recommended reading

Election Systems Are Vulnerable But Not How You Think


American election systems face threats, but the most vulnerable part isn’t technical, electoral and cybersecurity experts told a House subcommittee.

“The biggest threats to the integrity of this November’s election and our democratic system are attempts to undermine public confidence in the reliability of that system,” Lawrence Norden, deputy director of the Brennan Center for Justice at the New York School of Law, testified Sept. 28 before the House Oversight and Government Committee’s IT subcommittee.

Rep. Will Hurd, R-Texas, convened the hearing to determine what cyber threats elections systems face and directly asked whether a cyberattack would affect the outcome of the November presidential election. All five panelists—a Homeland Security Department official, a state secretary, an Election Assistance Commission official and two academics—agreed the answer is no.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

But undermining citizens’ confidence in the election outcome has been a side effect of conspiracy theorists, campaigns and recent headlines, Georgia Secretary of State Brian Kemp told lawmakers. As an example, Kemp named Sen. Diane Feinstein’s recent letter stating Russian officials are trying to influence U.S. elections.

Doubts that votes wouldn’t count could keep voters from polls, according to a recent Carbon Black survey. The survey found 56 percent of respondents are concerned the presidential election will be affected by a cyberattack.

“The foundation of our republic rests on the trust that Americans have in the way we elect representatives to the government," Kemp said. "If that trust is eroded, our enemies know they have created fissures in the bedrock of American democracy."

Experts clarified the differences between the three primary parts of elections systems: campaign systems, which are not maintained by state governments; registration and reporting systems, which are maintained by states and often connected to the internet; and voting machines, which are not connected to the internet.

“Headlines are not representative of our voting machines,” said Thomas Hicks, commissioner of the U.S. Election Assistance Commission. Anyone interested in manipulating voting machines would need to do it in person, he explained.

Andrew Appel, a computer science professor at Princeton University, suggested eliminating direct reporting machines for the 2020 election and instead encourage auditing. He suggested using optical-scan paper ballots, which is when the voters fill in a bubble on a paper ballot that is then scanned. Forty states already use this system, he said.

The variety of the systems states use, and the fact they’re dispersed throughout the country, helps keep secure the voting system, according to Andy Ozment, DHS assistant secretary for cybersecurity and communications. The department has also offered a variety of assistance to state and local governments, including cyber hygiene scans for internet-facing systems, and on-site risk and vulnerability assessments.

He emphasized that all help is voluntary on behalf of the states and that 18 have accepted assistance.

“I want to reiterate that we have confidence in the overall integrity of our electoral system,” Ozment said. “Our voting infrastructure is is diverse, subject to local control, and has many checks and balances built in.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.