fbpx
Wikipedia

Election security

February 16, 2024

Election cybersecurity or election security refers to the protection of elections[1] and voting infrastructure from cyberattack or cyber threat[2] – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.[3]

Cyber threats or attacks to elections or voting infrastructure could be carried out by insiders within a voting jurisdiction, or by a variety of other actors ranging from nefarious nation-states, to organized cyber criminals to lone-wolf hackers. Motives may range from a desire to influence the election outcome, to discrediting democratic processes, to creating public distrust or even political upheaval.

Legislation and policy best practices edit

A variety of experts and interest groups have emerged to address voting infrastructure vulnerabilities and to support democracies in their security efforts.[4] From these efforts have come a general set of policy ideas for election security, including:

  • Transition from black-box proprietary voting systems to transparent open-source voting systems[5][6][7]
  • Implement universal use of paper ballots, marked by hand and read by optical scanner, ensuring a voter-verified paper audit trail (VVPAT).[8][9][7]
  • Pass voter machine certification requirements[10] that, for example, phase out touch-screen voting machines – especially the most vulnerable direct-recording electronic (DRE) devices[11] and follow recommendations like those by the US Election Assistance Commission.
  • Verify voting results by requiring election officials to conduct risk-limiting audits, a statistical post-election audit before certification of final results.[11][7][12]
  • Ballot accounting and reconciliation to ensure all ballots are accounted for[10]
  • Give voters an opportunity to fix any mistakes that would otherwise get their ballots thrown out
  • Ban electronic voting[10]
  • Secure all voting infrastructure from databases to equipment using cyber hygiene tools such as the CIS “20 Critical Security Controls” or NIST's Cybersecurity Framework.[10][12][13]
  • Provide resources, training and information-sharing to election leaders for cyber maintenance and on-going monitoring.[14][15]
  • Designate elections as critical infrastructure[14] and provide appropriate funding to implement infrastructure upgrades, audits, and cyber hygiene measures.
  • Pre-election logic and accuracy testing to check for equipment malfunctions[10]
  • Institute a pre-election threat assessment plan to bolster technical support capacity for election officials requesting assistance.[14]
    • Call upon outside experts to conduct cyber assessments – government specialists, white-hat hackers, cybersecurity vendors and security researchers – where needed.[15]

Role of white hat hackers edit

The "white hat" hacker community has also been involved in the public debate. From July 27–30, 2017, DEFCON – the world's largest, longest running and best-known hacker conference – hosted a “Voting Machine Hacking Village” at its annual conference in Las Vegas, Nevada to highlight election security vulnerabilities.[16] The event featured 25 different pieces of voting equipment used in federal, state and local U.S. elections and made them available to white-hat hackers and IT researchers for the purpose of education, experimentation, and to demonstrate the cyber vulnerabilities of such equipment. During the 3-day event, thousands of hackers, media and elected officials witnessed the hacking of every piece of equipment, with the first machine to be compromised in under 90 minutes.[17] One voting machine was hacked remotely and was configured to play Rick Astley's song "Never Gonna Give You Up."[18][irrelevant citation] Additional findings of the Voting Village were published in a report issued by DEFCON in October 2017.[19]

The "Voting Village" was brought back for a second year at DEF CON, which was held in Las Vegas, August 9–12, 2018. The 2018 event dramatically expanded its inquiries to include more of the election environment, from voter registration records to election night reporting and many more of the humans and machines in the middle. DEF CON 2018 also featured a greater variety of voting machines, election officials, equipment, election system processes, and election night reporting. Voting Village participants consisted of hackers, IT and security professionals, journalists, lawyers, academics, and local, state and federal government leaders. A full report was issued on the 2018 Village Findings at a press conference in Washington, DC, held on September 27, 2018.[1]

Europe edit

Russia's 2016 attempts to interfere in U.S. elections fits a pattern of similar incidents across Europe for at least a decade. Cyberattacks in Ukraine, Bulgaria, Estonia, Germany, France and Austria that investigators attributed to suspected Kremlin-backed hackers appeared aimed at influencing election results, sowing discord and undermining trust in public institutions that include government agencies, the media and elected officials.[20]

