In Arizona they emailed a staff member a link to download malicious software.
In Illinois they attacked a vendor's software because it was connected to its network.
And they proved they can corrupt voting machines in person voting machines in person on Election Day recently at DEFCON.
Regardless of attackers’ motives or mechanisms in the 2016 presidential election, we can expect even more attempts to disrupt future elections.
State election boards—sworn to protect voters' privacy and personally identifying information—will have their work cut out for them. On top of the mandate to protect voters' data and the election system infrastructure, there's also the essential task of auditing the results in the event of a recount.
More states have digitized their election systems or are considering doing so. Integrated in an ad-hoc basis, these changes introduce new vulnerabilities. It will be of paramount importance for state election boards to be able to conduct an audit whose results all parties will accept. Otherwise, the validity of future elections will be called into question by claims of widespread voting fraud. Election officials must be able to refute those claims.
For any state election board wondering how to achieve these imperatives, here are three places to start:
- Survey infrastructure and catalog attack surfaces. Could an attacker compromise a third-party vendor’s server before jumping to your state's voter data environment? To prevent this from happening, begin by defining the voter data environment. Inventory the architecture and devices that could pose a threat. Understanding what you have to defend is the first step to ensuring that it all remains safe.
- Build security into design and process. Security cannot be an afterthought; it must be baked into your process, from RFPs to implementation to maintenance. Give security the same priority as functionality and usability.
- Determine the most effective audit methodology and strategy. We're entering a period of history when it will be essential that your state's election board be able to verify that voting results have not been altered electronically. That requires state election board’s implement the most appropriate and effective risk-limiting auditing techniques for their state's unique combination of circumstances. It will have to synthesize the best thinking from disciplines including statistics, privacy, security and organizational control.
Already, states have turned to CyberScout for help securing voter data and rolls, mitigating voting system vulnerabilities, ensuring the reliability and accuracy of results, and reviewing new initiatives for security holes.