What to do to guard against Election Day cyberattacks
Top election-security experts are urging election officials to put contingency plans into place at polling stations in case critical systems are disrupted during voting on Nov. 8. Their warnings come one week before Election Day, at the end of a presidential race that has seen charges of politically motivated email hacking by Russia as well as a widespread internet outage of unknown origin.
In a teleconference panel Tuesday, Professors Candice Hoke and Douglas W. Jones, authorities in election technology, emphasized that voter-registration databases are most vulnerable to a possible cyberattack, and they encouraged election officials – and even voters – to take precautions.
Their deepest concern was echoed by the third member of the panel – human-rights activist, author and former chess champion Garry Kasparov: Even a small disruption to systems on Election Day could sow doubt in the election results and undermine the authority of a newly elected president. “It does not require massive disruption to create that cloud of uncertainty,” Hoke said. “A few technical events can add to doubt.”
With Russia clearly demonstrating an intent to interfere in U.S. politics in the hack of Democratic National Committee emails, all three panelists worry that whoever wins this presidential election, the real loss will come in Americans’ faith in their democratic systems. “Imagine people who will not be able to have their votes because the voter registration database was hacked,” Kasparov said. “That will create enough doubt about the U.S. elections and democracy as an institution.”
Tuesday’s panel was moderated by Bill Buzenberg, Editorial Director of PutinTrump.org.
Long-term, Hoke and Jones stressed that nationwide election infrastructure should be shored up as part of identifying elections as a key part of U.S. national security. But with one week to go until the election, these are their recommendations for what can be done right now.
What state and local elections officials can do:
Have paper records as back-ups for electronic voter-registration databases (so-called e-poll-books). Hoke notes that these databases are vulnerable because the software is easily manipulated. And she points out that a number of precincts, especially in major urban areas, now use electronic poll-books to access their registration databases, and those poll-books require constant access to the internet and so would be inaccessible in the event of a direct denial of service attack, as occurred Oct. 21. “Those locations that are using e-poll-books: They need to have a paper backup of every database in every location in case their e-poll-books happen to be down for whatever reason.”
Have a contingency plan for what to do if systems go down at a polling station. “The DDOS attack [Oct. 21] may not have been related to the election, but if I were Russia and I wanted to test my weapon in the election, that’s what my weapons test would look like,” Jones said. “Local elections officials need well-defined fallback plans for pollbook failures,” Jones said, and he noted that this could be as low-tech as having a blank sheet of paper where every voter can sign in and write down their addresses. He acknowledges that’s a tremendous amount of work for both poll-workers and voters, creating long lines and slow voting. “But turning away a voter from a polling place simply because the hardware is messed up – that’s just a violation of a fundamental principle of democracy that says you don’t turn away voters.”
States should have security experts assess their system’s vulnerabilities before Election Day, and consider hiring electronic security experts to be on hand for quick action if a disruption is reported. “Retain forensic security teams around the state ready to go into action if there are questions or incidents so they can be investigated immediately and proof can be obtained,” Hoke said. “We should have forensics teams ready to go on Election Day.”
What voters can do:
Voters should double-check their voter registration online before Election Day to be sure the precinct’s recorded information is correct. “Every state has an online voter-registration checking portal and there are some national portals available through the League of Women Voters and the Verified Voting Foundation,” Jones said.
Voters should take official identification to their polling places, even if it’s not required by law. If the electronic records indicate that a voter’s precinct is different or the registration is missing, an ID would be required to cast a provisional ballot or for same-day registration. “Having it there in case there’s a mess-up is important,” Jones said.
If at all possible, voters should take advantage of early voting opportunities. “Encourage as many voters as possible to use early voting opportunities,” Hoke said. “If systems should go down … on Election Day, there are no alternatives. That’s the best contingency.”
The panelists urged states and voters to take these last-minute precautions seriously because they believe that the integrity of the vote and American democracy is at stake in this election.
Kasparov: “My greatest fear is that the election would not be considered valid by tens of millions of Americans because there would be so much doubt and uncertainty, and whoever wins will not be a legitimate president in the eyes of half of the country.”
Jones’ greatest fear: “There will be a cloud of uncertainty caused by a mix of conspiracy theories from left and right and allegations of Russian involvement, and that mixture will create really entrenched distrust and entrenched unwillingness to accept the outcome, whatever the outcome is.”
Hoke: Since I’m located in Ohio … Close election totals are bad enough. Then, just a few incidents or technical events can further add to questions and doubt.”