United States edit

The United States is characterized by a highly decentralized election administration system. Elections are a constitutional responsibility of state and local election entities such as secretaries of state, election directors, county clerks or other local level officials encompassing more than 6,000+ local subdivisions nationwide.[21]

However, election security has been characterized as a national security concern increasingly drawing the involvement of federal government entities such as the U.S. Department of Homeland Security. In early 2016, Jeh Johnson, Secretary of Homeland Security designated elections as “critical infrastructure” making the subsector eligible to receive prioritized cybersecurity assistance and other federal protections from the Department of Homeland Security. The designation applies to storage facilities, polling places, and centralized vote tabulations locations used to support the election process, and information and communications technology to include voter registration databases, voting machines, and other systems to manage the election process and report and display results on behalf of state and local governments.[22] In particular, hackers falsifying official instructions before an election could affect voter turnout or hackers falsifying online results after an election could sow discord.[23]

Post 2016 Election edit

Election security has become a major focus and area of debate in recent years, especially since the 2016 U.S. Presidential Election. In 2017, DHS confirmed that a U.S. foreign adversary, Russia, attempted to interfere in the 2016 U.S. Presidential Election via “a multi-faceted approach intended to undermine confidence in [the American] democratic process."[24] This included conducting cyber espionage against political targets, launching propaganda or “information operations” (IO) campaigns on social media, and accessing elements of multiple U.S. state or local electoral boards.[25]

On September 22, 2017, it was reported that the U.S. Department of Homeland Security (DHS) notified 21 states that they were targeted by Kremlin-backed hackers during the 2016 election. Those states included Alabama, Alaska, Colorado, Connecticut, Delaware, Florida, Illinois, Maryland, Minnesota, Ohio, Oklahoma, Oregon, North Dakota, Pennsylvania, Virginia, Washington,2 Arizona, California, Iowa, Texas, and Wisconsin. Currently, hackers only reportedly succeeded in breaching the voter registration system of one state: Illinois.[26]

In the aftermath of the 2016 hacking, a growing bench of national security and cyber experts have emerged noting that Russia is just one potential threat. Other actors including North Korea, Iran, organized criminals possess, and individual hackers have motives and technical capability to infiltrate or interfere with elections and democratic operations.[27] Leaders and experts have warned that a future attack on elections or voting infrastructure by Russian-backed hackers or others with nefarious intent, such as seen in 2016, is likely in 2018 and beyond.[28][29][30]

One recommendation to prevent disinformation from fake election-related web sites and email spoofing is for local governments to use .gov domain names for web sites and email addresses. These are controlled by the federal government, which authenticates the legitimate government controls the domain. Many local governments use .com or other top-level domain names; an attacker could easily and quickly set up an altered copy of the site on a similar-sounding .com address using a private registrar.[31]

In 2018 assessment of US state election security by the Center for American Progress, no state received an “A” based on their measurements of seven election security factors.[10] Forty states received a grade of C or below.  A separate 2017 report from the Center for American Progress outlines nine solutions which states can implement to secure their elections; including requiring paper ballots or records of every vote, the replacement of outdated voting equipment, conducting post election audits, enacting cybersecurity standards for voting systems, pre-election testing of voting equipment, threat assessments, coordination of election security between state and federal agencies, and the allocating of federal funds for ensuring election security.[32]

