To protect our elections
US intelligence officials warn voting could be hacked. A Raytheon expert offers four ways to meet the threat
The threat is real.
On February 12, top U.S. intelligence officials warned the Senate Intelligence Committee that the nation must strengthen its defenses against hostile interference in coming elections. While Russia is already spreading disinformation through social media and other channels, the officials said, it could also try to hack actual voting systems.
“There should be no doubt that Russia perceives that its past efforts have been successful and views the 2018 midterm US elections as a potential target for Russian influence operations,” said U.S. Director of National Intelligence Dan Coats. “Frankly, the United States is under attack…by entities that are using cyber to penetrate virtually every major action that takes place in the United States.”
The unified call to action from U.S. intelligence agencies highlights the danger to our democracy should an adversary be able to alter votes. Michael Daly, chief technology officer for cybersecurity and special missions, explains that cybersecurity is critical to national security.
“Nothing is immune from the cyber threat. Not our airports, power plants, banks or hospitals. Not even our voting systems, the very basis of our democracy," Daly said.
U.S. elections are managed through a hodgepodge of systems that vary from state to state, including paper ballots, electronic screens and even some Internet voting. Daly offers these four recommendations for securing voting systems ahead of the midterm elections:
1. Secretaries of State should convene, in an academic environment, a conference with their election officials and cybersecurity staff. The session should be used to review the importance of cybersecurity controls, the threat vectors that are known to have been exploited in systems, and the long history of election tampering that has been occurring since World War II. Improperly informed stakeholders are our greatest vulnerability.
2. Secretaries of State, their Boards of Elections and state cybersecurity leaders should document their end-to-end election process with all of its systems, dependencies and interfaces. Every state is different and has different threat vectors.
3. States should engage their vendors and IT organizations (across the end-to-end chain) to conduct technical testing to ensure systems are secured. This includes patching, segmentation, monitoring, wireless configurations, hardening to remove unnecessary applications and ensuring there are multiple redundancies and methods of validation.
4. State officials should contact the U.S. Department of Homeland Security and their National Cybersecurity and Communications Integration Center for help. That’s where they’ll find trained professionals ready to help with lessons learned from prior engagements.
“Today our intelligence leaders highlighted an urgent call to action - cybersecurity is a matter of national security,” Daly said. "It’s time to reshape the cyber landscape with a national defense doctrine that increases investment in our infrastructure, technologies, and training to deter our adversaries.”