‘Our election infrastructure is broad and contains numerous vulnerabilities…’
(Emily Larsen, Liberty Headlines) The House Oversight Subcommittees on Information Technology and Intergovernmental Affairs held a joint hearing on Wednesday on the cybersecurity of voting machines in the states, following DHS evidence of attempted Russian hacking of state systems.
Representatives and expert witnesses debated how to secure US election systems and to what extent the federal government should be involved, while some questioned the seriousness of the actual cybersecurity threat on elections.
“Our election infrastructure is broad and contains numerous vulnerabilities,” said Rep. Robin Kelly (D-Ill.). “If we are going to withstand a coordinated attack, we need a coordinated defense.”
In September, the Department of Homeland Security notified 21 states that Russian hackers attempted to breach state systems during the 2016.
The majority of these threats only scanned the system for vulnerabilities, but hackers did actually penetrate systems in a few states, such as Illinois.
“Just because Russia did not tamper with ballots or reporting of election results during the last election, it doesn’t mean they or other adversaries won’t try to do so in the next election, or the election after that,” said Rep. Will Hurd (R-Texas).
Representatives were also concerned about the demonstrated vulnerability of election systems at DefCon this summer.
Hackers attending the tech conference broke into US electronic voting machines in only 90 minutes, and found physical vulnerabilities such as USB ports which could be used to upload malware.
But Louisiana Secretary of State Tom Schedler said that this simulated environment did not take into account many safety and security measures at actual polling stations.
He said the machines are not connected to the Internet or to each other, and the data in each individual machine is stored behind a locked door.
“A lot of these things that we talk about are certainly possible, but I would suggest to you the amount of people you’d have to put in play to commit this fraud, it would be easier to do a stump speech and basically convince them to vote your way the legal way,” said Schedler.
“There is no such thing as a perfect election. None. There are issues that occur such as electricity going out, to fires at a precinct, I could go on and on, flooding in Louisiana and the like,” Schedler continued.
Matthew Blaze, a computer science professor at the University of Pennsylvania, agreed decentralized administration of voting systems across the states is an advantage for security, because that prevents a hacker from affecting systems across the entire country in one hack.
But he said the weakness of multiple unsecure systems are a larger threat.
“[W]hile it may make us more secure against somebody with one-stop shopping disrupting a national election, it actually increases our vulnerability to some disruption happening, perhaps sufficient disruption to where we don’t have confidence in the outcome,” said Blaze.
To deal with these vulnerabilities, some representatives suggested creating a federal grant program to encourage secure standards for voting systems, like federal grants to states for highway systems.
“I think the consensus is that the integrity of our elections is a national infrastructure issue,” said Rep. Paul Mitchell (R-Mich.). “…It’s every bit as important as our roads, our ports, our waterways, yet we don’t invest any federal money, or federal standards or some guidelines or something like that.”
However, Schedler warned that such a system shouldn’t impede on states’ authority to create and carry out their voting systems.
Rep. Jimmy Duncan (R-Tenn.) wondered if the cost of cybersecurity is worth the cost, since hackers will always find a way to hack into networks.
“I know that we have addicted almost everyone in this country to computers and the iPads and so forth, but I tell you, I believe that cybersecurity is a multi-billion dollar hoax,” said Duncan.
He cited a piece written by Robert Kuttner, editor at the liberal The American Prospect, which argued that important American systems are too dependent on “cyber stuff,” and suggested going back to a pure paper voting system, like Canada.
Many representatives and expert witnesses noted the benefits of paper ballots, or machines which scan bubbled in paper ballots rather that purely electronic voting.
“Precinct-counted optical scan systems also depend on software, but they have the particular safeguard that there is a paper artifact of the voter’s true vote that can be used to determine the true election results. Paperless DRE systems don’t have that property,” said Blaze.