See also edit

References edit

  1. ^ "Election Security - Section 3: Key Election Process Categories - Unleashing the Potential of Election Data - Open Election Data Initiative". openelectiondata.net. Retrieved 2018-03-16.
  2. ^ Fidler, David (May 2017). "Transforming Election Cybersecurity, Council on Foreign Relations" (PDF).
  3. ^ "Election Security Preparedness - BeReady16 | US Election Assistance Commission". www.eac.gov. Retrieved 2018-03-06.
  4. ^ Larson, Selena. "Hackers will work with government, academia to make future elections secure". CNNMoney. Retrieved 2018-03-06.
  5. ^ Woolsey, R. James; Fox, Brian J. (2017-08-03). "Opinion | To Protect Voting, Use Open-Source Software". The New York Times. ISSN 0362-4331. Retrieved 2022-12-09.
  6. ^ Wofford, Ben (June 25, 2021). "One Man's Quest to Break Open the Secretive World of American Voting Machines". POLITICO. Retrieved 2022-12-09.
  7. ^ a b c "Verified Voting Foundation: Principles for New Voting Systems". Verified Voting. 2015-02-04. Retrieved 2018-03-06.
  8. ^ "Belfer Center for Science and International Affairs, Harvard Kennedy School, Defending Digital Democracy, The State & Local Election Cybersecurity Playbook, February 2018".
  9. ^ Legislatures, National Conference of State. "Election Security: State Policies". www.ncsl.org. Retrieved 2018-03-06.
  10. ^ a b c d e f Root, Danielle; Kennedy, Liz; Sozan, Michael; Parshall, Jerry (12 February 2018). "Election Security in All 50 States". Center for American Progress. Retrieved 2020-05-01.
  11. ^ a b "Expert Testimony by J. Alex Halderman, Professor of Computer Science, University of Michigan before the U.S. Senate Select Committee on Intelligence, June 21, 2017" (PDF).
  12. ^ a b "9 Solutions to Secure America's Elections - Center for American Progress". Center for American Progress. Retrieved 2018-03-06.
  13. ^ "Center for Internet Security (CIS), A Handbook for Elections Infrastructure Security, Version 1.0, February 2018" (PDF).
  14. ^ a b c "CONGRESSIONAL TASK FORCE ON ELECTION SECURITY, Final Report, January 2018" (PDF).
  15. ^ a b "Praetz, Noah, Office of Cook County, IL Clerk David Orr, 2020 Vision: Election Security in the Age of Committed Foreign Threats, December 7, 2017" (PDF).
  16. ^ "Hackers at DefCon conference exploit vulnerabilities in voting machines". USA TODAY. Retrieved 2018-03-06.
  17. ^ "Hackers competed to breach U.S. voting machines. It took them 90 minutes". Newsweek. 2017-07-30. Retrieved 2018-03-06.
  18. ^ France, Lisa Respers. "Rick Astley is on a (Rick) roll". CNN. Retrieved 2018-03-06.
  19. ^ "DEFCON 25 Voting Machine Hacking Village: Report on Cyber Vulnerabilities in U.S. Election Equipment, Databases, and Infrastructure. October 2017" (PDF).
  20. ^ "Russia's pattern of meddling abroad exposes threat to 2018 U.S. elections: report". USA TODAY. Retrieved 2018-03-06.
  21. ^ Legislatures, National Conference of State. "Election Administration at State and Local Levels". www.ncsl.org. Retrieved 2018-03-06.
  22. ^ "Statement by Secretary Johnson on the Designation of Election Infrastructure as a Critical Infrastructure Subsector". Department of Homeland Security. 2017-01-06. Retrieved 2018-03-06.
  23. ^ 2018-2019 San Mateo County Civil Grand Jury (July 24, 2019). "Security of Election Announcements" (PDF). Superior Court of California. Retrieved August 20, 2019.{{cite web}}: CS1 maint: numeric names: authors list (link)
  24. ^ "Congressional Testimony of Jeanette Manfra, then-Acting Deputy Under Secretary For Cybersecurity and Communications, National Protection And Programs Directorate, U.S. Department of Homeland Security, before the Select Committee on Intelligence, United States Senate, June 21, 2017" (PDF).
  25. ^ "ICA: Intelligence Community Assessment. "Background to "Assessing Russian Activities and Intentions in Recent US Elections: The Analytic Process and Cyber Incident Attribution." January 9, 2017" (PDF).
  26. ^ "Election Security in All 50 States - Center for American Progress". Center for American Progress. Retrieved 2018-03-06.
  27. ^ "Election Security in All 50 States - Center for American Progress". Center for American Progress. Retrieved 2018-03-06.
  28. ^ "Pompeo: 'I have every expectation' Russia will meddle in 2018 midterms". POLITICO. Retrieved 2018-03-06.
  29. ^ CNBC (2018-03-06). "Top intel official: 'Highly likely' Russia will seek to influence 2018 US vote". CNBC. Retrieved 2018-03-06.
  30. ^ Cohen, Zachary. "US cyber chief says Trump hasn't told him to confront Russian cyber threat". CNN. Retrieved 2018-03-06.
  31. ^ 1 Simple Step Could Help Election Security. Governments Aren't Doing It
  32. ^ Root, Danielle; Kennedy, Liz (16 August 2017). "9 Solutions to Secure America's Elections". Center for American Progress. Retrieved 2020-05-01.

