Biggest Voting Security Threat May Be Vulnerable Databases
NEW ORLEANS – According to William “Bill” Rials, associate director in the Tulane University School of Professional Advancement’s Information Technology program, local governments who oversee the protection of voting machines and their databases should be acting now to prevent cybersecurity attacks that can disrupt electronic voting.
“From a cybersecurity perspective, the biggest risk to elections is all the ancillary elements associated with the election process,” Rials said. “Most voting machines today, from the well-known market leaders, are ‘reasonably’ secure from cyberattacks because the terminals are typically air-gapped from any connected network during the individual voting process. Any vote cast is usually stored locally and not transferred over a network until after the polls close and the tabulation occurs. One strategy of cybersecurity is limiting the attack surface and exposure to potential cyber threats. Nefarious actors have limited access during the actual casting of votes.”
So the primary targets of potential cyberattacks might be the large databases of registered voters.
“One primary example is the availability and integrity of the voter registration databases on election day. These voter registration databases are typically stored and maintained by county clerks and election commissioners. These databases are susceptible to cyber threats, just like any other database,” Rials said.
However, since elections are a constitutional responsibility of state and local election entities that consist of more than 6,000-plus local subdivisions nationwide, election security is not always consistently maintained.
“Unfortunately, many local governments are still struggling to increase their cyber defense capabilities and are easy targets. Cybercriminals wishing to disrupt the election process are likely targeting these voter registration databases months and even years leading up to election day. Incorrect or modified voter data could have an impact on the election process. Local governments responsible for the cyber protection of these databases should be working now to improve the cybersecurity posture associated with the voter databases,” Rials said.