Cyber security is playing an starring role in the drama surrounding the question of who will be the next president of the United States.
“The security aspect of cyber is very, very tough,” Republican nominee for president Donald Trump said, when asked about securing American secrets from cyber attacks during the first debate. “And maybe it’s hardly do-able.”
Even the integrity of the election has been put into doubt by the threat of hacking — which may be exactly the point.
The questions about cyber intrusions into the electoral system and the wild speculations those intrusions provoke can be hard to put in perspective.
So here are five basic premises to help you assess the situation as this historic election transpires.
- It would be almost impossible to hack the entire U.S. election.
The biggest reason this U.S. presidential election is unhackable is that most of it doesn’t depend on computers. More than three out of four Americans will vote on a paper ballot this November 8, Techcrunch‘s Ben Dickson reports. And the fact that all Americans don’t vote in the same manner points to the biggest reason you probably couldn’t hack the election. Each state has its own system, with some federal guidance. Nearly every state lacks sufficient funding to fully upgrade their systems, hence the reliance on outdated technology. So while voting machines are definitely vulnerable to hacking, hitting just the right ones in a systematic way that just happens to sway the electoral college vote in favor of one candidate would involve both a massive investment of time and money and an even larger serving of luck.
- But that doesn’t mean an election can’t be “hacked.”
“To ‘hack’ a US presidential election, all you need to do is to obviously tamper with one county’s system, then leak that the tampering occurred,” our security advisor Sean Sullivan told Dickson. “Many people will rush to assume that all of the other typical issues that occur may also be the result of hacking — and thus, you’ll end up delegitimizing all of the results.” A delegitimized election equals a delegitimized winner.
- You don’t even have to hack an election to hack an election.
The hacks of the Democratic National Committee and Hillary Clinton’s campaign chair John Podesta could end up being far more consequential in swaying the election than hacking either voting processes or actual vote counts — especially if the resulting leaks end up revealing something extraordinarily damaging to the candidate in the documents being dripped out by Wikileaks. “Owning an election is gold; being able to influence it is silver; knowing the outcome in advance is bronze,” F-Secure cyber security advisor Erka a Koivunen explained. It’s pretty clear that someone is at least after the silver in this election.
- Someone has definitely poking around in the U.S. election system.
The United States has been clear that it believes that Russia is trying to hack this election. This month U.S. officials have explicitly stated that the Russians are behind the hack of a contractor that works on the electoral system of the key swing state of Florida. Similar hacks were reported by the states of Arizona and Illinois. U.S. intelligence also believes Russia is behind the hack of Podesta’s emails and a security firm believes it found evidence that the nation led by President Vladmir Putin was behind the hack of the DNC. Russian Foreign Minister Sergei Lavrov told CNN that the accusation that it was behind the Podesta hack “flattering.” When pressed to confirm or deny his nation’s involvement, Lavrov said, “No, we did not deny this, they did not prove it.” Trump himself questioned whether the hack actually happened in the second debate and if he’s concerned about Russian hacking, he doesn’t seem to be showing it. At one point he even — jokingly, he said later — asked Russia to hack his opponent’s missing emails.
- Election technology needs to improve quickly.
It’s safe to say that no matter who is hacking the U.S. elections, the U.S. is probably hacking them, too. The richest nation on Earth is just not engaging, as far as most people can tell, in the leaks that have followed the recent U.S. hacks. In this new era of cyber attacks backed by nation-states or “privateers” employed by nation-states the rules of cyber espionage are unclear and the fog is thick. No matter what happens in 2016, digital technology will play ever-increasing role in both campaigns and election, and the U.S. needs to take steps to ensure the integrity of its elections. Sullivan believes that the Department of Homeland Security should go through with its proposal to declare voting system critical infrastructure and then adapt its defenses to catch up with the threats. “Network monitoring is rapidly becoming a requirement,” he told Techcrunch‘s Dickson. And voting must be made to feel at least as secure as using your credit card to buy a coffee. “Smartcard technologies are available in several European countries for online identity authentication,” Sullivan said. “They aren’t widely used. If a country such as the United States were to get serious about rolling out such tech, it would be a game changer.”
All of this focus on the security of election systems means that there are “more people checking stuff.” The question now is who is putting in more resources — the attackers or the people doing the checking.
[Image by Maryland GovPics | Flickr]