External links edit

  • Verified Voting - U.S. advocacy organization that catalogs voting equipment used in each state

February 16, 2024
election, security, this, article, multiple, issues, please, help, improve, discuss, these, issues, talk, page, learn, when, remove, these, template, messages, examples, perspective, this, article, deal, primarily, with, united, states, represent, worldwide, v. This article has multiple issues Please help improve it or discuss these issues on the talk page Learn how and when to remove these template messages The examples and perspective in this article deal primarily with the United States and do not represent a worldwide view of the subject You may improve this article discuss the issue on the talk page or create a new article as appropriate June 2018 Learn how and when to remove this template message A major contributor to this article appears to have a close connection with its subject It may require cleanup to comply with Wikipedia s content policies particularly neutral point of view Please discuss further on the talk page August 2020 Learn how and when to remove this template message Learn how and when to remove this template message Election cybersecurity or election security refers to the protection of elections 1 and voting infrastructure from cyberattack or cyber threat 2 including the tampering with or infiltration of voting machines and equipment election office networks and practices and voter registration databases 3 Cyber threats or attacks to elections or voting infrastructure could be carried out by insiders within a voting jurisdiction or by a variety of other actors ranging from nefarious nation states to organized cyber criminals to lone wolf hackers Motives may range from a desire to influence the election outcome to discrediting democratic processes to creating public distrust or even political upheaval Contents 1 Legislation and policy best practices 2 Role of white hat hackers 3 Europe 4 United States 4 1 Post 2016 Election 5 See also 6 References 7 External linksLegislation and policy best practices editA variety of experts and interest groups have emerged to address voting infrastructure vulnerabilities and to support democracies in their security efforts 4 From these efforts have come a general set of policy ideas for election security including Transition from black box proprietary voting systems to transparent open source voting systems 5 6 7 Implement universal use of paper ballots marked by hand and read by optical scanner ensuring a voter verified paper audit trail VVPAT 8 9 7 Pass voter machine certification requirements 10 that for example phase out touch screen voting machines especially the most vulnerable direct recording electronic DRE devices 11 and follow recommendations like those by the US Election Assistance Commission Verify voting results by requiring election officials to conduct risk limiting audits a statistical post election audit before certification of final results 11 7 12 Ballot accounting and reconciliation to ensure all ballots are accounted for 10 Give voters an opportunity to fix any mistakes that would otherwise get their ballots thrown out Ban electronic voting 10 Secure all voting infrastructure from databases to equipment using cyber hygiene tools such as the CIS 20 Critical Security Controls or NIST s Cybersecurity Framework 10 12 13 Provide resources training and information sharing to election leaders for cyber maintenance and on going monitoring 14 15 Designate elections as critical infrastructure 14 and provide appropriate funding to implement infrastructure upgrades audits and cyber hygiene measures Pre election logic and accuracy testing to check for equipment malfunctions 10 Institute a pre election threat assessment plan to bolster technical support capacity for election officials requesting assistance 14 Call upon outside experts to conduct cyber assessments government specialists white hat hackers cybersecurity vendors and security researchers where needed 15 Role of white hat hackers editThe white hat hacker community has also been involved in the public debate From July 27 30 2017 DEFCON the world s largest longest running and best known hacker conference hosted a Voting Machine Hacking Village at its annual conference in Las Vegas Nevada to highlight election security vulnerabilities 16 The event featured 25 different pieces of voting equipment used in federal state and local U S elections and made them available to white hat hackers and IT researchers for the purpose of education experimentation and to demonstrate the cyber vulnerabilities of such equipment During the 3 day event thousands of hackers media and elected officials witnessed the hacking of every piece of equipment with the first machine to be compromised in under 90 minutes 17 One voting machine was hacked remotely and was configured to play Rick Astley s song Never Gonna Give You Up 18 irrelevant citation Additional findings of the Voting Village were published in a report issued by DEFCON in