As we near the 2020 election, the issue of cybersecurity is again making headlines. From physical threats to voting machines on the ground to glitches and outright malware in the software powering these tools, our nation’s voting technology systems are at risk. It seems to mirror the bad news from 2016, where a bipartisan Senate Committee concluded, “Cybersecurity for electoral infrastructure at the state and local level was sorely lacking.”

What are the election cybersecurity threats this year and how can we prepare?

VOTING MACHINES: LOCAL AND NATIONAL CYBERSECURITY ISSUES

As if the possibility of Russian interference into our election system wasn’t enough, in June 2020, the Georgia primary was disrupted by broken voting machines, long lines, and general confusion. COVID-19 had delayed the primary twice, and many voters had their polling locations shifted to comply with state social distancing rules.

This serious snafu in our nation’s election system illustrated the issue that cybersecurity—or a lack of—happens on the ground as well as nationally. The problem, according to the Brennan Center, is that older voting systems are more likely to fail but also more vulnerable to cyber threats. TechRepublic reports, “Some 45 states are still using aging voting tools that are no longer made, making them extremely susceptible to attacks and breaches.” These machines are no longer made, so updates or patches to cybersecurity infrastructures simply don’t exist. Ironically, the largest digital election equipment manufacturer in the U.S. is now calling for a paper audit to back up their systems.

In addition to outdated and insecure equipment, the issues with election cybersecurity are myriad:

• First, we know that Russia spent five years using Facebook, Instagram, Twitter, and other social media sites to stir contention among voters.
• Second, we also know that 18 (possibly more) voter registration databases were attacked and infiltrated by Russian cyber terrorists.
• Third, government technology projects are often conducted by third-party companies. Once the software is complete, the third-party leaves once the project is over, according to TechRepublic. The problem is that cybersecurity is never a one-off; software must be constantly updated as new security threats emerge.

Many of the voting systems in place are running on operating systems that can no longer receive security updates. There are multiple vulnerabilities in these systems and attacking them is relatively easy.

How can we fix these systems that are so vital to American democracy? We believe there are four primary steps:

• Assess the potential entry points in critical election infrastructure at the state and national levels.
• Test all cyber defenses in a kind of “fire drill” to look for vulnerabilities.
• Secure existing technologies with multifactor authentication and encryption for both data at rest and in transit.
• Modernize the infrastructure with software and hardware upgrades.

In 2019, Congress allocated nearly $400 million into addressing security issues in our nation’s voting equipment and software. The question remains: Will it be enough?