Securing our Elections: Is the Executive Order Enough?

Election SecurityConcerns of election interference are again brought to our attention as the upcoming midterm elections next month draw closer. Officials are on high alert after the intelligence community concluded that foreign nation states had an influence on the election of President Trump in 2016.  This, however, wasn’t the first time we’ve seen election interference.

Throughout history, election meddling has manifested in different ways. In 1979, Former President Jimmy Carter allowed the exiled Shah to receive cancer treatment in the United States. In a geopolitical response, Iranian students stormed the U.S. Embassy and held more than 60 Americans hostage for 444 days and didn’t release them until the day after Reagan was sworn-in as President.  With the advances of modern-day technology, it makes it easier to influence these elections from other parts of the world. Today, election interference takes the form of exploiting human and technological vulnerabilities.

In an effort to secure our elections, President Trump signed an Executive Order on September 12th, 2018 addressing election interference. This is the first of many steps that will be taken to help ensure the integrity of the upcoming mid-term elections in November and all future elections. The executive order puts into place a framework for intelligence agencies to investigate whether any foreign actors are attempting to influence a United States election. However, the order does not enforce strict punishment on the foreign actors that interfere with elections or provide a direct path to funding. Automatic sanctions, such as blocking assets in the United States, will be put in place and the administration can enforce further punishment, like curtailing access to United States financial institutions.

While this is a step in the right direction, harsher sanctions should be imposed on any foreign actor found interfering in an election and greater focus should be placed on providing funding to the security of these elections.

The voting systems are an example of a vulnerability that could be better secured with proper financial support.  Currently, election machines are air gapped, meaning they have no connection to the internet, but that does not mean they can’t be hacked. In fact, the hacking convention DefCon has proven how easy these machines are to hack through their “voting village” that allows hackers to attempt to breach voting machines.

The most unnerving part of these voting villages is that it wasn’t only seasoned hackers that were able to break into these voting machines.  In fact, there were 40 children ages 6 – 17 that were able to breach election websites and change some of the contents on the website. One child was even able to gain access to an election machine and delete all the votes for Donald Trump through an SQL injection. The ease these children had in hacking the voting machines has exposed critical vulnerabilities in the election systems. Financial support for basic penetration testing could help discover vulnerabilities that could potentially give attackers access to things that they shouldn’t have access to.

In addition to securing the technology involved in the election process, human vulnerabilities could also be secured with a financial budget allotted to security awareness programs. In 2016, campaign officials fell for numerous phishing attacks, giving foreign entities access to sensitive information, which they then released to the public. Security awareness training would reduce the likelihood of these sorts of attacks from being effective and ensure that sensitive information stays within the organization.

It’s safe to assume that foreign nation states will continue to attempt to swing elections in their favor. While the Executive Order is a step, we need to do more.  With the necessary funding, the technical, physical, and human vulnerabilities can be addressed and mitigated.