election security

Mail-in ballots during COVID crisis necessary, but with risk says expert

Noted election security researcher Harri Hursti says mail-in voting is likely the only option for a safe, secure US presidential election, but voter and election worker training needed.

A United States postage stamp displayed against a background of red, white and blue question marks.
Simon2579 / TostPhoto / Getty Images

One of the foremost topics facing the nation, the security of the 2020 presidential election, has been obscured by the COVID-19 pandemic. Cybersecurity company Grimm brought the topic to the forefront during its virtual GRIMMcon event held April 14 by inviting noted election security specialist, hacker and researcher Harri Hursti to offer his take on the state of US election security.

HBO’s documentary on the weakness of the US election system called Kill Chain, which premiered in late-2019, follows Hursti as he travels the world and across the US exposing voting insecurities. CSO caught up with Hursti after his GRIMMcon talk to discuss the state of US election security, the feasibility of mass mail-in voting during the COVID-19 pandemic, and whether new voting machine standards under development by a revived Election Assistance Commission could make a difference in election security.

US election infrastructure still outdated

Hursti says that despite years of warning and repeated demonstrations of the insecurity of voting systems, “a lot of the infrastructure in the United States has not even been updated since 2002. Nothing has changed since the Help America Vote Act of 2002. The majority of systems are running 2004, 2005 deployments. The vast majority of systems are old and have not been updated.”

Hursti thinks a lot of bad ideas are helping to keep voting systems insecure. An argument has cropped up that the diverse panorama of systems in use, and the widespread crazy quilt of jurisdictions, keep elections secure from hackers. This notion is merely a false sense of security, Hursti says. “Those arguments are not real because of the actual centralization of the voting systems companies.”

Another false argument, according to Hursti, is that voting systems are secure because they are not connected to the internet. “The claim that voting systems are not connected to the internet are categorically wrong. Voting systems are connected to the internet, directly or indirectly.”

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022