Electronic Voting Infrastructure Must Become More Resilient Against AttacksDecember 14, 2017
Originally published in The Hill
Cybersecurity for elections has been in the news a lot lately. There have been proposals for new cybersecurity efforts for election systems. There have been demonstrations of hacking voting machines. However, we’ve been missing a crucial point: election equipment cannot be made completely secure. Given that well-defended systems in other fields still suffer cybersecurity breaches, we should assume that well-secured election infrastructure will sometimes be compromised by hackers. Therefore, it is imperative that we enhance the resiliency of our election systems and processes so that they provide accurate election results even if the equipment used for registration, voting, results reporting, or other parts of the election process have been successfully hacked.
Here are four ideas worth considering as part of a more comprehensive strategy that would need to be worked out by election officials in discussion with other stakeholders:
- Ensure that ballots can be cast, even if a cyber intrusion has corrupted voter registration, ballot casting and counting, results reporting, or other systems that support the electoral process. Election officers must be prepared for large scale provisional voting, an established process used to resolve a variety of disputes over a voter’s eligibility. It may be wise to make contingency plans to conduct the entire vote with provisional ballots if a serious cyber breach impacts the election process. While not a perfect solution, it is a form of analog failover that would allow us to maintain operations during a cyber attack at reduced efficiency while preserving our ability to recover from the attack transparently to achieve a full and accurate vote.
- Prepare to detect and recover from problems with the vote. Every election official in the country should adopt post-election audit practices that would allow them to detect fraud or other sources of error. There is a growing body of research on how to conduct these kinds of audits. Further, elections must include a non-electronic method to capture votes that can be examined and tabulated after the fact, as all-electronic vote records could be irrecoverably corrupted in a cyber intrusion.
- Include commercial vendors as part of these discussions. They usually design and support voting machines; electronic voter registration databases; interfaces between voter registries and intermediaries such as departments of motor vehicles; and many other pieces of our election infrastructure. They are well positioned to apply cyber resiliency design principles in building election-related systems. Good design choices on their part will make the job of other stakeholders in the election cybersecurity ecosystem easier.
- Prepare for the worst. As a people, we must decide how to handle a cyber attack that leaves us unable to hold a timely election or to reliably determine its results. While every effort should be made to avoid this kind of situation, it is important to decide on objective and transparent rules beforehand to guide public officials in managing and resolving the situation. We must have politically neutral and publicly agreed-upon approaches to the worst case so that even on the worst days, we as a people can have well-founded confidence that our election process will reliably represent our democratic choices as voters.
So how could we start moving progress on election resiliency? Federal officials could leverage research that has been done on cyber resiliency to produce resources for use by election officials nation-wide. Executive and legislative leaders could use their positions to focus attention on the need for improved cyber resiliency for elections and provide resources needed to make change. They could also take on the difficult question of what to do when a cyber attack prevents holding a timely or trustworthy election and implement appropriate policy to guide action in the aftermath of such an event. State, local, tribal, and territorial election officials could work to enhance election processes and technology to provide resiliency against successful cyber intrusions into the election infrastructure in their jurisdiction. Members of the public could advocate for these kinds of changes and hold public officials responsible for achieving results.
America’s elections are carried out by a complex system of people, processes, and technology that have been designed to provide reliable results and be resistant to human error and traditional ways of committing fraud. Changing how elections work is an enormously difficult policy and systems engineering challenge. But with modern cyber threats to elections, it is critical that we take new steps to improve election security and resilience. This will not be easy. It will likely involve hard decisions and tradeoffs. It will cost time and money. It will need to be done carefully to avoid unintended problems, especially those that put at risk people’s exercise of their right to vote or cause doubt about the integrity of the election. However, we must do this hard work because we must assume that attempts will be made to influence future elections using cyber attacks and that some of those attempts will be successful. It is critical that our election processes be able to withstand those attacks, continue to provide transparency, and provide accurate and trustworthy results that reflect the will of the people.