October 2017 19 The Voting Village was brought back for a second year at DEF CON which was held in Las Vegas August 9 12 2018 The 2018 event dramatically expanded its inquiries to include more of the election environment from voter registration records to election night reporting and many more of the humans and machines in the middle DEF CON 2018 also featured a greater variety of voting machines election officials equipment election system processes and election night reporting Voting Village participants consisted of hackers IT and security professionals journalists lawyers academics and local state and federal government leaders A full report was issued on the 2018 Village Findings at a press conference in Washington DC held on September 27 2018 1 Europe editRussia s 2016 attempts to interfere in U S elections fits a pattern of similar incidents across Europe for at least a decade Cyberattacks in Ukraine Bulgaria Estonia Germany France and Austria that investigators attributed to suspected Kremlin backed hackers appeared aimed at influencing election results sowing discord and undermining trust in public institutions that include government agencies the media and elected officials 20 United States editThe United States is characterized by a highly decentralized election administration system Elections are a constitutional responsibility of state and local election entities such as secretaries of state election directors county clerks or other local level officials encompassing more than 6 000 local subdivisions nationwide 21 However election security has been characterized as a national security concern increasingly drawing the involvement of federal government entities such as the U S Department of Homeland Security In early 2016 Jeh Johnson Secretary of Homeland Security designated elections as critical infrastructure making the subsector eligible to receive prioritized cybersecurity assistance and other federal protections from the Department of Homeland Security The designation applies to storage facilities polling places and centralized vote tabulations locations used to support the election process and information and communications technology to include voter registration databases voting machines and other systems to manage the election process and report and display results on behalf of state and local governments 22 In particular hackers falsifying official instructions before an election could affect voter turnout or hackers falsifying online results after an election could sow discord 23 Post 2016 Election edit Election security has become a major focus and area of debate in recent years especially since the 2016 U S Presidential Election In 2017 DHS confirmed that a U S foreign adversary Russia attempted to interfere in the 2016 U S Presidential Election via a multi faceted approach intended to undermine confidence in the American democratic process 24 This included conducting cyber espionage against political targets launching propaganda or information operations IO campaigns on social media and accessing elements of multiple U S state or local electoral boards 25 On September 22 2017 it was reported that the U S Department of Homeland Security DHS notified 21 states that they were targeted by Kremlin backed hackers during the 2016 election Those states included Alabama Alaska Colorado Connecticut Delaware Florida Illinois Maryland Minnesota Ohio Oklahoma Oregon North Dakota Pennsylvania Virginia Washington 2 Arizona California Iowa Texas and Wisconsin Currently hackers only reportedly succeeded in breaching the voter registration system of one state Illinois 26 In the aftermath of the 2016 hacking a growing bench of national security and cyber experts have emerged noting that Russia is just one potential threat Other actors including North Korea Iran organized criminals possess and individual hackers have motives and technical capability to infiltrate or interfere with elections and democratic operations 27 Leaders and experts have warned that a future attack on elections or voting infrastructure by Russian backed hackers or others with nefarious intent such as seen in 2016 is likely in 2018 and beyond 28 29 30 One recommendation to prevent disinformation from fake election related web sites and email spoofing is for local governments to use gov domain names for web sites and email addresses These are controlled by the federal government which authenticates the legitimate government controls the domain Many local governments use com or other top level domain names an attacker could easily and quickly set up an altered copy of the site on a similar sounding com address using a private registrar 31 In 2018 assessment of US state election security by the Center for American Progress no state received an A based on their measurements of seven election security factors 10 Forty states received a grade of C or below A separate 2017 report from the Center for American Progress outlines nine solutions which states can implement to secure their elections