On May 2, 2019 President Trump issued Executive Order 13800 – “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” to improve the US cyber posture and capabilities in the face of intensifying cybersecurity threats. The Executive Order is an attempt to focus Federal efforts on modernizing infrastructure, working with state and local government and private sector partners to more fully secure critical infrastructure, and collaborating with foreign allies. It defines critical infrastructure as security, national economic security, national public health or safety, The security of our democratic electoral institutions is not mentioned.
The Mueller Report made it abundantly clear that Russian interference was a factor in the 2016 Presidential election. The failure of the current administration to acknowledge this lesson promises an even more chaotic and unreliable 2020 election cycle.
The attacks on the 2016 elections were multi-pronged – email system intrusions, manipulation of social media, planting of false or misleading news stories, and breaches of state and local government election databases. For the most part tech companies, election officials and political organizations have been left to fix these problems on their own with little guidance or regulation from the Department of Homeland Security or the White House. As the executive order demonstrates, there will be little or no emphasis on election security. With greater reliance on social media since the last Presidential election and the further decline of traditional media outlets, there is little reason to think that 2020 will see a different outcome. Gerrymandering and voter suppression efforts have taken precedence over a serious look at voting technology.
Congress has tried its hand at guidance including Election Security Act of 2019 but Senate Majority Leader Mitch McConnel has indicated that this measure will never come to a vote as a similar measure in 2018 never reached the Senate floor.
In addition, local authorities are increasingly reliant on electronic voting machines that have proved unreliable and prone to unpatched security vulnerabilities. Security experts are near unanimous that fair and auditable elections are only possible by a system that includes a paper ballot and the pressure to allow voting by email or smartphone is fraught with opportunities for fraud and hacking. This consensus has not made its way to federal guidelines or policies.
- Electronic Frontier Foundation Founded in 1990, the EFF is the leading not-for-profit exploring issues and defending civil liberties in the digital world.
- SANS Institute Established in 1989 as a cooperative research and education organization, SANS is a go-to place for security industry professionals for education and analysis of security threats.
- The National Institute of Standards and Technology (NIST) Sets national standards for security of computers, computer networks, and computer data storage used in voting systems.
- US Elections Assistance Commission Established by the Help America Vote Act of 2002 (HAVA). It is an independent, bipartisan commission charged with developing guidance to meet HAVA requirements, adopting voluntary voting system guidelines, and serving as a national clearinghouse of information on election administration.
Photo by Jason Zeis