InfoSec Insider

Election Security: Beyond Mail-In Voting

There are many areas of the election process that criminal hackers can target to influence election results.

As a highly publicized event, every four years the U.S presidential election comes with inevitable security risks — and interest from high-level hackers and sophisticated cybercriminals looking to sway its results. The upcoming election ups the stakes — it has captured the attention of everyone across the globe, and is seen as one of the most important and pivotal elections in decades.

And with the COVID-19 pandemic, there is no doubt that this year’s election will be the first of its kind. It is a true race against time as counties and states across the country, some which never previously allowed votes to be cast by mail,  rapidly change their election processes to support mail-in ballots.

That presents a fresh set of security concerns, which include a lack of transparency over the security measures and voter auditing applied to each type of voting method. The lack of resources needed to adapt and secure the mail-in voting process by the early November election date is has been another cause for concern.

However, if security experts and the wider public focus too much time and attention on trying to secure this year’s predominately mail-in voting infrastructure, it may give criminal hackers the opportunity to take advantage of other areas and systems that are just as important.

Cyberattackers gaining access to the infrastructure, machines and firmware used to cast and count votes is always a concern. And, there are many areas of the election process that criminal hackers can target to influence election results — not just hacking the outcome of the vote but ultimately hacking democracy.

For instance, attackers can target an election’s voter-registration systems and invalidate votes from the outset. Gaining access to this type of system can lead to the possibility of poisoning voter data, such as voter names being deleted, added or changed. A voter’s location can also be altered to support a specific result, especially in key swing states.

Voter suppression in the form of distributed denial-of-service (DDoS) attacks is also another issue we see time and time again, especially when voting registration deadlines approach, because they can prevent voters from registering on time.

All of that said, while there is still a long way to go when it comes to election security and transparency, it is important to acknowledge the positive changes that have happened in recent years. The regulations implemented by social platforms that flag and prevent the spread of false political statements or “fake news” is a step in the right direction. The public reporting of malicious and ransomware attacks both related and non-related to the election has also helped improve transparency and awareness levels.

A key that still need to be made: Changing the level of confidence that voters have in the security and accuracy of the voter system. This negative conception may lead to an increase in non-voters. The worst potential outcome of this or any election and the ultimate hack is to create distrust in the voting system so that fewer voters will participate in the election. So, it is of the utmost importance that the government focus on rebuilding the trust in democracy, which has been eroded in recent years due to foreign hacking influence.

Joseph Carson is chief security scientist and advisory CISO at Thycotic.

Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting past contributions.


Suggested articles