recommended reading

At Least One State Declines Offer for DHS Voting Security

Joseph Sohm/Shutterstock.com

At least one state has declined an offer from the Homeland Security Department to scan its voting systems for hackers ahead of the presidential elections. 

As suspected Russian-sponsored attackers compromise Democratic Party and other U.S. political data allegedly to sway voter opinion, some security experts say it wouldn't even take the resources of a foreign nation to manipulate actual votes using this country's antiquated tallying systems.

Against this backdrop, Homeland Security Secretary Jeh Johnson during an Aug. 15 call with state election officials, offered states DHS services that can inspect voting systems for bugs and other hacker entryways. Earlier in the month, he also suggested the federal government label election systems as official U.S. critical infrastructure, like the power grid. 

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

But one battleground state, Georgia, intends to rely on its own security crew to maintain the integrity of voter data. 

"The question remains whether the federal government will subvert the Constitution to achieve the goal of federalizing elections under the guise of security," Georgia Secretary of State Brian Kemp told Nextgov in an email. "Designating voting systems or any other election system as critical infrastructure would be a vast federal overreach, the cost of which would not equally improve the security of elections in the United States." 

Georgia, where some projections show presidential contenders Hillary Clinton and Donald Trump neck and neck, reportedly could use a vote machine reboot. 

"Georgia, which is running electronic-only machines—there's no paper trail. ... And the machines they're using are more than a decade old, so the hardware is falling apart. And the operating system they're using is Windows 2000, which hasn't been updated for security for years, which means it's a sitting duck," Zeynep Tufekci, a University of North Carolina information and library science professor, told NPR on Saturday.  

There is no evidence ballot manipulation has ever occurred in the United States, and, per Johnson, DHS is not aware of any credible cyberthreats related to 2016 general election systems. 

All the same, vote machine hacks are all the rage among researchers at Las Vegas hacker confabs.  

Even top White House tech privacy adviser Ed Felten helped demonstrate the weaknesses of digital voting booths in his previous life as a Princeton University academic. 

In a 2009 paper Felten co-authored, researchers commanded an AVC Advantage voting machine—the kind still deployed in Pennsylvania and other states—to steal votes. No internet required. They altered a pretend election by inserting a malicious memory cartridge the size of a paperback book that would typically be used for recording votes. The tainted device combined snippets of authorized code inside the system to cause the unauthorized behavior.   

"An attacker who has access to the machine the night before an election can use our techniques to affect the outcome of an election by replacing the election program with another whose visible behavior is nearly indistinguishable from the legitimate program but that adds, removes or changes votes as the attacker wishes," Felten and colleagues from Princeton, University of California at San Diego and the University of Michigan wrote in "Proceedings of the 2009 Electronic Voting Technology Workshop." 

No Recounts

Because of hacking concerns, many states are keeping a paper trail to audit the vote count, but not all. 

In addition to Georgia, parts of Pennsylvania, another tossup state, do not maintain paper backups in the event of a hack, Tufekci said.

Pennsylvania officials say cybersecurity experts from the commonwealth's IT shop work closely with the state elections team to secure voting-related infrastructure.

"Pennsylvania has implemented policies, technologies, best practices and procedures around the safeguarding of data and the protection of our applications, systems and resources," Pennsylvania Department of State spokeswoman Wanda Murren said. "We constantly monitor our data and systems for vulnerabilities and attempted attacks in order to keep pace with the rapidly evolving threat landscape."

She declined to go into specifics as a matter of policy.

Update:  On Aug. 30, Pennsylvania Deputy Secretary of Elections and Administration Marian K. Schneider said in a statement that Department of State had been in touch with DHS officials about how they could be of assistance in Pennsylvania.

A Homeland Security spokesman told Nextgov on background "several states" currently use DHS hygiene scans and assessment services for voting systems. He would not disclose the names of any jurisdictions.

Florida, where Trump has been down nine points, declined to say whether it will ask DHS to scan local voting machines but did participate in the national teleconference with Johnson. 

The Florida secretary of State Department "is engaged with DHS, in addition to all of our other state and federal stakeholders, on an ongoing basis to help ensure the security and integrity of Florida elections," department spokeswoman Meredith M. Beatrice said. 

Ohio, where Clinton has a narrow advantage over Trump, appears to be taking advantage of some DHS support for election cybersecurity.

"The Ohio Department of Homeland Security is working with their federal counterparts, so we are working through them to perform the needed scans," Ohio secretary of state spokesman Joshua Eck told Nextgov in an email. 

Richard Clarke, a former National Security Council adviser under presidents Bill Clinton and both of the George Bushes, cautions it could be hard to detect a slight manipulation of voter data in some swing precincts.

"Smart malware can be programmed to switch only a small percentage of votes from what the voters intended. That may be all that is needed," Clarke, now an ABC News consultant, commented last week. 

Correction: The original version of this article indicated that Pennsylvania had declined an offer from the Homeland Security Department for help in protecting its voting systems from hackers. While Pennsylvania officials indicated they had their own cybersecurity experts working on the issue, they also have had discussions with DHS about what kind of help the department could provide. The headline and the article have been updated.

Sept. 6 update: Georgia officials now say they are awaiting direction on what DHS plans to offer and how it plans to offer such assistance to state election officials.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.