Assistance Commission for states to improve their election security, including replacing outdated and paperless voting machines and training state and local election officials.
So, we’re ready for the 2018 midterms, right? Not really.
The $380 million in assistance is divided based on state population, rather than age of voting systems or current staff cybersecurity awareness. On top of that the additional federal money may not have an impact until after the 2018 midterms due to slow procurement timelines for new voting machines and updated computer systems.
After these funds are spent on improvements, our election system – individual campaigns, voter databases, the election results reporting process – will still have zero-day vulnerabilities, or exploits in a software or hardware that is unknown to the developer until after, sometimes months or years after, a breach. One-off funding will not keep pace with the continuous improvements needed to counter the efforts of foreign adversaries to undermine the US political system, especially as more people and things become connected to the internet.
For a deeper dive into election security, foreign interference and the challenges of maintaining confidence in the democratic process heading into the 2018 midterms, download our presentation: Election Hacking: Digital Threats to Democracy.