14 DAY TRIAL // According to a study released Wednesday, election systems in the United States are vulnerable to cyber intrusions like the one that hit federal agencies and various businesses last year. After those attacks, the previously mentioned institutions remain a target for international hacking.
The Center for Internet Security, a non-profit that collaborates with the federal government on election security measures, released a study that focuses on how hardware and software components can serve as hacking entry points.
Aaron Wilson, a co-author of the report said that “We have to continue to get better." He also stated that “We have to improve our defenses, as those that are on the other side are likely honing their attack strategy, as well.”
A group of government cybersecurity experts along with state and local election officials declared the 2020 election to be the "safest" in history. So far, there is no evidence that any voting system was hacked as part of the hacking campaign that took advantage of a SolarWinds upgrade for network management tools.
Regardless, election systems are vulnerable to the same threats as the SolarWinds hack, according to the study. It defines the possibility of a cyberattack that allows hackers to gain access to election-related hardware or software. Even if voting outcomes are unaffected, an assault like this may cause uncertainty and weaken voter trust in the United States.
Election devices are prone to hacking
Due to the country's decentralized election administration structure, voting technology differs from state to state and even county to county. The use of different systems is offering several entry points for malicious actors. In most cases, the systems depend on third-party components or commercial off-the-shelf hardware. Most of them still use software that has not been thoroughly tested for security.
Eddie Perez, global director of technology development at the OSET Institute, stated that "It's a complex mix of parts and suppliers, which creates very real supply chain risks,"
As part of a large-scale cyber espionage operation, alleged Russian hackers breached SolarWinds, distributed malware and gained access to networks of businesses and governments, including the U.S. Departments of Commerce, Treasury, and Justice.
The acting director of the U.S. Cybersecurity and Infrastructure Protection Agency, Brandon Wales, recently said that there is "no proof" that any voting system was affected by the hacking operation.
In the run-up to the 2016 election, Russian hackers searched state and local voter registration networks and even managed to breach a few. The event was made public in late 2017 and pushed election officials to improve cybersecurity defenses.
Tens of millions of dollars have been spent to educate and train state and local election officials, as well as to install security protections including firewalls and perform security checks and testing.
The U.S. Election Assistance Commission accepted the first change. It entails a set of informal standards used by most states to certify voting machines in 15 years. Several protection enhancements are included in the recommendations, including one that states follow a plan to reduce supply chain risks.