Influencers: Calling it 'critical infrastructure' won't protect the vote
Designating the US electoral system critical infrastructure will not protect American democracy from hackers, said 62 percent of Passcode's Influencers.
Passcode's group of digital security and privacy experts said that treating voting 鈥 and the machinery that underpins American elections 鈥 similar to the country's other critically important systems such as the electric grid or banking is not enough to secure it against cyberattacks.
"Declaring something critical infrastructure, or building a new council, or coordinating office, or fusion team, does not actually do anything for security," says Robert M. Lee, the chief executive officer of Dragos Security.
Instead, Lee says, the Obama administration should provide specific metrics for what "security" means for US electoral systems. "The federal government should mandate a set level of security and vulnerability checking for these systems and leverage their pocket book to enforce it. We need action not another coordination or designation," he says.
In addition to the recent听Democratic National Committee hack that听experts听linked to Russia, the FBI issued a warning that anonymous hackers had broken into the state board of elections in Illinois and Arizona this summer. That鈥檚 led to concerns听that voting machines and data could be subject to more serious hacks.
In August, Secretary of Homeland Security Jeh Johnson said听the agency is considering听declaring voting machines as critical infrastructure. And this week, Rep. Hank Johnson (D) of Georgia 听legislation calling on DHS to label voting systems as critical infrastructure and limit the purchase of digitally based voting systems.
The critical infrastructure designation 鈥 first established by the Department of Homeland Security in 2003 鈥 gives听, including dams, transportation systems, and nuclear reactors more money for protection and raises their priority level in US government, meaning that a cyberattack against a critical infrastructure sector could be met with a stronger response.
But Influencers expressed skepticism that the critical infrastructure designation had done much to deter hackers. 听
"Designating 16 other sectors as 'critical infrastructure' didn鈥檛 protect them," says John Pescatore, director of the SANS Institute, a cybersecurity education organization. "Software-based election systems need standards and certification, not critical infrastructure designation."
So far, the US government has used the critical infrastructure moniker to warrant a stronger response to cyberattacks. In March, the Justice Department听charged seven Iranians听for breaking into the computer network of a small New York dam and for digital attacks against more than 40 US banks.
But experts have pointed to those听charges as part of a naming-and-shaming effort听to reinforce the rules of the road in cyberspace, not a realistic effort to bring them to face trial.
"What we really need from the government is clear declaratory and escalatory policy in the cyber domain," said Nate Fick, chief executive officer at the cybersecurity firm Endgame. "What is espionage? What is war? And what will the government do to bring the full force of American power 鈥 diplomatic, economic, military 鈥 to bear in order to strengthen deterrence?"
And whether or not the US decides to designate electoral systems as critical infrastructure, hackers could have a wide set of digital targets to hit on election day. Forty-three states will use equipment that鈥檚听听this November, a sign that needed updates aren鈥檛 taking place.
"Designating electronic voting machines as critical infrastructure won鈥檛 do anything that years of proving security flaws in existing machinery hasn鈥檛 yet done," says Tarah Wheeler, chief of security at Symantec. "We've been proving electronic voting machines are hackable for more than a decade. It鈥檚 the mindset that electronic voting machines are an impenetrable black box that needs changing, not a budget line item or meaningless resolution."
And because the US electoral system operates based upon 9,000 individual jurisdictions that count votes, Influencers said the critical infrastructure designation might not put protections in place that local officials can understand.
"Because voting is at the core of our political system, we must protect its integrity, and that may mean some systematic help rather than asking each precinct chair or county elections director to figure it out," says Jonathan Zittrain, a law professor at Harvard University. "Today, having DHS drop by a newly critically designated polling place to inspect it would likely lessen public trust rather than increase it."
On the other side, a 38 percent minority of Influencers said that the US should put in greater critical infrastructure protections for voting, but cautioned that the change would not solve all problems in the US electoral system.
