Information Security News mailing list archives
Election security isn't that hard
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 12 Sep 2019 11:05:15 +0000 (UTC)
https://www.politico.com/agenda/story/2019/09/10/election-security-000954 By Kevin Shelley and Wayne Williams The Agenda Politico.com 09/10/2019 Intelligence experts warn that hostile nation-states, criminals and political partisans are preparing attacks on our election systems in 2020. We’ve set ourselves up for this: In the course of modernizing our voting systems, our country has introduced computers into many layers of our election process, including the recording and tallying of our votes. In fact, 99 percent of votes cast in 2020 will be counted either by the computerized voting machines on which the voters cast their ballots or – in the case of voter-marked paper ballots – by scanners, which also are computers. As former secretaries of state from both parties, we know that it’s possible to devise tangible solutions needed to validate our elections. In fact, we can tell you how to do it. That’s not to say that it’s easy, particularly given the decentralized nature of our election administration system. Most states administer elections locally and only a few states have uniform equipment in each locality. For many years, election administration has been woefully underfunded, leading to wide variability in capacity and resources. But, as long as the equipment incorporates a voter-marked paper ballot, officials can adjust existing processes to instill confidence in elections, regardless of the equipment in place. First, we need to dispel one misconception. Many people (including many election officials) believe that if a voting system or scanner is never connected to the internet, it will always be safe. Alas, that’s not the case. For each new election a file is prepared that contains the candidate and issue names and their placements on the ballot. This file is created by another computer that may be connected either directly or indirectly to the internet. If that computer is infected with malware, it can pass on that infection when the file containing the election information is fed into the voting machine or scanner. [...] Kevin Shelley, a Democrat, is the former California secretary of state and serves on the board of directors for Verified Voting, a nonpartisan, nonprofit organization that promotes verifiable voting practices. Wayne Williams, a Republican, is the former secretary of state for Colorado and also serves on the board of advisers for Verified Voting.
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Election security isn't that hard InfoSec News (Sep 12)