The security of voting booths has never been as prominent of a national issue as it is in the 2018 midterm elections. And those vulnerable voting machines have a number of parallels to enterprise security.
Voting machines use systems that run in self-defined operating environments, usually Linux based, that are similar to what many organizations have in their internet of things environment, according to Josh Mayfield, director of security strategy at Absolute Software, in an interview with CIO Dive.
ATM console interactions, digital check-ins at physicians' offices and point of sales systems use like architectures that can be manipulated, changed and hacked in a similar fashion.
It is inevitable that voting machines will be hacked, according to Mayfield. The real question is how widespread it will be and whether a catastrophe can be avoided.
There are three parts of data that matter in computing environments: confidentiality, integrity and availability, according to Mayfield. Most organizations focus heavily on availability (how users get information) and confidentiality (access), but integrity is too often neglected.
This integrity matters for a business and in an election. Actors aren't trying to ransom a voting machine, they are trying to manipulate and change data in a way that will compromise the larger system. Customers, in this case voters, need to have high confidence that the data is not altered or degraded.
How to hack an election
There are thousands of touch points in an election for a hacker to enter. With 435 offices in the House of Representatives that correspond to distinct voting districts, there are at least as many contained computing environments receiving voter information and tabulating results.
And at the state level there are 50 district aggregations that report to the national electoral service — even more points of contact, Mayfield said.
At the level where the machine is, there are hundreds of separate computing environments. Hackers have better odds to compromise a machine than a system, and there are many points in the supply and procurement chain where weakness can be introduced.
Voting machine manufacturers submit requests for proposals to state districts; working on a very limited budget, officials are likely to choose the cheapest proposal. Coming in with the lowest RFP can mean supplying secondhand machines that might not have gone through thorough security testing, according to Mayfield.
Voting is a one-off event that state and local officials only have to worry about every couple of years. Suddenly they have to spin up a lot of machinery and connections, and without having regular experience or large security and IT teams, errors are bound to arise.
The vulnerability of voting machines generally sits at the boot point. When a machine kicks off, it looks for a signature handoff to launch the operating system, Mayfield said, and the ability to intercept this handoff is the most effective way to undermine and infiltrate the system.
There's only a few seconds window during the voting process where unwanted access can be witnessed in real time.
Voting machines usually run many nonstandard operating systems and applications, which may have permutations within; standardization is "near impossible."
New iterations fed into the system can create dependencies, which malicious actors can exploit to elevate privileges, change data routes and piggy-back to compromise a larger cohort of data.
After the operating system is loaded onto a voting machine, the security team can build resiliency by creating enclaves for processes and credentials via a virtualized partition architecture, separating the host OS and guest OS to prevent unwanted takeovers.
With the two systems running in parallel — one containing data and applications, one with authentication data — credentials cannot be passed over and compromised.
The best way to mitigate signature handoff interceptions is partitioning, according to Mayfield. Security teams need to start at the firmware-enabled to create protections that go all the way down to the hardware.
If a machine contains malware to intercept a signature, firmware-enabled protections maintain the security of the device from the initial boot process through the OS load and finishing with applications, preventing the infiltration from the start, according to Mayfield.
A national priority
The Department of Homeland Security is working with all 50 states to assist with vulnerability assessments, information intelligence, training and response planning, according to Christopher Krebs, under secretary for the DHS National Protection and Programs Directorate, speaking at an event in Washington in July.
The agency is also working with the FBI, intelligence community and State Department to protect against foreign activities.
Elections are driving a new high-level of engagement across sectors, according to Krebs, including several new coordinating mechanisms. Elections by law are still up to the responsibility and administration of state and local governments, but the federal government is there to help build trust, partnerships and security — and provide funding.
All 50 states plus territories have requested funding from the Election Assistance Commission to help safeguard the elections.
Almost 28% of funds will go to replacing voting machines across 34 states, according to an EAC announcement in late August, and more than 36% will go to improving cybersecurity across 41 states. Six states are not investing in cybersecurity but are replacing their voting equipment.
Voter confidence is one of the biggest issues, according to Krebs, and foreign interference is more than undermining the election: It's about undermining the confidence in government and society.
Hackers could sow as much distrust in voters by making them think elections were hacked as actually hacking the elections. The same holds true for customers, and restoring that faith can be costly — and at times even a lost cause.