There have been no shortage of hacking events during the 2016 presidential election cycle. From Democratic National Committee (DNC) emails published on WikiLeaks, to foreign hackers infiltrating election databases in Arizona and Illinois, digital efforts to manipulate the political landscape have many wondering if America’s voting system will be compromised on Election Day.
Forty-two states will be using voting machines that are at least 10 years old, according to information from the Brennan Center for Justice, a non-partisan public policy institute at New York University’s School of Law. Many of those machines run on software – like Windows XP and 2000 – that no longer receive updates, leaving them vulnerable to wrongdoers.
Bottom line: The software is hackable, said Vincent Troia, CEO of information security consulting firm Night Lion Security. But how such an act would happen is more complicated than hacking a user login. The only way individual machines can theoretically be tampered with is if someone broke into a polling place ahead of November 8 and dissected how one works.
Because of the difficulty in doing so, there is a consensus that widespread hacking of voting machines is highly unlikely as systems are implemented at the state level, meaning they are not networked together, and the majority of machines are not connected to the Internet. More than that, the Brennan Center for Justice notes that most voting systems leave a paper trail so software totals can be independently verified.
Still though, the Department of Homeland Security offered cyber protection services leading up to Election Day including “hygiene scans on Internet-facing systems, as well as risk and vulnerability assessments." Thirty-three states have taken up the DHS on its offer, though the agency notes it would “extremely difficult” for someone to alter the election results.
At the very least, technologically out-of-date machines are susceptible to glitches, which could diminish voter confidence and create long lines on Election Day. Because of that, the U.S. needs to be more proactive in upgrading its voting infrastructure, said Michael Balboni, former New York State Senator and first chairman of the Senate Homeland Security Committee.
“We’re really antiquated in terms of our perspective; we’re very reaction-oriented as a society. We wait for things to go bad and for data to be taken, and then we respond and we need to change our footing,” he told FOXBusiness.com.
The Brennan Center for Justice estimates that replacing out-of-date machines over the next few years could exceed $1 billion. But it’s not completely out of the question. Democratic Congressman Hank Johnson from Georgia attempted to tackle the issue two months ago when he introduced two bills addressing long-term voting infrastructure.
The Election Infrastructure and Security Promotion Act of 2016 would designate voting systems as “critical infrastructure,” paving the way for more resources to be allocated to the DHS. The Election Integrity Act meanwhile would limit the kinds of voting machines states can purchase, specifically prohibiting those “that do not provide durable voter-verified paper ballots.”
But Night Lion Security’s Troia said red tape will bog down this legislation from being passed anytime soon.
“Government agencies get so wrapped into this bureaucratic process that nothing ever moves forward or they just don’t have the resources to actually do the work. Securing the systems at the end of the day really isn’t all that complicated, it just takes manpower to do it and that’s really kind of where we’re slacking,” Troia said.
He pointed to the DNC breach this summer as a prime example, noting hackers were pulling emails for over a year before releasing it to WikiLeaks, which means there was clear oversight on the part of the agency in monitoring its database.
“If anyone was even reviewing that stuff on a somewhat regular basis, they would’ve caught it,” he said.
Former Senator Balboni adds that while constant innovation is needed to stay ahead of cyber attackers, there are currently no governmental standards in place.
“If you go to the Library of Congress and you look for a book on cyber security, you won’t find one. You won’t find the standard for what constitutes cyber security. And this is a huge issue,” Ballboni said.