Content

On Election Day, IT security executives have doubts about electronic voting

As America goes to the polls today, many IT security leaders have concerns about electronic voting systems being used across the land.

In an informal poll of leading security executives conducted by Schwartz Communications' Security Practice Group, 13 out of 17 said they do not trust the security of e-voting systems. This follows last week's airing of the HBO documentary "Hacking Democracy."

"It's like going back in time ten years and looking at software because the mistakes - some of the security issues - the vulnerabilities are so glaring," said Hugh Thompson, chief security strategist of Security Innovation, who was featured on the documentary. "They seem so obvious but they're uncaught by whatever procedures and checks and balances are out there."

The growing concern focuses on back-end technology driving most e-voting systems today being protected by laws that prevent anyone but vendors from seeing the underlying code. There are few opportunities for oversight or auditing, which most security professionals would agree are requisite to check for voting integrity.

"Ensuring the integrity of electronic voting requires a complete audit trail of all activity to definitively know whether or not errors or fraud have taken place," said Cliff Pollan, CEO of Lumigent.

Steven Sprague of Wave Systems, a provider of trusted computing applications, agreed. "The audit and information assurance model is not complete and is too proprietary," he said. "Open systems models for authentication, software integrity and data signing are available and standards-based solutions could be very useful."

This lack of oversight, combined with lax security practices at county-level election offices is a recipe for disaster, Thompson said.

"If you have physical access to a machine called the central tabulator, which takes votes in from all of the different polling places, you can go in either before, during or after the election, you can double click a Microsoft Access Database file and change any root totals you want," he says. "There are no integrity checks."

Thompson said the worst part about this system is the fact that many of these tabulators are just normal computers that are often available for office use when an election isn't going on.

"In one place, we saw that you could go in and browse the internet," he said.

As experts such as Thompson and others continue to air concerns about the integrity of these systems, they hope that voters will recognize that e-voting concerns are not simply complaints from conspiracy theorists donning tin-foil hats.

"Voters need to be aware of how their votes move through the process," said Edward Adams, CEO of Security innovation, "but more importantly demand change and some reasonable testing and verification to have confidence in the fidelity of the process."

Click here to email Ericka Chickowski.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.