Four reasons why election hacking is a big threat

by Joram Borenstein, contributor - 10/06/16 12:59 PM ET

Every four years in the run-up to each U.S. presidential election, the focus on financial services and other corporate targets of cyberattacks takes a backseat as politics steers the discussion toward threats within the U.S. election system.

This season, presidential hopefuls are being taken down a new path.

We’ve already seen the first election debate with a segment dedicated to cybersecurity, followed by an FBI warning to Congress that the voter registration system is being probed by hackers — hackers who may be linked to a foreign government’s attempt to cause chaos in our system.

{mosads}This election, there is a more robust discussion of how hacking, data breaches and other criminal activities could impact voting systems, voting machines, the voter registration process and even the outcome of the election. And we’re seeing that the same, wide variety of channels and mechanisms that hackers use to commit financial crimes are the same used in election hacking.

Gauging the state of these problems is becoming increasingly important as we continue through the 2016 campaign, especially as we learn the criminal breach of voting machines in Arizona and Illinois may have been part of hackers probing voting systems in more than a dozen states.

As the election moves along, here are four key reasons why voting system hacking remains a significant cybersecurity concern:

Lack of funding and preparedness. It is reasonable to assume that most state-level election bureaus are probably not awash in spare funding with which to fund cyber-readiness initiatives. Since barely half of all eligible Americans ever vote in a U.S. presidential election — and even fewer in primaries — these bureaus don’t get much attention. It does not make sense to expect that such groups have the bandwidth to handle or to focus on serious cybersecurity issues or data breaches.

Distracted news cycle. The news media are fully engaged in the U.S. presidential election, but their coverage of electoral hacking and voter fraud often focuses on the issues of voter ID laws and accusations of vote rigging, rather than what dangers exist or how technology can be harnessed to make elections less susceptible to tampering. There are also plenty of incidents, such as recent cases in Australia and India, that bear witness to how pervasive this problem is.

Multiple vulnerabilities exist. Breaches of online voter registration systems can happen in many ways. The voting process, particularly in the collection and tabulation of voting data, has many potential points of attack. Among the ways that such problems can occur, the most obvious ones are via email (think spear-phishing), SQL injection of a registration page, tampering with physical election boxes and denial-of-service attacks against specific websites.

Attacks come in many varieties. Our voter registration system has a wide attack surface and numerous processes that are also likely susceptible. Depending on which state we’re talking about, significant differences exist. For instance, the actual system for tallying votes is very different from an online or paper-based registration system for voters to use, which in turn is also quite unique from accessing a computer system used by an election official. Distinctions here are significant and a breach into each one would have vastly different repercussions.

One silver lining to this situation is that state-level election officials have been cooperating to address these issues as a community. The financial services industry has made great progress taking a collaborative approach, and election officials should look to their working models of successful cybersecurity for guidance.

Fears of election tampering have fueled calls to computerize the election process, but that approach also opens up greater possibilities of hacking and interference; we are already hearing that such attacks are probably happening. As tempting as it may be to rapidly advance the use of technology, online voting is not yet as secure as it needs to be.

As Neil Jenkins, an official in the Office of Cybersecurity and Communications at the Department of Homeland Security, noted:

“We believe that online voting, especially online voting in large scale, introduces great risk into the election system by threatening voters’ expectations of confidentiality, accountability and security of their votes and provides an avenue for malicious actors to manipulate the voting results.”

So as we near a presidential decision on Nov. 8, we should increase the discussion about logistical difficulties, a variety of foreign interrupters and just plain old human error as the ballots are cast around the country. As we work to make the election process more tamper-proof, let’s hope that, four years from now, we have made additional progress keeping our final votes in a locked box.

2024 Election Coverage

Borenstein is vice president of marketing at NICE Actimize, and a recognized expert in financial crime, anti-fraud, payments protection, consumer identity protection, risk management, information technology audit, and compliance.

The views expressed by contributors are their own and not the views of The Hill.