As the day of the U.S. presidential elections is quickly approaching, election security is again becoming a topic of more and more security discussions.
Are the polling booth systems secure? Could attackers interfere with them? What about voting by mail? Is it a secure option? Will the United States Postal Service (USPS) be able to handle a greater than usual (due to COVID-19) influx of mailed ballots?
The security of electronic voting
Prior to the 2016 U.S. presidential elections, cyber attackers that are believed to be Russian operatives succeeded in compromising websites or voter registration systems in seven U.S. states, the NBC revealed in early 2018.
Though the attackers apparently didn’t make changes to votes or voter rolls, the revelation was enough to raise doubts about voting security.
It doesn’t help that, over the intervening years, security researchers and hackers have demonstrated how electronic voting systems and polling booths can be hacked and manipulated.
In 2019, the U.S. House of Representatives passed a bill that would mandate election systems to use voter-verified paper ballots so that election interference can be avoided, for voting machines to be disconnected from the internet, and for states to get funds to enhance the security of their election systems and infrastructure. The bill was never voted on in the U.S. Senate.
In May 2020, the House again tried to allot money ($3.6 billion) for election security through the Health and Economic Recovery Omnibus Emergency Solutions (HEROES) Act, but the bill is expected to be modified and it’s possible it won’t include funds for helping states cover pandemic-related costs for the election.
In the meantime, the federal government is providing state and local officials with additional tools – endpoint detection and response software – to help defend the nation’s election systems from cyberthreats ahead of the November vote.
On Wednesday, the U.S. Department of State offered “a reward of up to $10 million for information leading to the identification or location of any person who works with or for a foreign government for the purpose of interfering with U.S. elections through certain illegal cyber activities.”
“The reward offer seeks information on the identification or location of any person who, while acting at the direction of or under the control of a foreign government, interferes with any U.S. federal, state, or local election by aiding or abetting a violation of section 1030 of title 18, which relates to computer fraud and abuse,” the State Department noted.
The reward is offered for information about individuals involved in the unauthorized accessing of election and campaign infrastructure, including voter registration databases and voting machines, and in malicious cyber operations against U.S. political organizations or campaigns to steal confidential information and then leak that information as part of influence operations to undermine political organizations or candidates.
The security of mail-in voting
As U.S. President Donald Trump claims that voting by mail opens the voting process for potential fraud and corruption, then backtracks, some voters have started doubting the security of the options.
Experts are, on the other hand, are saying that adversaries couldn’t interfere with voting by mail in any meaningful way, and the USPS assures it can handle the added volume of mail-in ballots in November’s election.