The front lines in defending the security and privacy of voting against enemies include the localities who manage the voting precinct on election day. The cities and counties need to be just as vigilant as states when it comes to protecting the vote.
In the past, the voting process wasn’t seen as a target for hackers, but the 2016 presidential elections revealed a new way of thinking. State actors have been determined to have at least attempted attacks in 31 states. There were indications that Durham County, North Carolina may have been targeted through an ePollBook hack that discouraged thousands of people from voting last November.
With the next mid-term elections just a year away, local election officials should develop a plan that focuses on five areas:
- Pick the right partners. Many localities use third parties to help maintain voting machines and manage some processes on voting day. Localities should evaluate these third parties based in large part on their capabilities and expertise with security and privacy practices. Employing a contractor to help assess the third party is a good option
- Ensure that votes are counted accurately and completely. If a city or county has not taken clear, conspicuous measures to ensure the public that the selection they make in the voting booth is being recorded and reported properly, then confidence in our elections will suffer.
- Shore up election audit processes. Counties must be able to ensure that their vote totals can be reviewed and audited. In the 2016 elections, there were recounts in five different states and allegations of voter fraud in two others where the recount process and the accuracy of voting machines were called into question. The inaccuracy and unreliability of the auditing process allowed for enough doubt that both parties started to question not only the credibility of the original vote count, but the electoral process itself.
- Properly vet any new voting eligibility management systems. When new systems are introduced into the election infrastructure, new avenues of attack can come with them. When a locality makes a change or an addition, it is important to assess the new technology for any new vulnerabilities that attackers can exploit. Proper security procedures must be a priority during the implementation process.
- Educate. Most of the time, the easiest part of the system to exploit is the human being that sits in the middle of it. If a county or city focuses on its systems while neglecting to educate everyone in its network about how to recognize a hacker’s ploys, it is inviting the same consequences that has befallen many public sector organizations.