The vast majority of IT security professionals believe election infrastructure is at risk and that attackers will target voting data in transit, according to the latest stats from Venafi.
The security vendor polled over 400 cybersecurity pros in the US, UK and Australia about their views on the subject, ahead of key mid-term elections in the US in November. Intelligence on Russian state-sponsored interference in the 2016 presidential election found that hackers used encrypted tunnels to hide their attacks on vulnerabilities in election infrastructure.
IT security pros appear well-informed of the threats, with 93% claiming election infrastructure is at risk and 81% saying hackers will target key data as it is transmitted from local polling stations to centralized points.
Part of the challenge of securing electoral infrastructure is that it tends to be spread out: over half of respondents pointed not only to encrypted comms channels but also the voting machines themselves and the systems that store voter registration data as being vulnerable.
Tellingly, just a handful claimed confidence in the ability of governments and local states to detect (2%) and block (3%) such attacks.
Kevin Bocek, VP of security strategy and threat intelligence at Venafi, told Infosecurity that following the indictment of 12 Russian agents for the 2016 attacks, election hacking is no longer a theoretical threat.
“The intent of adversaries is to sow distrust in democracy and Western governments. A hack does not need to change an election directly; merely creating doubts about the integrity of our election infrastructure and processes achieves the goal,” he added.
“This research shows how IT professionals are keenly aware of these risks and all the ways that election hacking can be done: whether it’s going after the back-end systems that store the results, or editing the voter rolls before the big day. For example, a careful purging of the voter rolls could easily tip the balance one way or the other without an attacker actually changing a single vote.”
Bocek claimed a return to paper voting is too time-consuming and prone to error to be feasible.
“These are the actions our adversaries would love to see as it would show that we’ve lost confidence in technology and democracy,” he concluded.
“The real solution is ensuring that we have systems in place which allow us to actually trust the machines we’re using and run the voting process, and therefore the democratic process as a whole.”
Governments around the world must therefore focus on improving the security of encrypted machine-to-machine communications, the firm claimed.