By Jessica Xieyang Qiao
Amid the ongoing 2019 mayoral elections and an increasing number of nationwide data breaches, Chicago beefed up cybersecurity controls to defend against potential voter fraud and hacking.
Yet, the cybersecurity environment remains flawed and technology challenges facing the government cast doubts on maintaining the reliability of electronic voting, according to cybersecurity experts.
The decentralized U.S. election landscape
The U.S. election ecosystem is distributed across states, counties and municipalities. Because each jurisdiction runs its own election and the environment is highly decentralized, there is luckily no single location through which a foreign hacker can attack the entire system. But damage can still be done.
“Hackers can change the attitude of people toward an election system. That’s what we need to protect ourselves against,” said Sujeet Shenoi, director of the Cyber Security Education Consortium, during a panel discussion organized by Global Cyber Security Initiative (GCSI) on Feb.25. “But as far as technical hacking is concerned, it’s very hard to have a large-scale electoral change.”
Yet, because elections tend to be run at local levels, some jurisdictions may lack the technical expertise to defend against foreign hackers.
“It’s so decentralized – a lot of these jurisdictions are small and don’t even have an IT department,” said Kevin McDermott, chief technology officer of Cook County Clerk’s Office.
Toward that end, the U.S. Department of Homeland Security (DHS) funded grants last year for the Multi-State Information Sharing and Analysis Center to strengthen cyber threat prevention.
“In Illinois, we have the Cyber Navigator Program, which takes federal money to create a cybersecurity mechanism,” McDermott said. “There’s a great deal of energy at both local and national levels to build the infrastructure, both physical and information-wise, and to develop protocols for each organization.
U.S. cybersecurity environment: FBI, DHS and Albert sensors
While FBI will do a deep-dive investigation after a cybercrime occurs, DHS performs regular vulnerability scans and offers security services such as a full penetration test. In addition, Albert sensors provided by the Center for Internet Security deliver a monitoring solution by utilizing the Intrusion Detection System (IDS).
“Albert sensors look for anything that is suspicious, send information back to the central location for data analysis, and merge that with information from across the country,” McDermott said. “All election jurisdictions are being monitored through this Albert network.”
While Albert sensors have a knack for detecting cyber intrusions from foreign countries, Shenoi said this network serves to guard the gates, providing first-layer “assistance” but is not a panacea for cybersecurity.
“The Albert network gives us advice while the FBI investigates, but there’s nobody who is able to protect the cyberspace because there is no systematic training of engineers for cyberattacks,” Shenoi said.
Technology challenges: identification, anonymity and paper trail requirement
Sean T. O’Kelly, chief information officer of Illinois Department of Innovation & Technology, said paradoxes exist for the government when it comes to facilitating voting in an electronic way – how to deliver and safeguard a process that requires identification for eligibility and anonymity as well as a paper trail?
“The government has to ensure your identity in order to validate that you are an eligible voter,” O’Kelly said. “But at the same time, the process has to allow for anonymity because what you actually vote for shouldn’t be public information. Then on the other end, there has to be a paper trail for the whole thing.”
To not associate who and what you vote for with the fact that it’s you from the login is a real challenge and one reason why an electronic voting system remains unreliable. McDermott said paper ballots with electronic assistance is more foolproof than a fully electronic voting system.
“To maintain anonymity and allow this uncontrolled chain of electronic devices to talk is simply incompatible,” McDermott said. “There’s nothing wrong with voting on paper. Technology has a role but needs to be employed carefully because it’s not the answer to every problem.”