Election security has been such a polarizing topic in 2018 that merely typing those words feels like an invitation to start a debate.
While election security, and concerns over potential interference in the 2016 presidential election, spark an emotional reaction on both sides of the aisle, it is also a serious technological issue for state governments. State organizations must ensure that future elections not only happen securely, but also that processes, procedures and systems act in a way that avoids scrutiny.
For many, the first thought around security centers on protecting the voting machines themselves. After all, it is these systems that tally the votes and make for the most likely target for outside interference. That, though, is really only the beginning of the discussion.
Election security encompasses a much wider range of systems and information, extending from the voting booth back to the voter themselves. For state governments, all of these systems must be protected for the election process to remain secure.
The Election Ecosystem
State governments must think about security at every step of the voting process. For example, a number of states allow citizens to register to vote at their local department of motor vehicles office. The idea is that people can handle this process while taking care of their car needs, such as renewing registration or updating driver’s license information. That voter information is now stored in some way with the state’s Department of Transportation and could be an intriguing target for attack.
You see, elections are multi-faceted events. With all of these different aspects it is clear how state’s must go beyond simply protecting the ballot box. While that part is important, focusing all efforts in this area will still leave vulnerabilities for hackers to exploit in many others. The key is to create an end-to-end security system that can manage data held in the election process throughout its entire lifecycle.
The best way to think about this ecosystem is through the three primary threat vectors: mobile, cloud and Internet of Things (IoT), including:
- Mobile Devices: Bring your own device policies have become popular in state governments. Election officials need to ensure that any device used meets industry standard security protocols. Hackers will look for the easiest areas to attack, and mobile has become a fertile hunting ground. In 2017 alone, Symantec saw a 54 percent growth in mobile malware according to our Internet Security Threat Report.
- Cloud: Cloud applications, namely commercial cloud solutions, can provide an avenue for hackers looking to gather information or plant malware. After all, it was Gmail that allowed hackers to break into Clinton Campaign Manager John Podesta’s email account during the 2016 election. Cloud has added a tremendous amount of capability, but elections must ensure all applications meet safety standards before employees can use them.
- IoT: Wi-Fi enabled devices have become more popular, but many of these devices lack adequate security. Election officials must ensure that any IoT devices connected to their environment have updated security software and only connect through a secure connection.
A New Security Paradigm
In many ways, state governments need to view election security with the same lens they view all types of information security. The focus should be on protecting data wherever it lies. That remains true no matter the type of data, or the system it runs on.
For all the data and information that governments want to secure there are a wide-range of supporting systems and infrastructure that also must be secured to establish data integrity. Hackers will find a way into a network if there are any vulnerabilities, exploiting this information.
The first thought about improving election security is to, of course, secure the point-of-contact voting systems. State governments must think several steps beyond that, however. What infrastructure supports this? What other programs are tied to elections? Where are potential vulnerabilities?
Although the mid-terms are over, the topic of election security remains a key point of debate, and state governments need to focus on the technical side of security. With the right investments and, more importantly, the proper thought process to protecting the election process, governments can take a significant step forward in bolstering election security…beyond the ballot box.