Ask the Experts: How can we improve the security of the 2020 election?
What can people involved in elections do right now to improve the security of the 2020 U.S. presidential election? Here’s what some experts had to say.
“Elections play a vital role in a free and fair society and are a cornerstone of American democracy,” says the Department of Homeland Security. “A secure and resilient electoral process is a vital national interest and one of our highest priorities at the Department of Homeland Security.” We’ve covered election security bills before, but with only eight months to go, we want to know what people involved in elections can do right now to improve the security of the 2020 U.S. presidential election. Here’s what some experts had to say.
Secure the election supply chain
There are many components in the election supply chain—voter registration sites, the voting machines themselves, and even the transportation systems voters rely on to get to the polls. So while it’s important to make sure each individual component is secure, it’s equally important to ensure that if anywhere in the chain is compromised, the attack can be contained, and the impact minimized.
By using a Zero Trust approach you never assume that just because someone (or something) has gained access to one system that they should be able to access others. By verifying every request before granting access you can limit lateral movement, prevent escalation and ultimately reduce the damage that can be done.
—Lavi Lazarovitz, head security researcher, CyberArk
Enable 2FA, join EI-ISAC, and talk to candidates
Election administrators face a tremendous challenge in 2020 due to increased pressure from voters, elected officials, and malicious actors. But they are not alone, thanks to additional support from government agencies, advocacy groups, and tech companies. Here are three actionable recommendations available at no-cost:
1. Enable two-factor authentication on all of the accounts that support it to limit unauthorized access to critical systems and social media accounts.
2. Join the Election Infrastructure Information And Analysis Center (EI-ISAC) to get and share security-related information with other election administrators and federal agencies.
3. Talk to candidates about the importance of their campaign cybersecurity practices and encourage them to take steps to prevent spreading misinformation.
—Maurice Turner, deputy director, Internet Architecture Project, Center for Democracy and Technology
Follow guidelines, inspect voting machines, and monitor everything
1. If you are a poll worker, follow the voting machine deployment guide and ensure everything is in proper working order. If the machine requires calibration for a touch screen, make sure it is properly calibrated so that every selected vote is accurate. Finally, be observant and make sure the machines are not being tampered with by anyone voting.
2. While you are casting your vote, visually inspect the voting machine to be sure that the tamper-evident seals are in place.
3. On the state and county level, place extra resources on monitoring any voting system network to make sure there are no intrusions or issues on election day.
—Thomas Richards, principal consultant, network and red team practice director, Synopsys Software Integrity Group
Test new technologies thoroughly
New technologies need to undergo strict testing by government agencies like the Department of Homeland Security, independent security firms, and the white-hat hacker community at large to find vulnerabilities in advance so they don’t happen on election night. We should start small so we can test the concept and strengthen security capabilities in controlled settings.
Security is an iterative process that gets better over time. There is no room for error in our elections, especially when it comes to data leakage, compromised encryption, broken authentication, or denial-of-service attacks.
—Andre McGregor, veteran FBI agent and CSO, ShiftState
Add paper backup to paperless machines
The most critical step we need to take around voting machines is replacing paperless voting machines with systems that have a voter-verified paper backup of every vote. Without that, we do not have an independent record that we can use to make sure we can trust the software totals provided by voting machines.
The good news is that we’ve made substantial progress in replacing these machines, nearly halving the number used since 2016. Still, unless more states and counties move to replace them, the Brennan Center estimates that approximately 16 million Americans will vote on paperless systems in 2020.
—Lawrence Norden, director of the Election Reform Program, Brennan Center
*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Synopsys Editorial Team. Read the original post at: https://www.synopsys.com/blogs/software-security/improve-election-security-2020/