"Of course it wouldn鈥檛," said Michael Hayden, former CIA and National Security Agency director and currently a principal at the Chertoff Group, a Washington-based consulting firm.听"But it would be a good start signaling that we will bring adequate resources to bear."
And while hackers shutting down voting systems might not result in physical destruction or death 鈥 Influencers worry that disruptions could create chaos at the polls.听
"Attacks against voter registration can be used to create chaos at the polls, such as forcing large numbers of people to file provisional ballots," says Tom Cross, cofounder and chief technology officer of Drawbridge Networks. "Federal information security standards and assistance for elections administrators are probably needed. A local voting security problem can have national consequences."
Influencers also thought that the designation could help lead to more rigorous authentication of voters. 听
鈥淲hile we鈥檙e out of the age of inking fingers to determine who voted here in the US, ensuring the authenticity of voters and tallying the count is important enough to warrant special cyber protection attention,鈥 said an anonymous Influencer. Passcode's听Influencers are given the choice of responding on record or anonymously to preserve the candor of their responses.听
Other Influencers who favored the idea agreed that while the critical infrastructure label might lead to more rigorous discussions of voting security and deliver funds to help back that cause, additional resources may still be needed.
"Local election boards also need access to top tier security experts to assist them in their selection and implementation of voting systems," says Andrea Matwyshyn, a law professor at Northeastern University. "Justice Department oversight and enforcement is urgently needed to ensure that suboptimally conscientious jurisdictions are forced to remediate vulnerable voting systems expeditiously."
And though some experts think it might be too late to make changes during this election cycle 鈥 getting the process underway would be important for future polls.
"Elections aren't about deciding a winner, they鈥檙e about generating the consensus that somebody lost, and should try again in some number of years," says Dan Kaminsky, chief executive officer at the cybersecurity firm White Ops. "That consensus, the basis of democracy more than we might admit, is threatened by credible signs of manipulation."
What do you think?听听of the Passcode Influencers Poll.
Who are the Passcode Influencers? For a full list, check out our听
Comments:
NO
鈥淭he electoral system should be designated as critical infrastructure, but it takes more to protect a democracy against cyber threats.鈥澨鈥撎齅氓rten Mickos, Hacker One
鈥淔ixing the vulnerabilities in the electoral system would protect American democracy from hackers, not placing a designation on it.鈥澨鈥 Jeffrey Carr, Taia Global
鈥淏ut we should do it anyway. The reason is, the threat here is less to 鈥榙emocracy鈥 per se than it is to economic growth. There is already a fair amount of doubt about the accuracy and fairness of voter registration and voting, and so a 鈥榟ack鈥 of small proportions is just more of the same from a political standpoint. What it would do, is create yet another new kind of internet security breach that is corroding confidence in the digital foundations of our economy. It would be a much greater hit to our emotional confidence than another credit card breach. That confidence is needed to create economic growth. Confidence is critical infrastructure now.鈥澨鈥 Steve Weber, UC Berkeley
鈥淣othing is going to stop hackers 鈥 especially state-sponsored ones 鈥 just as no other area of critical infrastructure has proven to be impervious to hacking.鈥澨鈥 Influencer
鈥淲hile admitting that our electoral system is, in fact, critical infrastructure, is a step in the right direction, hacking isn鈥檛 the major threat vector. Before we deal with hackers, we should look to the numerous political threats that are undermining the US electoral system 鈥 from gerrymandering to (illegal) laws to disenfranchise poor and minority voters. Our voting system faces only minor dangers from hackers compared to the damage wreaked by politicians themselves.鈥澨鈥 Sascha Meinrath, X-Lab
鈥淢y answer (today) assumes 鈥淭his election cycle鈥... A few casual thoughts: 1) Any hacking exposure we currently have for this election cycle cannot be addressed in time for this year. 2) Other 鈥淐ritical Infrastructure鈥 can and has been hacked. 3) Pentagon and OPM and State and others have been hacked. 4) One need not hack the systems themselves to hack hearts & minds, just watch news or ads. 5) Hacking campaigns or candidates or even Hacking fueled Opposition Research can create electorate surprises too... None of these observations mean to suggest that manipulation of free, democratic elections should be OK. Trustworthy/trusted elections are essential and therefore deserve significant investments and care going forward - especially as we increasingly depend upon 鈥榲oting computers鈥 (not 鈥榤achines鈥).鈥澨鈥 Joshua Corman, Atlantic Council
鈥淪uch a designation is a good idea, but it only modestly protects the electoral system.鈥澨鈥 Stewart Baker, Steptoe & Johnson
鈥淭o think that the designation alone creates some sort of impenetrable fortress is silly. The additional focus and resources available because of the designation are appropriate, but the designation itself isn鈥檛 Pixie Dust.鈥澨鈥 Scott Montgomery,听Intel Security
鈥淭he Election Assistance Commission already provides federal support to state and local election officials, including for voting system security and related issues. Designating the electoral system critical infrastructure would generate few meaningful benefits but it would generate unnecessary duplication in effort. And we should consider the practical reality. Voting is already more painful than necessary. Asking DHS to get more involved would likely erode efforts to make elections more citizen-friendly. Do we really want voting to be more like going through airport security?鈥澨鈥 Daniel Castro,听Center for Data Innovation
鈥淯nless we were to move beyond a declaration and into actual protection, such a proclamation would act more like an invitation to global hackers.鈥澨鈥撎鼼眉nter Ollmann, Vectra Networks
鈥淟ike much of our critical infrastructure today (energy plants, water utilities), a simple change in designation would not automatically make these systems more secure. In fact, it鈥檚 quite possible that many of these systems are already compromised with dormant implants waiting to be leveraged at the right moment.鈥澨鈥 Jay Kaplan, Synack
鈥淧ractically speaking, the designation by itself is not likely to have a meaningful impact on the level of protection from that is hackers afforded to the US electoral system in the current election cycle. While the need for significant improvements to cybersecurity for our critical infrastructure is now generally accepted and understood, the rate of progress to achieving the desired end result on average has a multi-year horizon.鈥澨鈥撎鼵hristopher Doggett, Carbonite
鈥淚 think it should be designated as critical infrastructure. It is critical infrastructure and perhaps the most critical in American democracy, but simply designating it as such wouldn鈥檛 protect it. Look at all the other critical infrastructure that has been hacked.鈥澨鈥 Influencer
"Designating the US electoral system as critical infrastructure is little more than security theater. If the Department of Homeland Security actually has the wherewithal to scale and provide its most capable specialists to the electronic voting community, improvements can be made over time. For the 2016 cycle, [it's] game over.鈥澨鈥 Rodney Joffe, Neustar
鈥淚n a word, no. But in concert with other government action, a critical infrastructure designation is probably a good idea. What we really need from the government is clear declaratory and escalatory policy in the cyber domain - what is legitimate competition? What is espionage? What is war? And what will the government do to bring the full force of American power 鈥 diplomatic, economic, military 鈥 to bear in order to strengthen deterrence?鈥澨鈥 Nate Fick, Endgame
鈥淚t certainly won鈥檛 hurt, but in and of itself it won鈥檛 protect democracy. It would be, however, a good first step in institutionalizing the interest in securing the vote. If we continue only to have this conversation every two or four years in the run-up to an election, we鈥檝e got a big problem.鈥澨鈥撎齁eff Greene, Symantec
鈥淧robably not. It may well also create a new exposure to a different class of threat. People tend to forget that the term 'United States' is plural. There is some inherent resilience in the federated nature of the voting system within the US. Anything that tends toward system or technology monoculture may well amplify the risk of a particular vulnerability. More fundamentally, there is a risk to the system in allowing the centralization of any form of control over the mechanics of election systems. While that risk may seem speculative to some, it only takes a brief glance at either recent or distant histories of other countries to see examples. If the track record of the US government were better at its own security housekeeping, perhaps it might have a more compelling argument. That still wouldn鈥檛 address the basic risk of increased central control.鈥澨鈥撎鼴ob Stratton, Mach 37
鈥淭he designation of critical infrastructures has been overtaken by technology and emerging threats to cross cutting capabilities like GPS. Time to rethink this structure.鈥澨鈥 Influencer
鈥淭he act of designating [voting] as critical infrastructure wouldn鈥檛, in and of itself, protect the system 鈥 but given the lousy job both states and the election industry have done to date in making sure these systems are protected, it would do a lot to help get them focused on taking a proper approach to cyber risk management.鈥澨鈥 Jeremy Grant, Chertoff Group
鈥淓lections are not critical infrastructure, but neglected infrastructure. We need to make the right investments in trustworthy voting systems that can stand strong in the face of nation-state manipulation. We need to train and reward vigilant elections administrators who incorporate cybersecurity into their operations. Finally, we must insist that voting machines create a paper trail and that elections officials check a random selection of those paper records to make sure the paper totals and computer totals match.鈥澨鈥 Nuala O鈥機onnor, Center for Democracy and Technology
听
鈥淚t is widely understood among countries that tampering in another nation鈥檚 elections is unacceptable behavior, regardless of whether our electoral system is labeled 鈥淐I鈥 or not. Should another country attempt to hack into the US electoral system to alter the results of an election, we do not need the systems themselves to be labeled 鈥渃ritical infrastructure鈥 to provide a state-level response.鈥澨鈥 Influencer
鈥淧rotecting the integrity of US elections is of paramount importance, which is why I have long advocated for auditable election systems and against Internet voting. While I commend Secretary [of Homeland Security Jeh] Johnson for his outreach to local voting jurisdictions, it is unclear whether a critical infrastructure designation would significantly improve election cybersecurity. The steps we need to take to assess risk and improve security need to happen at the state and local levels with DHS playing a supportive role as needed. I have faith in the integrity of our elections today, but I encourage election officials to reexamine their cybersecurity to ensure that faith is well-placed.鈥澨鈥 Rep. Jim Langevin (D) of Rhode Island
鈥淭he US electoral system has been solely secured by security through obscurity. The barrier to entry to become and insider with the Secretary of State per state is very low. Incredibly easy for an insider to get access, and no open reviews or bug bounties have been placed on the systems. Put your seatbelt for the fall election.鈥澨鈥 Influencer
"Electronic voting is as much a nutcase mistake as voting by mail."听鈥 Dan Geer, In-Q-Tel
鈥淭his would only be one piece of many ways we need to protect the voting process from cyber-tampering.鈥澨鈥 Influencer
鈥淗ackers don鈥檛 fear designations.鈥澨鈥 Influencer
YES
鈥淒esignating US electoral system as critical infrastructure is important for two reasons. One, to have ability to more easily provide funds and federal government assistance to the states and local jurisdictions who actually operate the infrastructure. And, two, as a powerful signal to nation states that may be considering interfering with the voting process that such action would likely result in a strong national security response.鈥澨鈥 Dmitri Alperovitch, CrowdStrike
鈥淭here is no reason not to designate the US election system as a subcategory of critical infrastructure, but there are technical steps we should prioritize as well. Our most essential goal is ensuring trust in the system and the result, and for that we need more visibility to identify and map the impact of intrusions, and reliable mechanical back-up systems for validation if an intrusion does occur.鈥澨鈥撎齆athaniel Gleicher, Illumio
鈥淣o one (necessarily) dies if the election goes wrong or the election has to be postponed. However, such an incident would certainly impact government services and be wide-spread, which does fit the bill for triggering the critical infrastructure provisions. I said yes because especially during the current election cycle, disruption of the electoral system could result in civil unrest.鈥澨鈥 Eric Burger, Georgetown University
鈥淲e all agree there are too many infrastructures already deemed 鈥榗ritical鈥 and if all are critical then it becomes impossible to prioritize. But this misses the practical point of current US public policymaking: designating, in law, the electoral system as critical infrastructure opens up numerous options to protect it, from information sharing, to new creating a new electoral [Information Sharing and Analysis Organization] sharing organization, to grants to states and counties to spend on security. This is all very difficult if elections are [not] critical infrastructure, but much easier if they are.鈥澨鈥 Jason Healey, Columbia University
鈥淲e should do it, but designation itself will do little to protect [voting systems].鈥澨鈥 Influencer
鈥淥ur election system is as critical to the health of our democracy as it gets and deserves much great protection than the widely variable way it is handled now.鈥澨鈥 Peter Singer, New America
鈥淒esignation as critical infrastructure is not a panacea, but lead to some meaningful increase in the overall level of security for voting systems. More importantly, it will help maintain confidence in the machinery of our Democracy.鈥澨鈥 Influencer
鈥淭his designation would better protect democracy from foreign attackers because it would permit assignment of more resources and help enable standardization of things like cyberhygiene, incident response, information sharing and the like.鈥澨鈥 Jack Harrington, Raytheon
鈥淓ven if the voting process itself is secure (and that is seriously questioned by information security experts), attacks against voter registration can be used to create chaos at the polls, such as forcing large numbers of people to file provisional ballots. These kinds of attacks can raise questions about the legitimacy of an election. The distributed nature of elections administration in the United States means that responsibility for important elections infrastructure is left to state and local governments, who have access to varying levels of technical expertise and resources. I think that federal information security standards and assistance for elections administrators are probably needed. A local voting security problem can have national consequences.鈥澨鈥 Tom Cross, Drawbridge Networks
鈥淒esignations of critical infrastructure can help significantly to marshal resources - including policy attention, analytics, and technical support - within the government to focus on aspects of US infrastructure. It may not lead to improvements in the short-term but certainly over the medium to long-term, it will focus the government鈥檚 resources and analytics on the problem set.鈥澨鈥 Influencer
鈥淎ctually, the answer is, 'yes, but...' There鈥檚 no magic protection bestowed upon the machines and back-end systems by such a designation. Instead, it brings much needed attention to their fundamental flaws, and increases the numbers of people fishing at them for vulnerabilities to exploit.鈥澨鈥 Nick Selby, Street Cred Software
鈥淏ut of course a designation to treat the US electoral system doesn鈥檛 in and of itself protect that system (or its many components) 鈥 much less American Democracy writ large 鈥 from hackers. It is nonetheless a necessary and worthwhile step.鈥澨鈥 Influencer
鈥淒esignating election systems as critical infrastructure would send an important deterrent signal to adversaries.鈥澨鈥 Chris Finan, Manifold Technology
鈥淥ur electoral system is crucial to the functioning and survival of the republic and it is imperative that we secure it no matter what the cost.鈥澨鈥 Tor Ekeland, Attorney
鈥淚 think that designating the US electoral system as critical infrastructure would be a good idea. Would it help protect American democracy from hackers? I鈥檓 not quite sure about that 鈥 but I do think that designating our electoral system as critical infrastructure is a good idea to the extent that more government emphasis and funding will be placed on countermeasures to defend it.鈥澨鈥 Influencer
鈥淗onestly, the real answer is 'it depends.' Marking election systems as critical infrastructure might help us begin to make them more secure, but not necessarily. And federalizing election systems could make us less secure by creating fewer points of failure. But overall, [the Electronic Frontier Foundation] and our colleagues at Verified Voting have been sounding the alarm about insecure voting systems for a long time, pushing for real auditing of code and risk limiting audits of the results, along with warning about the insecurity of the internet as a network for voting. More must be done. Whether the step of calling it critical infrastructure will help is hard to predict, but certainly raising the profile of this issue is long overdue.鈥澨鈥 Cindy Cohn, Electronic Frontier Foundation
鈥淚t is critical infrastructure. Putting it on a list may or may not help, hopefully it will.鈥澨鈥撎齈aul Mockapetris
What do you think?听听of the Passcode Influencers Poll.
听
