As the 2018 midterm elections loom closer, challenges facing the security of America’s electoral infrastructure are drawing increasingly more attention from policy makers.
The last US presidential election brought the vulnerabilities of election grids to the fore. During the elections and after the race had ended, reports began to flood Western media revealing the attempts by Russian government-connected actors to influence the US electoral system. This included hacking suppliers of software used in digital voting machines, along with organizing the infamous troll armies that conducted social engineering operations in the hopes of swaying voters.
Signs of threat actors targeting election-related assets has persisted. In mid-December, local US media reported that personal details of over 19 million California voters ended up in the hands of hackers after being stolen from an insecure cloud server. Hackers who had penetrated the cloud had deleted all of the content and left a message on the account demanding ransom money in Bitcoin for its return. The database contained personal details of these individuals, including contact and voting precinct information.
The technology used in elections has also been shown to contain serious vulnerabilities. At a recent DEF CON hackers conference in Las Vegas, participants were able to pull off a number of hacks on several commonly used voting machines, including gaining remote access.
All of these revelations served as a major wake-up call. Officials began scrambling to develop solutions for this new threat that they were only beginning to understand. One of the first important milestones in this effort came in September, when a number of Senators arranged a conference with former top cyber officials from the Obama administration, dubbed the “Congressional Task Force on Election Security.”
The meeting featured appearances by former Department of Homeland Security (DHS) officials such as Jeh Johnson and Suzanne Spaulding. In arranging the panel, Senators were already signaling their readiness to take action to secure the cyber infrastructure of election processes.
Then came the legislation proposals.
Over the past several months, Congress has produced a number of bills aimed at protecting elections from future tampering. At the end of September, Senators Martin Heinrich (D-N.M.) and Susan Collins (R-Maine) introduced a comprehensive cybersecurity bill aimed at securing all forms of technology used in US elections. The bill includes funded a bug bounty program for systems manufacturers and a grant program for states to upgrade technology. The bill was almost certainly motivated, at least in part, by the above-mentioned voting machine flaws discovered at DEF CON.