A major report released recently has advised that the US should replace any existing online voting processes with paper ballots by the next presidential election in 2020, citing ageing technology and security processes as a major factor in it’s recommendations.
Commissioned by the non-profit Carnegie Corporation of New York and the William and Flora Hewlett Foundation, and conducted by The National Academies of Sciences, Engineering and Medicine the report, which took two years to complete, found that online voting systems were at a high risk of compromise. Citing Russian interference during the 2016 presidential elections the report concluded that a “lack of sustained funding” had hampered efforts to improve resilience.
To address this, the report has called for all US local, state and federal elections to return to a system of paper-based ballots verified by humans. The report argued that marked ballots should not be submitted in digital forms over any connected networks due to the absence of technology that can 100% guarantee their security and verifiability.
Rising threat level
The recommendations are just the latest in a series of warnings about the cybersecurity risks posed to US elections. A report published earlier this year by the Department of Homeland Security that assessed the cybersecurity posture of 96 federal agencies. It found that 74% were either “at risk” or “high risk”, requiring urgent improvement, with the report describing the state of government cyber-security as ‘bleak’.
The report also highlighted that federal agencies lack sufficient visibility into their networks to effectively detect data breaches and respond to cyber incidents. As a result, agencies could not identify the attack vector in 38% of incidents, meaning they could not defend their networks against repeat attacks. We also highlighted in a recent blog just how easily some voting machines could be hacked.
A global threat
Of course it isn’t just US elections that are at risk, any country that uses e-voting is potentially at risk, which has led to concerns being raised in the cybersecurity community about the possibility of electronic voting being more widely adopted. Indeed in a recent global survey of 400 IT security pros 93% said that election infrastructure is at risk of attack, while a further 81% believed hackers will target key data as it is transmitted from local polling stations to centralized points.
As governments explore the benefits of e-voting it is essential that security, and integrity, remain at the forefront of their mind. While the technology offers the potential to engage higher proportions of electorates it is not yet mature, or secure, enough to preserve the democracy. As such governments must prioritize the protection of their populations from possible cyber-attacks at can subvert their citizens democratic wishes.
The threats posed to any elections that utlize currently available e-voting technologies are constantly growing in complexity, sophistication and intensity. And developing a solution that maintains the integrity of votes, is 100% secure against these threats, and delivers the benefits that e-voting was intended to provide will not only take time, but a whole new approach to cybersecurity. But it needs to be done to ensure the integrity of elections cannot be manipulated digitally.