Hackers Let Loose on Voting Gear Ahead of US Election SeasonHackers Let Loose on Voting Gear Ahead of US Election Season
Ethical hackers were given voluntary access to digital scanners, ballot markers, and electronic pollbooks, all in the name of making the voting process more resilient to cyber threats.
September 22, 2023
Election machine manufacturers are opening their wares to hackers in an effort to harden voting security ahead of next year's US Presidential Election.
This week's first-ever Election Security Research Forum featured organized pen testing and bug research for digital scanners, ballot marking devices, and electronic pollbooks, with a primary focus on the technology that voters may encounter at a polling site. The forum also enabled security researchers to engage with the vendors of the systems.
Notably, this marked the first time such manufacturers voluntarily offered their systems for third-party review as part of a vulnerability disclosure process, according to the Forum.
"The reality is that security research happens whether the vendors invite it or not, so this shift in relationship and approach takes advantage of the existing dynamics of the Internet in order to make the democratic process more resilient, and more trustworthy," said Casey Ellis, founder and CTO at Bugcrowd, in an emailed statement. "Ultimately, all vendors and every organization associated with the democratic process should be doing this."
The Forum, which is the culmination of five years of planning by the IT-ISAC's Elections Industry Special Interest Group (EI-SIG) is just the first fruit of a program built to work on what is arguably one of the most critical cyber threat surfaces in existence.
"What I enjoyed most was watching the lights come on for both audiences: As hackers in the room understood the complexity and gravity of election systems as a security target, and as the voting service providers got to see and understand the hacker mindset in action," Ellis noted. "This was a pilot event and overall, I feel that it was a 'successful first blind date.'"
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks