Influencers: Calling it 'critical infrastructure' won't protect the vote

While US officials and politicians have suggested designating election systems as critical infrastructure in the aftermath of the Democratic National Committee hack, 62 percent of Passcode's Influencers said that's not enough to safeguard voting from hackers.

Illustration by Jake Turcotte

September 21, 2016

Designating the US electoral system critical infrastructure will not protect American democracy from hackers, said 62 percent of Passcode's Influencers.

Passcode's group of digital security and privacy experts said that treating voting – and the machinery that underpins American elections – similar to the country's other critically important systems such as the electric grid or banking is not enough to secure it against cyberattacks.

"Declaring something critical infrastructure, or building a new council, or coordinating office, or fusion team, does not actually do anything for security," says Robert M. Lee, the chief executive officer of Dragos Security.

Tracing fentanyl’s path into the US starts at this port. It doesn’t end there.

Instead, Lee says, the Obama administration should provide specific metrics for what "security" means for US electoral systems. "The federal government should mandate a set level of security and vulnerability checking for these systems and leverage their pocket book to enforce it. We need action not another coordination or designation," he says.

In addition to the recent Democratic National Committee hack that experts linked to Russia, the FBI issued a warning that anonymous hackers had broken into the state board of elections in Illinois and Arizona this summer. That’s led to concerns that voting machines and data could be subject to more serious hacks.

In August, Secretary of Homeland Security Jeh Johnson said the agency is considering declaring voting machines as critical infrastructure. And this week, Rep. Hank Johnson (D) of Georgia is introducing legislation calling on DHS to label voting systems as critical infrastructure and limit the purchase of digitally based voting systems.

The critical infrastructure designation – first established by the Department of Homeland Security in 2003 – gives 16 US industrial sectors, including dams, transportation systems, and nuclear reactors more money for protection and raises their priority level in US government, meaning that a cyberattack against a critical infrastructure sector could be met with a stronger response.

But Influencers expressed skepticism that the critical infrastructure designation had done much to deter hackers.  

"Designating 16 other sectors as 'critical infrastructure' didn’t protect them," says John Pescatore, director of the SANS Institute, a cybersecurity education organization. "Software-based election systems need standards and certification, not critical infrastructure designation."

So far, the US government has used the critical infrastructure moniker to warrant a stronger response to cyberattacks. In March, the Justice Department charged seven Iranians for breaking into the computer network of a small New York dam and for digital attacks against more than 40 US banks.

But experts have pointed to those charges as part of a naming-and-shaming effort to reinforce the rules of the road in cyberspace, not a realistic effort to bring them to face trial.

"What we really need from the government is clear declaratory and escalatory policy in the cyber domain," said Nate Fick, chief executive officer at the cybersecurity firm Endgame. "What is espionage? What is war? And what will the government do to bring the full force of American power – diplomatic, economic, military – to bear in order to strengthen deterrence?"

And whether or not the US decides to designate electoral systems as critical infrastructure, hackers could have a wide set of digital targets to hit on election day. Forty-three states will use equipment that’s more than 10 years old this November, a sign that needed updates aren’t taking place.

"Designating electronic voting machines as critical infrastructure won’t do anything that years of proving security flaws in existing machinery hasn’t yet done," says Tarah Wheeler, chief of security at Symantec. "We've been proving electronic voting machines are hackable for more than a decade. It’s the mindset that electronic voting machines are an impenetrable black box that needs changing, not a budget line item or meaningless resolution."

And because the US electoral system operates based upon 9,000 individual jurisdictions that count votes, Influencers said the critical infrastructure designation might not put protections in place that local officials can understand.

"Because voting is at the core of our political system, we must protect its integrity, and that may mean some systematic help rather than asking each precinct chair or county elections director to figure it out," says Jonathan Zittrain, a law professor at Harvard University. "Today, having DHS drop by a newly critically designated polling place to inspect it would likely lessen public trust rather than increase it."

On the other side, a 38 percent minority of Influencers said that the US should put in greater critical infrastructure protections for voting, but cautioned that the change would not solve all problems in the US electoral system.

"Of course it wouldn’t," said Michael Hayden, former CIA and National Security Agency director and currently a principal at the Chertoff Group, a Washington-based consulting firm. "But it would be a good start signaling that we will bring adequate resources to bear."

And while hackers shutting down voting systems might not result in physical destruction or death – Influencers worry that disruptions could create chaos at the polls. 

"Attacks against voter registration can be used to create chaos at the polls, such as forcing large numbers of people to file provisional ballots," says Tom Cross, cofounder and chief technology officer of Drawbridge Networks. "Federal information security standards and assistance for elections administrators are probably needed. A local voting security problem can have national consequences."

Influencers also thought that the designation could help lead to more rigorous authentication of voters.  

“While we’re out of the age of inking fingers to determine who voted here in the US, ensuring the authenticity of voters and tallying the count is important enough to warrant special cyber protection attention,” said an anonymous Influencer. Passcode's Influencers are given the choice of responding on record or anonymously to preserve the candor of their responses. 

Other Influencers who favored the idea agreed that while the critical infrastructure label might lead to more rigorous discussions of voting security and deliver funds to help back that cause, additional resources may still be needed.

"Local election boards also need access to top tier security experts to assist them in their selection and implementation of voting systems," says Andrea Matwyshyn, a law professor at Northeastern University. "Justice Department oversight and enforcement is urgently needed to ensure that suboptimally conscientious jurisdictions are forced to remediate vulnerable voting systems expeditiously."

And though some experts think it might be too late to make changes during this election cycle – getting the process underway would be important for future polls.

"Elections aren't about deciding a winner, they’re about generating the consensus that somebody lost, and should try again in some number of years," says Dan Kaminsky, chief executive officer at the cybersecurity firm White Ops. "That consensus, the basis of democracy more than we might admit, is threatened by credible signs of manipulation."

What do you think? VOTE in the readers’ version of the Passcode Influencers Poll.

Who are the Passcode Influencers? For a full list, check out our interactive masthead here.

Comments:

NO

“The electoral system should be designated as critical infrastructure, but it takes more to protect a democracy against cyber threats.” – Mårten Mickos, Hacker One

“Fixing the vulnerabilities in the electoral system would protect American democracy from hackers, not placing a designation on it.” – Jeffrey Carr, Taia Global

“But we should do it anyway. The reason is, the threat here is less to ‘democracy’ per se than it is to economic growth. There is already a fair amount of doubt about the accuracy and fairness of voter registration and voting, and so a ‘hack’ of small proportions is just more of the same from a political standpoint. What it would do, is create yet another new kind of internet security breach that is corroding confidence in the digital foundations of our economy. It would be a much greater hit to our emotional confidence than another credit card breach. That confidence is needed to create economic growth. Confidence is critical infrastructure now.” – Steve Weber, UC Berkeley

“Nothing is going to stop hackers – especially state-sponsored ones – just as no other area of critical infrastructure has proven to be impervious to hacking.” – Influencer

“While admitting that our electoral system is, in fact, critical infrastructure, is a step in the right direction, hacking isn’t the major threat vector. Before we deal with hackers, we should look to the numerous political threats that are undermining the US electoral system – from gerrymandering to (illegal) laws to disenfranchise poor and minority voters. Our voting system faces only minor dangers from hackers compared to the damage wreaked by politicians themselves.” – Sascha Meinrath, X-Lab

“My answer (today) assumes “This election cycle”... A few casual thoughts: 1) Any hacking exposure we currently have for this election cycle cannot be addressed in time for this year. 2) Other “Critical Infrastructure” can and has been hacked. 3) Pentagon and OPM and State and others have been hacked. 4) One need not hack the systems themselves to hack hearts & minds, just watch news or ads. 5) Hacking campaigns or candidates or even Hacking fueled Opposition Research can create electorate surprises too... None of these observations mean to suggest that manipulation of free, democratic elections should be OK. Trustworthy/trusted elections are essential and therefore deserve significant investments and care going forward - especially as we increasingly depend upon ‘voting computers’ (not ‘machines’).” – Joshua Corman, Atlantic Council

“Such a designation is a good idea, but it only modestly protects the electoral system.” – Stewart Baker, Steptoe & Johnson

“To think that the designation alone creates some sort of impenetrable fortress is silly. The additional focus and resources available because of the designation are appropriate, but the designation itself isn’t Pixie Dust.” – Scott Montgomery, Intel Security

“The Election Assistance Commission already provides federal support to state and local election officials, including for voting system security and related issues. Designating the electoral system critical infrastructure would generate few meaningful benefits but it would generate unnecessary duplication in effort. And we should consider the practical reality. Voting is already more painful than necessary. Asking DHS to get more involved would likely erode efforts to make elections more citizen-friendly. Do we really want voting to be more like going through airport security?” – Daniel Castro, Center for Data Innovation

“Unless we were to move beyond a declaration and into actual protection, such a proclamation would act more like an invitation to global hackers.” – Günter Ollmann, Vectra Networks

“Like much of our critical infrastructure today (energy plants, water utilities), a simple change in designation would not automatically make these systems more secure. In fact, it’s quite possible that many of these systems are already compromised with dormant implants waiting to be leveraged at the right moment.” – Jay Kaplan, Synack

“Practically speaking, the designation by itself is not likely to have a meaningful impact on the level of protection from that is hackers afforded to the US electoral system in the current election cycle. While the need for significant improvements to cybersecurity for our critical infrastructure is now generally accepted and understood, the rate of progress to achieving the desired end result on average has a multi-year horizon.” – Christopher Doggett, Carbonite

“I think it should be designated as critical infrastructure. It is critical infrastructure and perhaps the most critical in American democracy, but simply designating it as such wouldn’t protect it. Look at all the other critical infrastructure that has been hacked.” – Influencer

"Designating the US electoral system as critical infrastructure is little more than security theater. If the Department of Homeland Security actually has the wherewithal to scale and provide its most capable specialists to the electronic voting community, improvements can be made over time. For the 2016 cycle, [it's] game over.” – Rodney Joffe, Neustar

“In a word, no. But in concert with other government action, a critical infrastructure designation is probably a good idea. What we really need from the government is clear declaratory and escalatory policy in the cyber domain - what is legitimate competition? What is espionage? What is war? And what will the government do to bring the full force of American power – diplomatic, economic, military – to bear in order to strengthen deterrence?” – Nate Fick, Endgame

“It certainly won’t hurt, but in and of itself it won’t protect democracy. It would be, however, a good first step in institutionalizing the interest in securing the vote. If we continue only to have this conversation every two or four years in the run-up to an election, we’ve got a big problem.” – Jeff Greene, Symantec

“Probably not. It may well also create a new exposure to a different class of threat. People tend to forget that the term 'United States' is plural. There is some inherent resilience in the federated nature of the voting system within the US. Anything that tends toward system or technology monoculture may well amplify the risk of a particular vulnerability. More fundamentally, there is a risk to the system in allowing the centralization of any form of control over the mechanics of election systems. While that risk may seem speculative to some, it only takes a brief glance at either recent or distant histories of other countries to see examples. If the track record of the US government were better at its own security housekeeping, perhaps it might have a more compelling argument. That still wouldn’t address the basic risk of increased central control.” – Bob Stratton, Mach 37

“The designation of critical infrastructures has been overtaken by technology and emerging threats to cross cutting capabilities like GPS. Time to rethink this structure.” – Influencer

“The act of designating [voting] as critical infrastructure wouldn’t, in and of itself, protect the system – but given the lousy job both states and the election industry have done to date in making sure these systems are protected, it would do a lot to help get them focused on taking a proper approach to cyber risk management.” – Jeremy Grant, Chertoff Group

“Elections are not critical infrastructure, but neglected infrastructure. We need to make the right investments in trustworthy voting systems that can stand strong in the face of nation-state manipulation. We need to train and reward vigilant elections administrators who incorporate cybersecurity into their operations. Finally, we must insist that voting machines create a paper trail and that elections officials check a random selection of those paper records to make sure the paper totals and computer totals match.” – Nuala O’Connor, Center for Democracy and Technology

 

“It is widely understood among countries that tampering in another nation’s elections is unacceptable behavior, regardless of whether our electoral system is labeled “CI” or not. Should another country attempt to hack into the US electoral system to alter the results of an election, we do not need the systems themselves to be labeled “critical infrastructure” to provide a state-level response.” – Influencer

“Protecting the integrity of US elections is of paramount importance, which is why I have long advocated for auditable election systems and against Internet voting. While I commend Secretary [of Homeland Security Jeh] Johnson for his outreach to local voting jurisdictions, it is unclear whether a critical infrastructure designation would significantly improve election cybersecurity. The steps we need to take to assess risk and improve security need to happen at the state and local levels with DHS playing a supportive role as needed. I have faith in the integrity of our elections today, but I encourage election officials to reexamine their cybersecurity to ensure that faith is well-placed.” – Rep. Jim Langevin (D) of Rhode Island

“The US electoral system has been solely secured by security through obscurity. The barrier to entry to become and insider with the Secretary of State per state is very low. Incredibly easy for an insider to get access, and no open reviews or bug bounties have been placed on the systems. Put your seatbelt for the fall election.” – Influencer

"Electronic voting is as much a nutcase mistake as voting by mail." – Dan Geer, In-Q-Tel

“This would only be one piece of many ways we need to protect the voting process from cyber-tampering.” – Influencer

“Hackers don’t fear designations.” – Influencer

YES

“Designating US electoral system as critical infrastructure is important for two reasons. One, to have ability to more easily provide funds and federal government assistance to the states and local jurisdictions who actually operate the infrastructure. And, two, as a powerful signal to nation states that may be considering interfering with the voting process that such action would likely result in a strong national security response.” – Dmitri Alperovitch, CrowdStrike

“There is no reason not to designate the US election system as a subcategory of critical infrastructure, but there are technical steps we should prioritize as well. Our most essential goal is ensuring trust in the system and the result, and for that we need more visibility to identify and map the impact of intrusions, and reliable mechanical back-up systems for validation if an intrusion does occur.” – Nathaniel Gleicher, Illumio

“No one (necessarily) dies if the election goes wrong or the election has to be postponed. However, such an incident would certainly impact government services and be wide-spread, which does fit the bill for triggering the critical infrastructure provisions. I said yes because especially during the current election cycle, disruption of the electoral system could result in civil unrest.” – Eric Burger, Georgetown University

“We all agree there are too many infrastructures already deemed ‘critical’ and if all are critical then it becomes impossible to prioritize. But this misses the practical point of current US public policymaking: designating, in law, the electoral system as critical infrastructure opens up numerous options to protect it, from information sharing, to new creating a new electoral [Information Sharing and Analysis Organization] sharing organization, to grants to states and counties to spend on security. This is all very difficult if elections are [not] critical infrastructure, but much easier if they are.” – Jason Healey, Columbia University

“We should do it, but designation itself will do little to protect [voting systems].” – Influencer

“Our election system is as critical to the health of our democracy as it gets and deserves much great protection than the widely variable way it is handled now.” – Peter Singer, New America

“Designation as critical infrastructure is not a panacea, but lead to some meaningful increase in the overall level of security for voting systems. More importantly, it will help maintain confidence in the machinery of our Democracy.” – Influencer

“This designation would better protect democracy from foreign attackers because it would permit assignment of more resources and help enable standardization of things like cyberhygiene, incident response, information sharing and the like.” – Jack Harrington, Raytheon

“Even if the voting process itself is secure (and that is seriously questioned by information security experts), attacks against voter registration can be used to create chaos at the polls, such as forcing large numbers of people to file provisional ballots. These kinds of attacks can raise questions about the legitimacy of an election. The distributed nature of elections administration in the United States means that responsibility for important elections infrastructure is left to state and local governments, who have access to varying levels of technical expertise and resources. I think that federal information security standards and assistance for elections administrators are probably needed. A local voting security problem can have national consequences.” – Tom Cross, Drawbridge Networks

“Designations of critical infrastructure can help significantly to marshal resources - including policy attention, analytics, and technical support - within the government to focus on aspects of US infrastructure. It may not lead to improvements in the short-term but certainly over the medium to long-term, it will focus the government’s resources and analytics on the problem set.” – Influencer

“Actually, the answer is, 'yes, but...' There’s no magic protection bestowed upon the machines and back-end systems by such a designation. Instead, it brings much needed attention to their fundamental flaws, and increases the numbers of people fishing at them for vulnerabilities to exploit.” – Nick Selby, Street Cred Software

“But of course a designation to treat the US electoral system doesn’t in and of itself protect that system (or its many components) – much less American Democracy writ large – from hackers. It is nonetheless a necessary and worthwhile step.” – Influencer

“Designating election systems as critical infrastructure would send an important deterrent signal to adversaries.” – Chris Finan, Manifold Technology

“Our electoral system is crucial to the functioning and survival of the republic and it is imperative that we secure it no matter what the cost.” – Tor Ekeland, Attorney

“I think that designating the US electoral system as critical infrastructure would be a good idea. Would it help protect American democracy from hackers? I’m not quite sure about that – but I do think that designating our electoral system as critical infrastructure is a good idea to the extent that more government emphasis and funding will be placed on countermeasures to defend it.” – Influencer

“Honestly, the real answer is 'it depends.' Marking election systems as critical infrastructure might help us begin to make them more secure, but not necessarily. And federalizing election systems could make us less secure by creating fewer points of failure. But overall, [the Electronic Frontier Foundation] and our colleagues at Verified Voting have been sounding the alarm about insecure voting systems for a long time, pushing for real auditing of code and risk limiting audits of the results, along with warning about the insecurity of the internet as a network for voting. More must be done. Whether the step of calling it critical infrastructure will help is hard to predict, but certainly raising the profile of this issue is long overdue.” – Cindy Cohn, Electronic Frontier Foundation

“It is critical infrastructure. Putting it on a list may or may not help, hopefully it will.” – Paul Mockapetris

What do you think? VOTE in the readers’ version of the Passcode Influencers Poll.