Following news of hacks of the Democratic National Committee, the Clinton campaign, and state election boards in Illinois and Arizona, federal officials in the past week have offered conflicting statements regarding the possibility that hackers, possibly sponsored by a foreign government, could influence the upcoming presidential election.
Department of Homeland Security (DHS) Secretary Jeh Johnson reportedly said last week that while his agency had concerns about foreign hackers, it would be “very difficult through any sort of cyberintrusion to alter the ballot count” of the election. Later the same day, FBI Director James Comey said, as paraphrased by CNN, that “the decentralized nature of how elections are carried out, as well as ‘clunky’ systems that states use to tabulate votes, would make a hacking of the election very hard to accomplish.”
On Tuesday, however, National Security Agency Director Michael Rogers, who also heads U.S. Cyber Command, appeared to offer a different assessment. Asked whether it was possible that Russia “could somehow harm the electoral process,” Rogers reportedly answered “oh, yes sir.” This response seems more in line with an August warning from the FBI that advised that not only state election boards, but that the much broader category of “local government and law enforcement websites” should be taking immediate steps to protect against possible cyber threats.
Indeed, Rogers’ statement Tuesday may reflect a more up-to-date understanding of the scope of the election cybersecurity problem. The same day that DHS Secretary Johnson and FBI Director Comey seemed to more or less dismiss election hacking fears, it was reported that the investigation into election board hacking was expanding, as it was believed that more sites beyond Illinois and Arizona’s had been compromised.
And as far as hackers are concerned, there seems to be no real question that the U.S. election system is massively vulnerable. A quick Youtube search, for instance, brings up a video uploaded 9 years ago, showing Diebold electronic voting machines could be hacked. Last month, Wired reported on the “woeful state of our outdated, insecure electronic voting machines,” and, a year ago today, published an article noting that several states continued to use machines that were more than 15 years old, “which means they are far behind even a casual tech user in keeping pace with technological advancements.”
Among that article’s other revelations were that the large majority of states – 43 to be exact – were at that time using systems that were no longer manufactured. Many of these systems run on Windows XP, with some even continuing to run on Windows 2000. And despite legislation passed in the wake of the contentious 2000 election that established the Election Assistance Commission to create standards for security and to oversee the testing of new voting machines, the majority of states continued to use systems that were never EAC certified.
Last month, Politico published a lengthy article titled “How to Hack an Election in 7 Minutes,” which explored many of the problems that continue to plague U.S. voting systems. Meanwhile, a video from CNN Money shot at the recent Black Hat 2016 conference in Las Vegas, similarly to the video uploaded to Youtube in 2007, clearly shows the continuing vulnerability of some of today’s voting machines.
So how realistic is it that this year’s election might be “rigged,” as GOP candidate Donald Trump suggested last month? Perhaps not much, as the widely dispersed voting infrastructure’s saving grace may be that it is run on so many different and ultimately incompatible systems that require votes to be tallied at the local and state level rather than through a centralized federal computer network.
“Elections authorities and cyber security experts say a concerted effort to alter the outcome of November’s elections through a cyber attack is nearly impossible, even after hackers gained access to voter registration databases in at least two states,” The Hill reported last week. “But some of those same experts say hackers with ties to Russia aren’t aiming to change election results; instead, their goal is to create a perception that the results are in question, and to undermine confidence in American democracy.”
The security of the 2016 election is certainly far from ideal, but if there is any silver lining to this unfortunate state of affairs, it may be that Russia can’t realistically hope to be very effective in any efforts to undermine confidence in American democracy. Confidence in American democracy, after all, doesn’t seem like it could easily collapse much further than it already has, given the choice of candidates we’re left with.