Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

9/28/2016
11:30 AM
Jeff Schilling
Jeff Schilling
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Hacking The Polls: Where US Voting Processes Fall Short

The patchwork of 50 decentralized state electoral systems threatens to disrupt our national election through ransomware attacks, hijacked voter registration rolls, and altered voting results.

Under the Twelfth Amendment of the US Constitution, the voting process is solely the responsibility of the states to conduct and manage. As you can imagine, the decentralization of how we manage our voting process has created a situation where there are 50 different concepts of how to execute our rights to vote in national elections. According to the National Conference of State Legislatures: “Those standards vary from state to state.  Some states adopt federal standards, some develop their own standards and others use a hybrid of both approaches.”

It is important to first define what makes up the voting process in this context.  That process includes:

  • Registration
  • Verification
  • Voting
  • Tallying
  • Results reporting for national aggregation

Understandably, there is a lot of surface area for cyber threat actors to attack, both nation-state and criminal. It’s reasonable to imagine someone wanting to pad the roles of a critical voting district by gaining control of the voter registration rolls and creating fake registered voters for unqualified residents to vote. A more likely attack would be a conventional ransomware actor who decides to lock up the database just prior to voter registration cards being distributed. The most dangerous attack would be to compromise the software vendors who write code for the electronic voting machines that would allow a threat actor to create vote tallies that suit their needs, potentially for sale to the highest bidder.

When assessing the cyber risk of any business process, the attributes of the processes most vulnerable to attack and exploitation include:

  • Partially automated with legacy backend processes that "can't be automated;"
  • Require a connection with multiple systems and databases with varying levels of security hardening and monitoring;
  • Lack a single recognized and audited standard for security and compliance;
  • Have multiple business owners and vendors with varying degrees of concern for security and no end-to-end ownership of the total process.

America’s voting process, as defined above fits every one of those attributes. It is safe to assume that some state governments considered among the “have nots” in funding are cutting corners in every element of these business processes with security hardening and monitoring on top of the list of “too expensive to do right.”

So, what is the current recognized security framework for the voting process?  In 2009, The National Institute of Standards and Technology (NIST) published the Draft Voluntary Voting Systems Guidelines, version 1.1. The key word in these guidelines that is concerning is “Voluntary.” This term was probably introduced as to not usurp the authorities of the states to manage voting processes in accordance with the US Constitution. This standard is also narrowly applied to just one element of the voting business processes described above, the actual act of “voting.” As in any complex business process, there are many other elements to managing national elections that are not covered in the NIST guidelines.

It appears the Election Assistance Commission, created by the “Help America Vote Act” in 2002 in the aftermath of the Bush v. Gore disputed election, has the lead in synchronizing this effort.   However, like any federal commission, there will always be suspicions of motives due to partisanship and politics of the commission leadership.

So this is a wicked problem. How can the integrity and security of our 50 different voting processes be ensured? A powerful first step would be to eliminate the word “voluntary” for the NIST guideline — the word “guideline” already implies this term. Next, the guideline should be expanded to encompass the entire voting process or require that the states are held accountable to NIST 800-53 and the Cybersecurity Framework for every element of their voting infrastructure.

In addition, it should be required that all 50 states provide audited evidence to the Federal Election Commission that appropriate steps have been taken to secure the whole voting process.  Finally, the creation of a national voting datacenter initiative where states pool limited resources to create a common environment that is protected along the NIST standards would be a giant leap.

The sanctity of the voting process is the essence of any democracy. Great care should be taken to protect data at every level of the process so that all citizens have the confidence that a fair election has occurred and that the voice of the people has been heard.

Related Content:

 

Jeff Schilling, a retired U.S. Army colonel, is Armor's chief security officer. He is responsible for the cyber and physical security programs for the corporate environment and customer-focused capabilities. His areas of responsibilities include security operation, governance ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/29/2016 | 7:50:36 AM
Re: Pah.
@Jeff: Yes, don't get me wrong.  I do think the "IT" of it has a lot of problems, but you are totally right that the process is just as much (if not more) to blame.  For instance, bureaucratic government approaches for vetting updates to proprietary voting systems keep said voting systems vulnerable for longer.

As for Internet voting, studies have demonstrated that it doesn't encourage non-voters to vote; it simply adds a layer of convenience for people who have already decided to vote.

All of this said (and more), there's a serious ROI issue with e-voting in any form because of the security perils.

( I roundly criticized e-voting security a couple of years ago here: enterprisenetworkingplanet.com/netsecur/hack-early-hack-often-the-perils-of-electronic-voting.html )

Jeff.schilling
50%
50%
Jeff.schilling,
User Rank: Author
9/29/2016 | 3:07:20 AM
Re: Pah.
Joe,  Thank you for your comments.  I think no matter what process we adopt in each of the states, we need to focus on securing that process.  Many folks want to blame the IT systems for being unsecure.  However, in most cases, it is the process itself that is not secure.  Our payment card industry is a perfect example to illustrate that point.  We never really changed the process of how we manage credit payments at the point of sale, we just put it in "electrons."  We are starting to see many innovations in that space now to keep you from having to show your credit card at the point of sale.  I think the voting process needs the same innovative look.
Jeff.schilling
50%
50%
Jeff.schilling,
User Rank: Author
9/29/2016 | 3:00:47 AM
Re: Why is This Suddenly an Issue?
Agree this is not a new risk, but there has not been any real effort to address this wicked problem.  That is what I was calling out in the article.  I know there is not a lot of trust in a federal program for electronic voting and that is not what I am proposing.  I am proposing that some of the "have not" states who can't seem to put the investment needed to get their voting processess secure, pool their resources in "state to state" agreeements.  
geriatric
50%
50%
geriatric,
User Rank: Moderator
9/28/2016 | 1:27:37 PM
Why is This Suddenly an Issue?
There have been grave concerns with electronic voting ever since this turkey was foisted on the public. The lack of an audit trail, the ability to 'flip' votes, and machines delivered with votes already cast have littered the headlines for decades. But NOW it's a problem? I'll leave the answer to this question to rational, reasonable beings. Seems rather obvious to me.

We need to figure out how to authenticate a paper vote first.

And from a security perspective, a decentralized system is more secure than a Federally-controlled national system. Right now, there are vulnerabilities, but no way to hack the entire system to produce a desired outcome. If all the eggs are in one basket, it will be much simpler.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/28/2016 | 11:40:48 AM
Pah.
The NIST standards are a helpful tool -- but they are FAR from a helpful salve (particularly considering how the NIST Cybersecurity Framework is a bit M&M-security-focused...with much less focus on what to do during and after an initial breach and much more focus on initial prevention).

Frankly, we need to perfect the sanctity and security of old-fashioned in-person voting before we move forward with more e-voting measures.
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3349
PUBLISHED: 2019-11-19
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
CVE-2019-10080
PUBLISHED: 2019-11-19
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI ...
CVE-2019-10083
PUBLISHED: 2019-11-19
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.
CVE-2019-12421
PUBLISHED: 2019-11-19
When using an authentication mechanism other than PKI, when the user clicks Log Out in NiFi versions 1.0.0 to 1.9.2, NiFi invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 hours after logging out to m...
CVE-2019-19126
PUBLISHED: 2019-11-19
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR ...