Elections and referendums are becoming reliant on digital technologies. Whether it’s the voting register, the central collation point for results or individual ballot machines, modern democratic activities are relying more and more on computers to determine the will of a population.
This shift is a double-edged sword. The technology that speeds up vote counting and avoids any ambiguity stemming from the manual completion of a ballot paper is the same technology we see failing from a cyber security perspective. This is particularly apparent in the online commercial space, bringing risk to the democratic processes it is intended to facilitate.
Similar cyber security challenges have been faced by most IT systems in the past. The major differentiator here is their critical role in democratic processes, and the volatility of the environment in which they are operating.
There has been considerable discussion over how the weaknesses of these technologies can be used to change the outcome of a vote, bringing an alternative candidate to power or altering a referendum result. Demonstrations around voting system attacks, such as the University of California at San Diego hack of a Sequoia voting machine, have been well documented.
These issues are undeniably important, but it's worth stepping back from the technical security weakness that cyber security so often relies on, and considering the wider goals that an opposing nation-state might have in mind. It would seem that any nation state seeking to compete economically or politically with another state must do so either by excelling or impeding its opponent. Some hostile nation-states could conclude that excelling is too difficult when they are placed up against a major economic and military nation. In these cases, the easier goal is that of impeding the competition: causing chaos and disruption to distract the target from achieving their potential. So, how could this disruption be achieved using what we know of voting systems?
Wildly altering results of a single election or referendum would certainly cause consternation and result in disruptions, so long as the attack was visible. But for the attackers, it would also likely focus attention on the attack. The issue would be a one-off, forcing the implementation of protective measures that would place a finite limit on the effects of any disruption. Such an attack would also be resource intensive, and require considerable skill.
Faced with a short-term expensive option, attackers are likely to look for longer-term disruption, even if that disruption is in the first instance less severe than a complete meltdown of voting systems on election night.
Sowing the seeds of doubt
People expect our electoral systems to be trustworthy. When this trust is lost, the system as a whole suffers.
In the West, a level of doubt already exists. Claims of voter fraud and foreign funding of political agendas have left some feeling that democratic systems are under attack. We have seen this play out in media coverage in the Brexit campaign and referendum. In the American mid-term elections, the increase in coverage suggesting that digital voting machines are vulnerable to subversion is causing concern.
A full blown attack, therefore, isn't necessary for an attacker to cause long-term disruption. Rather, undertaking basic attacks which are sufficiently visible can prompt a storm of media coverage. Following this, the current political climate and concerns over voting system security can lead to doubts about the integrity of the electoral system, the legitimacy of its outcomes, and - in some cases - even questions over the legitimacy of the government it elects.
Protecting electronic voting systems
For those nations that have moved to electronic voting, the situation is difficult, but not insurmountable.
Electronic voting systems should be used cautiously as devices known to be insecure, and protected much like older automation and industrial systems. This means, wherever possible, isolating these systems from any external and unauthorised access by removing any network connections to external or untrusted networks, for example.
Further to this, the public needs to be made aware of the controls in place so they can have faith in the handling of any incident which may occur and maintain confidence in the integrity of their votes.
Longer term, countries need to consider their priorities in this area. If technology-enabled voting systems are truly needed over paper ballots, the funding needs to be made available for secure, trustworthy technology.