Election Security Status

With elections less than two months away and lots of stories about election hacking, what is the real story.

Unfortunately, the real story is classified so even if I did know, which I don’t, I couldn’t tell you. The government won’t admit that straight out, but they know a whole lot more than they are telling us.

But at this year’s Billington Cybersecurity Summit, experts talked about their opinion about what is so. Here is some of what they said.

Chris Krebs, head of DHS’s CISA and the government’s point person on election security says that we have turned the corner in a really meaningful way. Chris is a good guy, a smart guy and no one’s fool, so I think he honestly believes that.

What has CISA done? Well one big change from 2016 is that at least this time the vast majority of election officials (there are around 10,000 election entities in the U.S.) are no longer sleeping at the switch. That is a big improvement but it doesn’t fix the problem. At least they know that there is a problem.

Since the last election, CISA is working with a lot of election officials in every state. Not every official by a long shot. CISA says that they are working on supporting 8,800 election officials, whatever that means.

Remember that there is a lot of tech. There are voter registration systems, election night reporting systems, vote processing systems, public web sites and, of course, voting machines. This is far from a complete list. You also have voting tech vendors. Some of them, like one of the biggest, ES&S is completely scared. They are so scared that they are arguing before the Supreme Court that researchers who try to find bugs in their software should be thrown in jail. Is that really the smartest response? Better we should leave those bugs there for the Chinese and North Koreans to abuse. But their ego and reputation is much more important than the safety of your vote. Maybe they should spend more money on security instead of lawsuits.

One thing that is absolutely true is that way more votes will have an audit trail. In part this is due to the fact that many more people will be voting by mail. Nearly 75% of voters will be allow to vote by mail. We don’t know yet how many will. Each of those votes will be auditable. In addition, more and more voting machines will create a HUMAN READABLE audit trail for votemasters to use to verify your vote. It used to be that many voting machines had no audit trail at all so there was nothing to recount. Then there were voting machines that created a 3D barcode, but since you couldn’t read that, there was no way to know if your vote was recorded correctly. Or at all. Now most voting machines create an audit trail that says that I voted for, say, Sue for Secretary of State. You can look at that piece of paper before you deposit it in the ballot box and see if that is really who you voted for.

The states asked for a lot more money than Congress gave them to bolster election security. They got less than a half billion when the amount needed was 1-2 billion or maybe more. There are a lot of small election districts that have a zero dollar security budget and zero security expertise.

This time disinformation campaigns are much more of an issue than hacking voting machines. It is a lot more cost effective. We already saw that the Russians stood up an entire fake media organization to create and publish fake information to attempt to shift the conversation. If they can do that, it is way more cost effective.

At the same time, social media is getting a little bit better about kicking the disinformers off their platforms. Since chaos builds traffic and traffic is money, they really don’t want to do that at all, but they know that if they don’t at least make a half-hearted attempt at it, Congress will legislate what they do and they sure don’t want that.

All in all, we are better than 2016. Significantly better. The biggest issue is still human beings because they believe what they want to believe and don’t fact check what they are reading.

There is still a lot of room for improvement, but at least we are fighting the battle. Credit: CSO Online

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code