including requiring paper ballots or records of every vote the replacement of outdated voting equipment conducting post election audits enacting cybersecurity standards for voting systems pre election testing of voting equipment threat assessments coordination of election security between state and federal agencies and the allocating of federal funds for ensuring election security 32 See also editOpen source voting systems Verified Voting Foundation Voluntary Voting System GuidelinesReferences edit Election Security Section 3 Key Election Process Categories Unleashing the Potential of Election Data Open Election Data Initiative openelectiondata net Retrieved 2018 03 16 Fidler David May 2017 Transforming Election Cybersecurity Council on Foreign Relations PDF Election Security Preparedness BeReady16 US Election Assistance Commission www eac gov Retrieved 2018 03 06 Larson Selena Hackers will work with government academia to make future elections secure CNNMoney Retrieved 2018 03 06 Woolsey R James Fox Brian J 2017 08 03 Opinion To Protect Voting Use Open Source Software The New York Times ISSN 0362 4331 Retrieved 2022 12 09 Wofford Ben June 25 2021 One Man s Quest to Break Open the Secretive World of American Voting Machines POLITICO Retrieved 2022 12 09 a b c Verified Voting Foundation Principles for New Voting Systems Verified Voting 2015 02 04 Retrieved 2018 03 06 Belfer Center for Science and International Affairs Harvard Kennedy School Defending Digital Democracy The State amp Local Election Cybersecurity Playbook February 2018 Legislatures National Conference of State Election Security State Policies www ncsl org Retrieved 2018 03 06 a b c d e f Root Danielle Kennedy Liz Sozan Michael Parshall Jerry 12 February 2018 Election Security in All 50 States Center for American Progress Retrieved 2020 05 01 a b Expert Testimony by J Alex Halderman Professor of Computer Science University of Michigan before the U S Senate Select Committee on Intelligence June 21 2017 PDF a b 9 Solutions to Secure America s Elections Center for American Progress Center for American Progress Retrieved 2018 03 06 Center for Internet Security CIS A Handbook for Elections Infrastructure Security Version 1 0 February 2018 PDF a b c CONGRESSIONAL TASK FORCE ON ELECTION SECURITY Final Report January 2018 PDF a b Praetz Noah Office of Cook County IL Clerk David Orr 2020 Vision Election Security in the Age of Committed Foreign Threats December 7 2017 PDF Hackers at DefCon conference exploit vulnerabilities in voting machines USA TODAY Retrieved 2018 03 06 Hackers competed to breach U S voting machines It took them 90 minutes Newsweek 2017 07 30 Retrieved 2018 03 06 France Lisa Respers Rick Astley is on a Rick roll CNN Retrieved 2018 03 06 DEFCON 25 Voting Machine Hacking Village Report on Cyber Vulnerabilities in U S Election Equipment Databases and Infrastructure October 2017 PDF Russia s pattern of meddling abroad exposes threat to 2018 U S elections report USA TODAY Retrieved 2018 03 06 Legislatures National Conference of State Election Administration at State and Local Levels www ncsl org Retrieved 2018 03 06 Statement by Secretary Johnson on the Designation of Election Infrastructure as a Critical Infrastructure Subsector Department of Homeland Security 2017 01 06 Retrieved 2018 03 06 2018 2019 San Mateo County Civil Grand Jury July 24 2019 Security of Election Announcements PDF Superior Court of California Retrieved August 20 2019 a href Template Cite web html title Template Cite web cite web a CS1 maint numeric names authors list link Congressional Testimony of Jeanette Manfra then Acting Deputy Under Secretary For Cybersecurity and Communications National Protection And Programs Directorate U S Department of Homeland Security before the Select Committee on Intelligence United States Senate June 21 2017 PDF ICA Intelligence Community Assessment Background to Assessing Russian Activities and Intentions in Recent US Elections The Analytic Process and Cyber Incident Attribution January 9 2017 PDF Election Security in All 50 States Center for American Progress Center for American Progress Retrieved 2018 03 06 Election Security in All 50 States Center for American Progress Center for American Progress Retrieved 2018 03 06 Pompeo I have every expectation Russia will meddle in 2018 midterms POLITICO Retrieved 2018 03 06 CNBC 2018 03 06 Top intel official Highly likely Russia will seek to influence 2018 US vote CNBC Retrieved 2018 03 06 Cohen Zachary US cyber chief says Trump hasn t told him to confront Russian cyber threat CNN Retrieved 2018 03 06 1 Simple Step Could Help Election Security Governments Aren t Doing It Root Danielle Kennedy Liz 16 August 2017 9 Solutions to Secure America s Elections Center for American Progress Retrieved 2020 05 01 External links editVerified Voting U S advocacy organization that catalogs voting equipment used in each state Retrieved from https en wikipedia org w index php title Election security amp oldid 1159745998, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.