What Recent Hacking Attack Reveals About Election Security
A hacking attack last Friday that disrupted major U.S. websites is an example of a new era of cybersecurity vulnerability in today’s interconnected world.
The Oct. 21 cyberattack also furthered anxiety about the integrity of next month’s election, which has already been fraught with controversy over voting rights, and foreign interference.
While the attack alarmed—but did not surprise—cybersecurity observers who have been sounding alarms about the potential for the internet’s infrastructure to be harmed, these experts say the election system is largely secure from the threat of hacking.
“I have heard a few people worry that this is a practice run for Election Day or around Election Day to gum up networks and mess it up, but as far as election equipment being vulnerable, I don’t see that being too big of a deal,” said Joseph Lorenzo Hall of the Center for Democracy & Technology. “Luckily, we do not attach that stuff to the public internet.”
Hall, in an interview with The Daily Signal, said the U.S. election system is unique in a few ways.
The system is decentralized, meaning state, county, and local governments all manage their own voting—so everything isn’t connected.
Many precincts use traditional voting machines, but they are not connected to the internet or with each other.
“An attack against election systems would have to individually target many different systems, which limits the ability to mount large-scale damage,” said Susan Hennessey, a cybersecurity expert at the Brookings Institution, in response to emailed questions from The Daily Signal.
Though hackers will struggle to manipulate actual voting results, Hall warns that bad actors could disrupt Election Day—and throw off voters—by hacking into websites listing the locations and hours of polling places, and changing the listed information.
Many registration databases—serving as a way for voters to register or check their status—are also connected to the internet.
The government has reported that hackers have targeted the voting registration systems of more than 20 states in recent months, including in Arizona and Illinois, but those systems have nothing to do with vote casting or counting.
“If anything, I would worry about disruption or chaos rather than something that actually is affecting votes or attacking the election infrastructure,” Hall said.
Still, during an election season in which the Obama administration has accused Russia of hacking U.S. political organizations, the government is taking extra precautions to secure the voting process.
The Department of Homeland Security has assigned more than 100 specialists around the country to help state and local election officials maintain their voting systems.
According to Bloomberg Politics, 42 states and 29 county or local election agencies have sought cybersecurity assistance from the federal government.
Despite the confidence from the government and cybersecurity experts that Election Day will go on unscathed, observers acknowledge the broader danger of cyberattacks—specifically targeting the internet—is increasingly urgent.
The Oct. 21 attack involved the hacking of a company, Dyn, whose servers monitor and reroute internet traffic.
Companies like Dyn host the core parts of the internet’s infrastructure, so websites that connect to it like Twitter, Netflix, Airbnb, and Reddit were affected by the attack, and saw their websites slowed or inaccessible for periods of time in certain areas.
Because more and more devices, such as security cameras, are connected to the internet, experts say the chance of this type of centralized hacking—known as a distributed denial of service attack—is especially great.
“We’ve known about the possibility of DDoS attacks for a long time, so the episode this weekend was more a question of scale than a new threat,” Hennessey said. “The attack was targeted against a single entity on which many different websites rely, so the centralization amplified the consequences of the threat.”
Hall and Hennessey say it’s important to reassure citizens of the integrity of the U.S. election system.
“My biggest concern is any activity which could cause citizens to doubt the outcome of an election,” Hennessey said. “We know it is highly unlikely that any kind of hacking or attack could alter vote counts or the outcome of an election. But the mere fact of confirmed nation state intrusions have caused a level of anxiety regarding trust in the outcome. That is deeply troubling in a democracy.”
But they say the new threat of internet attacks is real, and will carry impact beyond Election Day.
“This is a brave new world and it’s kind of scary,” Hall said. (For more from the author of “What Recent Hacking Attack Reveals About Election Security” please click HERE)
Follow Joe Miller on Twitter HERE and Facebook HERE.
