"I’m not sure that a single hacker could do it alone,” Eugene H. Spafford, professor of computer science at Purdue University, told Design News. “But an organized team that’s well financed and has enough time could in fact change the outcome of the election.”
Concern over potential security threats has grown in the last few months in the wake of attacks by Russian hackers on voter databases in Illinois and Arizona. In the Illinois attack, the personal information of approximately 200,000 voters was hacked. In Arizona, hackers stole the user name and password of at least one election official earlier this year. The Arizona intrusion followed on the heels of a high-profile attack on Democratic National Committee computers. As a result, FBI officials are now said to be looking for intrusions into election-related computers.
Cyber security expert Eugene Spafford of Purdue University: “All the hackers would have to do is make it look as if tampering had occurred.”
Security experts who have testified before Congress say there’s reason for concern. Dan S. Wallach, a professor of computer science at Rice University, recently told a House sub-committee that “our election systems face credible cyber-threats; it’s prudent to adopt contingency plans before November to mitigate these threats.”
Spafford told us that it wouldn’t take a major effort to introduce confusion and chaos into the November election. “All the hackers would have to do is make it look as if tampering had occurred,” he said. “In a close election, it could cause controversy, lawsuits, and other problems. Look at the after-effects of the hanging chad in 2000. We’re still talking about it 16 years later.”
Securing the Internet of Things. Today's IoT devices are under increasing attack. Device manufacturers and embedded software designers must be vigilant if they are to provide a secure system for applications to do their work. Learn more about securing IoT devices and applications in the Connected Devices track at ESC Silicon Valley, Dec. 6-8, 2016 in San Jose, Calif. Register here for the event, hosted by Design News’ parent company UBM.
Experts strongly encouraged election districts around the country to use touch screen machines connected to printers that can create a paper trail. Unfortunately, voting districts in about a dozen states have no such machines.
"If something happens to those machines and they get zeroed out, there would be no way to go back and recover the votes,” Spafford said.
The most vulnerable systems, however, are the voter registration databases, and the machines that count and report the votes. If registrations are removed from those databases, voters could be unable to cast ballots.
"We should expect our adversaries to go after voter registration systems,” Wallach told Congress on Sept. 13.
Polling place voting machines are a more difficult target for hackers, largely because those machines typically employ an “air gap” -- that is, a physical separation from the Internet. Still, cyber experts are concerned with the possible entrance of malware. Wallach pointed to a case in Iran where the so-called Stuxnet virus got into nuclear centrifuges, even though the centrifuges were not connected to the Internet. He emphasized that scientists still haven’t figured out how the virus was delivered to the centrifuges.
Experts recommend that polling places be ready with contingency plans prior to the presidential election. If registration databases have been destroyed, backups should be available, they say. If electronic voting machines refuse to run, print shops should be prepared to produce paper ballots.
Ironically, the best defense is paper, said Spafford, who has advised Congress on election security for many years. “Those of us who have studied it believe that old-fashioned paper is still the best solution,” he told us. “Having a paper trail that people can look at and count is really important.”
Conversely, the most exploitable systems are those connected to the Internet. Charlie Miller, the security expert who famously hacked a Jeep powertrain in 2015, told Design News that voting systems are no more secure than any other Internet-based entity. “The lesson of my career is that anything can be hacked,” he said. “And that’s not going to change in the next couple years.”
Senior technical editor Chuck Murray has been writing about technology for 32 years. He joined Design News in 1987, and has covered electronics, automation, fluid power, and autos.