Researchers Finding Election Systems Open To The Internet

Researchers including Kevin Skoglund, an independent security consultant, found 35 election systems connected to the internet for months or longer including some in swing states as reported by Motherboard. Two backend systems which include the reporting system that tabulates votes and the election-management system are on a local area network, which is connected to the firewall through a switch.

Experts Comments

August 12, 2019
Usman Rahim
Digital Security and Operations Manager
The Media Trust
Our digital elections system doesn’t have a single point of failure—it has many - largely because the system appears to have been designed without prioritizing security and privacy. What’s most disturbing is that even as vendors claim the system isn’t connected to the internet, they provide documents that show otherwise. In addition, there’s the potential for configuration problems—an all too frequent error--USB drives infected with malware, brute force attacks to get around.....Read More
Our digital elections system doesn’t have a single point of failure—it has many - largely because the system appears to have been designed without prioritizing security and privacy. What’s most disturbing is that even as vendors claim the system isn’t connected to the internet, they provide documents that show otherwise. In addition, there’s the potential for configuration problems—an all too frequent error--USB drives infected with malware, brute force attacks to get around passwords, firewalls with unpatched software, outdated server software, no oversight of how well vendors install the system, configuration for transmitting election results not certified by Election Assistance Commission (EAC) although one wonders what good that would do if they don't have cybersecurity experts to alert them when something's afoot. Another significant problem is that state and local governments suffer from chronic budget cuts that prevent it from putting more stringent security measures in place and thoroughly vetting machines before putting them to use and in so doing, exposing these systems—not to mention voters--to sustained attacks from bad actors and nation-state adversaries.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.