Nation-state actors. The major threats to electronic voting systems are nation-state actors seeking to disrupt or otherwise sow uncertainty around the election process, according to Matt Shabat, U.S. strategy manager for Glasswall Solutions and a former Department of Homeland Security cybersecurity official. Of course, the risk associated with this depends on the existence of vulnerabilities that those actors can exploit. Also, it depends on whether county and state governments have put in place consequence mitigations. The primary focal points for an attacker would likely be voting machines, vote tallying and communication systems and voter registration databases, Shabat says. The exposure of these systems to an attack depends on the architecture used in a given jurisdiction, including whether the systems are physically or logically accessible and whether security controls have been established to protect the systems.
Access to voter-registration. As demonstrated by the acknowledged attacks on Illinois, Arizona and 21 other states in 2016, the voter registration databases are the most easily targeted portions of the overall voting infrastructure, according to Matt Olney, senior director of threat intelligence at Cisco. “They are, unlike vote-casting and vote-counting devices, by necessity connected to systems on the Internet,” he says. “Successful attacks on these systems could achieve a variety of possible actor goals, including reducing faith in the integrity of the election systems, disrupting the orderly administration of the elections or causing social discord by modifying records associated with a particular vertical of voters.”
Hacks on voting equipment. The threat of hacks on voting machines to change election outcomes remains a nightmare scenario in the nation’s consciousness, regardless of how feasible it is, according to Pedro Abreu, chief strategy officer for ForeScout Technologies. Hacking threats to voting machines, along with the compromise of voter registration databases and widespread electronic misinformation campaigns, is a major concern, according to Mike Petsalis, CEO of Vircom.