election security

Voting machine security: What to look for and what to look out for

The US Senate approved $250 million to help states purchase more secure voting equipment — but includes no provisions for what "secure" means. Our buying guide will help state election officials spend taxpayer money wisely.

State election officials have got to be stressed out. Almost none are cybersecurity experts, and they find themselves pulled hither and thither by partisan politicians on the one hand, and non-partisan security experts on the other hand. The good news is the US Senate just approved a second tranche of funding — this time for $250 million — to help the states secure their election systems.

So how are you supposed to spend that money? The $250 million does not include any security requirements or guidance for the voting machines states buy. Is this secure? Is it not? What should you buy? You can't trust the voting machine vendors either, as they have not been forthcoming on potential vulnerabilities in the past.

Senator Ron Wyden (D), one of the few cybersecurity-savvy members of either house of Congress, was critical of the funding bill. "This proposal is a joke," he said in a statement. "This amendment doesn’t even require the funding be spent on election security — it can go for anything related to elections. Giving states taxpayer money to buy hackable, paperless machines or systems with poor cybersecurity is a waste."

If you're a state election official trying to do the right thing—or a citizen who wants to know if your election officials are doing the right thing, this guide is for you.

How to secure our elections

Before we get into the nitty-gritty, let's be clear: There is widespread agreement among security experts on how to secure elections. A new report on voting machine security from the National Academies of Science, Engineering and Medicine lays out the consensus opinion of dozens of leading experts. Voting machine security expert Matt Blaze's 2017 testimony before Congress painted the solution in vivid colors: use paper ballots, counted with optical scanners, and double-checked with risk-limiting audits. Oh... and avoid online voting and anything that uses the word blockchain.

Ready to put some nitty in your gritty?

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!