The Cybersecurity Risks U.S. Election Systems Face Heading Into the 2018 Elections

by  Dave Nyczepir,  Route Fifty

In the wake of the “WannaCry” ransomware attack, cybersecurity experts are warning of U.S. voting systems’ vulnerability to similar threats going into the 2018 midterm and 2020 presidential elections.

The international cyberattack that infected computers with malware in at least 150 countries late last week, including 48 National Health Service trusts in the United Kingdom, exploited an old vulnerability first used by the National Security Agency. NHS was particularly hard hit because most of its hospitals use Windows XP, the same software most U.S. voting systems run on.

A total of 42 U.S. states still rely on voting systems more than a decade old—close to the end of their projected lifespan.  Among counties with such systems, a disproportionate number fail to back them up with a paper ballot and mandated, risk-limiting audits of

“Come 2020, we’re going to be sitting ducks,” says University of Michigan professor J. Alex Halderman. He notes diversifying and decentralizing voting technology and disconnecting machines from the Internet will not prevent hacks, as the election management system that programmed ballot design can still be exploited.

In addition, a disproportionate number of counties with aging voting systems do not back them up with a paper ballot and mandated, risk-limiting final-vote audits. Experts also predict backdoor access to state tabulators will be available for purchase on the dark Web by the midterm elections. “Twitter will continue to be the main distribution vector, and the most successful vector, for all of this stuff,” says James Scott at the Institute for Critical Infrastructure Technology.

“This is a chess game. We have to play this as a chess game,” Shaffer said. “A well-funded, well-versed adversary, simply by thinking things through, could undermine the process without using any new technology.”  Read the report.