With the 2020 presidential election just two weeks away, cybersecurity officials are warning that the U.S. voting system is not secure as new concerns arise around election tampering from different nation states and other bad actors.
According to Todd Rychecky, vice president of network technology provider Opengear’s U.S. unit, the entire voting ecosystem is not secure. That includes voting precincts, the media, individual candidates, and the information contained on their servers.
“I think just about in every election, we see issues with some sort of security problem at a specific county or a specific precinct,” Rychecky says.
“So really, the big thing for an election is protecting those votes, because you really need to project not just the votes, but also the results and the process.”
A successful hack of the U.S. voting infrastructure doesn’t sound too complicated, Rychecky says, noting that many electronic systems are 10 years or older and many are running on obsolete systems like Windows XP.
Since Microsoft no longer supports that operating system, precincts that still use those machines could be susceptible to malware or DDoS attacks.
“There’s an election every four years, so they don’t worry about it until the election,” Rychecky says. “They don’t put the budget aside to take care of the situation and upgrade their systems prior to the election happening.”
Rising security threats as election approaches
A number of cybersecurity experts have warned of a rise in security threats as the November election approaches.
In September, Microsoft said foreign actors are stepping up their efforts to target U.S. political groups and others ahead of the 2020 election. Targets are the candidates themselves and their campaigns, political groups, government contractors and other targets with links to the candidates or the government.
Microsoft also recently said it obtained a court order allowing it to disrupt a prolific malware and ransomware distributor that was believed to be targeting the election.
And Tyler Technologies, a company that makes products used by U.S. states and counties to share election data, said an unknown party hacked its systems in September.
These growing threats and reports of election interference are influencing our faith in free and fair elections, according to a survey from global technology association ISACA. The survey of more than 3,000 IT professionals show that 56% of respondents are less confident in election security since the COVID-19 pandemic began.
Making it harder to secure elections, Rychecky says, is because there are now a variety of ways to vote. Citizens can vote by mail, paper ballots, electronic voting machines or optical scan ballots.
“There’s a large mix of applications and devices to secure,” Rychecky says. “There isn’t one silver bullet for all of it.”
What we can do for election security now & the future
Organizations currently just need to worry about securing their network from bad actors and prevent giving them access to any place in the voting ecosystem.
That includes network resiliency and giving organizations out-of-band access through an independent management plane and alerting mechanisms that allow organizations to respond to DDoS attacks and prevent downtime.
“I think it’s a matter of making sure that we can prevent the DDoS attacks and ransomware attacks, but also make sure our networks are up as votes are being counted and transmitted to the media outlets,” Rychecky says.
“We need to secure the network – that’s a definite – and provide end-to-end network resilience to ensure votes are not compromised,” Rychecky says.
Going forward, municipalities, counties and voting precincts need to upgrade their voting systems and invest in cybersecurity solutions to protect against malware, ransomware, DDoS attacks and other hacking methods to protect votes.
“If and when things like this do happen, we need to have a backup plan to get secure remote access into that network remotely, and troubleshoot the event,” Rychecky says.