Voting is the staple of democracy and has been done in person in the United States since the nation’s founding. While the controversy over the integrity of mail-in voting continues, never in our country’s history has voting in person been more fraught with potential security risks that could alter the outcome.
William “Bill” Rials, an expert and associate director in the Tulane University School of Professional Advancement Information Technology Program, is available to speak about how cybersecurity attacks can disrupt electronic voting and why local governments should be acting now to prevent these attacks.
For interviews, contact pr@tulane.edu or Roger Dunaway at 504-452-2906.
According to Rials:
“From a cybersecurity perspective, the biggest risk to elections is all the ancillary elements associated with the election process. Most voting machines today, from the well-known market leaders, are ‘reasonably’ secure from cyberattacks because the terminals are typically air-gapped from any connected network during the individual voting process. Any vote cast is usually stored locally and not transferred over a network until after the polls close and the tabulation occurs. One strategy of cybersecurity is limiting the attack surface and exposure to potential cyber threats. Nefarious actors have limited access during the actual casting of votes.”
“One primary example is the availability and integrity of the voter registration databases on election day. These voter registration databases are typically stored and maintained by county clerks and election commissioners. These databases are susceptible to cyber threats, just like any other database.”
“Unfortunately, many local governments are still struggling to increase their cyber defense capabilities and are easy targets. Cybercriminals wishing to disrupt the election process are likely targeting these voter registration databases months and even years leading up to election day. Incorrect or modified voter data could have an impact on the election process. Local governments responsible for the cyber protection of these databases should be working now to improve the cybersecurity posture associated with the voter databases.”