Defending U.S. Voting Processes Now and into the Future

It has been obvious for quite some time that the 2020 U.S. presidential election is shaping up to be a wild ride. The combination of a new era of first-time, digitally-native voters, an increased reliance on connected systems for the voting process, the ubiquity and speed of social media as a tool for valuable news as well as the harmful kind, and Russia’s disinformation playbook being made publicly available and COVID-19 have created the perfect storm of challenges for the democratic process this year.

The integrity of information shared around the U.S. political landscape and the security of each voter’s ballot are of utmost importance, as a population that is wary of interference in any way, shape or form may no longer be inclined to vote.

While government agencies are taking steps to secure the election process, there is still much work to be done. It is critical that every organization that has a stake in the voting and political process, both private and public, do their part to curb all possible threats.

Disinformation influences voter behavior and impacts the integrity of the election process

2016 was a marvel year in U.S. elections, as Russian-backed attackers interfered on an unprecedented scale, including compromising the Democratic National Committee. The U.S. has even more disinformation threats to worry about this election year, as Special Counsel Robert Mueller’s investigation, prepared in response to Russian interference in 2016, essentially made their playbook public knowledge.

In 2020 any adversarial group, foreign or domestic, wanting to interfere in the U.S. election has all the information needed to do so like the Russian attackers of 2016, whether their goal is to aid one party on behalf of another nation, financial gain or just pure disruption.

A primary goal of most disinformation campaigns is to influence a population in favor of the adversary, which can be done by deterring voters from showing up to the polls. Also 2020 has been an anomalous year, as COVID-19 has created unprecedented leverage for attackers to deploy disinformation tactics.

Voters should always make sure to get their news and updates from legitimate outlets and even then to apply their own critical thought to the factual integrity of this news, and organizations that share critical information regarding the election have the task of providing accurate updates to ensure that each voter is encouraged - and able - to make a legitimately informed vote, and squash disinformation as it pops up.

The fear of voting machine integrity can have a significant impact on voter turnout

In an election as large as 2020 technical failures are a statistical certainty, and any flaw in the voting process can have a significant impact on voters’ attitudes. Voters are empowered to easily share any issues they have about interference or doubts about the election process through social media. The Georgia and Iowa caucuses this year demonstrated how rushing out new election technology ahead of the election cycle is a particularly bad idea, as citizens faced hours-long lines at polling centers, technological disruptions, and absentee ballots which never arrived.

Speed is the natural enemy of security, and there needs to be a more intensive security check before implementing new technology. If voters do not trust that their votes count, they may refrain from casting a ballot at all.

Secure voting systems mean a secure election

All organizations that have a stake in the election process must pitch in to secure the election - this will encourage voters to exercise their democratic right to vote as a positive by-product as well. Voting infrastructure providers must ensure, and transparently assert, that their machines are secure so that government organizations and citizens can have the confidence that their votes count, and only count once.

The best way to achieve security and transparency is by collaborating with ethical hackers that can help find exploitable vulnerabilities before adversaries can.

Every year at DEFCON, security researchers examine voting equipment used in the U.S. and show how easy it can be to interfere with electronic voting machines. This unlikely romance got off on the wrong foot, and voting machine manufacturers were critical of this practice at first. Over time, however, they learned that both good-faith and malicious hackers will hack regardless, so why not collaborate with those that seek to help rather than harm?

In fact, Election Systems & Software (ES&S), the biggest vendor of U.S. voting equipment, recently announced a policy to work more closely with security researchers to find software bugs in the company’s IT networks and websites.

The states are getting onboard too - In October 2020, the Iowa Secretary of State announced a Vulnerability Disclosure Program (VDP), becoming the second state in the nation to invite the Internet to share security feedback, and leverage ethical hackers to test its election infrastructure.

Moving forward all government agencies and private sector organizations that have a stake in the voting process must level up their approach to cybersecurity with an all-hands approach.

By establishing bug bounty programs and creating their own VDPs, these entities can drive a positive change by encouraging good faith hackers to make systems more secure, and ensuring citizens that their votes count.

What’s Hot on Infosecurity Magazine?