recommended reading

Election Systems Are Vulnerable But Not How You Think


American election systems face threats, but the most vulnerable part isn’t technical, electoral and cybersecurity experts told a House subcommittee.

“The biggest threats to the integrity of this November’s election and our democratic system are attempts to undermine public confidence in the reliability of that system,” Lawrence Norden, deputy director of the Brennan Center for Justice at the New York School of Law, testified Sept. 28 before the House Oversight and Government Committee’s IT subcommittee.

Rep. Will Hurd, R-Texas, convened the hearing to determine what cyber threats elections systems face and directly asked whether a cyberattack would affect the outcome of the November presidential election. All five panelists—a Homeland Security Department official, a state secretary, an Election Assistance Commission official and two academics—agreed the answer is no.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

But undermining citizens’ confidence in the election outcome has been a side effect of conspiracy theorists, campaigns and recent headlines, Georgia Secretary of State Brian Kemp told lawmakers. As an example, Kemp named Sen. Diane Feinstein’s recent letter stating Russian officials are trying to influence U.S. elections.

Doubts that votes wouldn’t count could keep voters from polls, according to a recent Carbon Black survey. The survey found 56 percent of respondents are concerned the presidential election will be affected by a cyberattack.

“The foundation of our republic rests on the trust that Americans have in the way we elect representatives to the government," Kemp said. "If that trust is eroded, our enemies know they have created fissures in the bedrock of American democracy."

Experts clarified the differences between the three primary parts of elections systems: campaign systems, which are not maintained by state governments; registration and reporting systems, which are maintained by states and often connected to the internet; and voting machines, which are not connected to the internet.

“Headlines are not representative of our voting machines,” said Thomas Hicks, commissioner of the U.S. Election Assistance Commission. Anyone interested in manipulating voting machines would need to do it in person, he explained.

Andrew Appel, a computer science professor at Princeton University, suggested eliminating direct reporting machines for the 2020 election and instead encourage auditing. He suggested using optical-scan paper ballots, which is when the voters fill in a bubble on a paper ballot that is then scanned. Forty states already use this system, he said.

The variety of the systems states use, and the fact they’re dispersed throughout the country, helps keep secure the voting system, according to Andy Ozment, DHS assistant secretary for cybersecurity and communications. The department has also offered a variety of assistance to state and local governments, including cyber hygiene scans for internet-facing systems, and on-site risk and vulnerability assessments.

He emphasized that all help is voluntary on behalf of the states and that 18 have accepted assistance.

“I want to reiterate that we have confidence in the overall integrity of our electoral system,” Ozment said. “Our voting infrastructure is is diverse, subject to local control, and has many checks and balances built in.”

Threatwatch Alert

Stolen laptop

3.7M Hong Kong Voters' Personal Data Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.