Experts: What states can do to secure their elections

FILE- In this Oct. 14, 2016, file photo, a technician works to prepare voting machines to be used in the upcoming presidential election, in Philadelphia. Since last July, a bipartisan team at Harvard, including former U.S. Marine and Army cyberwarrioThe Associated Press
FILE- In this Oct. 14, 2016, file photo, a technician works to prepare voting machines to be used in the upcoming presidential election, in Philadelphia. Since last July, a bipartisan team at Harvard, including former U.S. Marine and Army cyberwarriors, national security eggheads and Google engineers, has been looking into how to safeguard the vote against interference. The group drafted its latest protect-the-vote election “playbooks” intended to prepare state and local officials for the worst. (AP Photo/Matt Rourke, File)

Newly released "playbooks" from a bipartisan team at Harvard's Kennedy School of Government aims to help state and local elections officials protect against hacking and disinformation.

Here are the group's key findings and recommendations.

KEY FINDINGS

— Elections officials generally lack the resources to secure their operations, especially in smaller counties. Many can't even afford such vital security measures as two-factor authentication, which helps protect networks by requiring users to verify their identity twice, usually with codes texted to their phones, when logging in.

— Voting equipment vendors, which play an outsized role in elections because local poll workers often have limited tech skills, can be easy, valuable targets. More than 60 percent of U.S. voters cast ballots on systems owned and operated by a single company. Hostile infiltration of one vendor could affect many elections.

— Don't just worry about the Russians. Insiders and people seeking political gain or notoriety also pose potential election-manipulation threats.

RECOMMENDATIONS

— Institute background checks for everyone with access to sensitive elections information and privileged systems. This includes voter registration databases and vote tabulation and reporting systems. Employees of voting-equipment vendors should also be cleared this way.

— Voting systems should have a paper trail — a physical copy of every ballot cast. Without one, it's impossible to "audit" elections after the fact to detect possible tampering. Five states continue to rely wholly on digital-only voting machines that leave no paper trail.

— Audits should be standard, with paper records confirming electronic results. Currently, the only states requiring the rigorous audits recommended by voting technology experts are Colorado and Rhode Island.

— Officials should be transparent about any election threats and immediately explain to the public what they are doing about them. This doesn't come naturally to organizations that typically shun the spotlight.

———

Online: https://www.belfercenter.org/publication/state-and-local-election-cybersecurity-playbook

Comments