How vulnerable is the US to more hacks?

In 2018, tens of millions of US voters will show up to have their say in the midterm elections, only to discover that their names are no longer on the voter rolls. Thousands of voting machines will malfunction and will not properly record votes.

This will lead to distorted tallies and inaccurate numbers recorded on the state and county level. TV networks will call races for the wrong candidates, recounts will happen, lawsuits will be filed.

This is the nightmare scenario for the elections next year, which could very well prove to be all too real unless there are major changes to the United States’ out-dated and insecure voting infrastructure.

Cybersecurity experts believe the US is vulnerable in three main areas: voting machines that do not have paper records, voting registration databases that have weak cyber defenses, and propaganda that’s disseminated through social media.

However, because of the ultra-partisan nature of Capitol Hill these days, any efforts to shore up defences against cyber attacks appear to have been stopped in their tracks as Republicans are wary of giving more attention to the ongoing Russia probes with the suspicion that the Democrats are only pursuing change in order to attack Trump.

Russia

The Obama administration retaliated against Russia with more sanctions, and the Senate recently passed a bill adding more to that list, but under Trump, the White House and the Republican-led congress have done virtually nothing to defend against the type of cyber attacks that the intelligence community confirmed took place in November.

Instead, Trump has repeatedly questioned the accuracy of the intelligence community’s reports and has extended an open hand to Putin, even saying that he welcomes a partnership on cyber security, before quickly backtracking after the idea was widely ridiculed.

Just the discussion of co-operation with the Russians on cybersecurity is confounding given the weight behind the reports, and the consensus that Russia will attempt to use cyberattacks to sabotage future elections.

“They will be back,” former FBI Director James Comey told Congress of the Russians in June. And former Director of National Intelligence James Capper told CNN Thursday that he believed the Russian government is stepping up its spying efforts now in order to “prep the battlefield for the 2018 elections.”

Voting machine vulnerabilities 

Perhaps most alarmingly, old voting machines still in use can be manipulated without any trace of the hacker being detected. Names on voter roles can be altered, creating mass confusion at the polling stations. Its also not clear what social media companies are doing, if anything, to combat misinformation disguised as real news.

“The United States government sets standards for cybersecurity for banks and audits them, it sets standards for privacy of electronic healthcare information, but there are no cybersecurity standards for its election systems,” said Richard Clarke, the former national coordinator for Security Infrastructure Protection and Counterterrorism in the Clinton and Bush administrations.

“There are ways that you can interfere with the tallying process and cast doubt on election results,” he added. “That creates a disunity in the United States, which is one of Russia’s prime objectives.”

Critical infrastructure

In January 2017, the Department of Homeland Security declared that election systems were now to be classified as “critical infrastructure”. Although the exact meaning of this is unclear.

“We are struggling to understand — and implement — the U.S. Department of Homeland Security’s January 2017 Executive Order,” Connie Lawson, Indiana’s secretary of state and the president-elect of the National Association of Secretaries of States, told the Senate Intelligence Committee in June.

She also expressed frustration at the lack of information about foreign threats. “No secretary of state is currently authorized to receive classified threat information from our intelligence agencies,” she said.

Targeting people

However, it is not just election infrastructure that could be impacted, experts warn that hackers will in the future focus their energies on people in the campaigns themselves to recreate the same type of frenzy that happened around WikiLeaks’ release of John Podesta’s emails.

“We have to move quickly in a bipartisan way to better secure our campaigns,” Robby Mook, Clinton’s campaign manager, said. “Campaigns are the smallest and briefest of startups and lack the budget or expertise for world-class cybersecurity, yet they’re some of the highest targets for world-class hackers.”

Pressure is mounting for lawmakers to take swift action to protect the vulnerabilities of the US election system as the midterms approach. Secretary Kelly called election hacking “the way of the future” in a speech at the Center for a New American Security on June 28, adding an ominous warning: “We have to protect this or we’re not a real democracy anymore.”