https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Getty Images

Election security

Election Security Remains a Pressing Concern 

This year election security should be at the forefront for officials—and not just for voting infrastructure, but for infrastructure and industrial control systems (ICS) security. 
  • Written by Brian Buntz
  • 3rd February 2020

The U.S. has spent hundreds of millions of dollars bolstering cybersecurity, but election infrastructure hasn’t been the target of the same rigor. 

As with the industrial and health care sectors, government infrastructure is rife with legacy technology, which heightens security risks. Indeed, the Department of Homeland Security classifies election systems as critical infrastructure, alongside critical manufacturing, health care, transportation systems and other sectors deemed vital for society’s well-being. Cyberattacks on critical infrastructure can cause “population panic” and can seem like “the stuff of disaster films,” as a McKinsey report on critical infrastructure notes. 

But they pose more than a fictional risk. Nine out of 10 security professionals working in critical infrastructure sectors report that their environment has suffered a cyberattack in the past two years, according to a 2019 study from the Ponemon Institute. And in early 2020, DHS warned of the possibility that tensions between the U.S. and Iran could create industrial control system (ICS) security problems 

In the past few years, awareness of the risks to election security has improved, according to Andrea Little Limbago, chief social scientist at Virtru. But knowledge does not always drive results. “My biggest concern is that risk frameworks will be structured based on 2016 and fail to address the ways attackers have evolved over the last four years,” Limbago said. “For instance, Russia was the core election interference threat in 2016, but now there are a range of international and domestic actors who may seek some form of interference.” 

[IoT World is North America’s largest IoT event where strategists, technologists and implementers connect, putting IoT, AI, 5G and edge into action across industry verticals. Book your ticket now.]

One piece of election infrastructure — voting machines — has become a favorite target of security researchers. Whether voting machines are Internet of Things devices is debated, they are similar in their use of embedded computing and networking to automate traditionally manual data-collection tasks. They are also alike in their potential for manipulation. At least year’s DEFCON cybersecurity event, for instance, hackers had little trouble breaking into the dozens of voting machines at the event. 

But “election interference can occur through myriad means, including social media manipulation and digital attacks on voting systems such as voter registration sites or databases,” Limbago warned. 

This piece examines election infrastructure, offering advice that applies to other sectors with ICS security concerns such as aging software and equipment and a growing attack surface. 

Analog Strategies Can Shore Up Election Security 

To improve the security of paperless voting systems, Chris Krebs, a cybersecurity leader within the Department of Homeland Security, recommends the use of paper-based systems. Municipalities with digital voting systems should “have a paper ballot backup,” Krebs said at DEFCON. 

While enlisting paper-based systems may sound old-fashioned, “the use of analog controls to protect digital systems is often an overlooked technique” for bolstering cybersecurity, according to Andrew Howard, chief executive officer of Kudelski Security. “From the electrical grid to self-driving vehicles to voting, there is a role for analog protections such as in-hardware control message validation and verified paper audit trails,” Howard said. 

Because digital modifications to election machines can be hard to detect and could potentially influence election results, paper audit trails are vital. “When implemented properly, paper audit trails can provide a layered defense against in-software vote swapping techniques,” Howard said. 

Slow Refresh Cycles and Uneven Patching Spell Cyber Problems

According to the Brennan Center, nearly half of the states with paperless voting machines in 2016 will not have replaced them in time for the 2020 elections. “There are still a half-dozen or so states that haven’t integrated paperless voting machines, and actual resources allocated to modernizing and securing voting machines varies significantly state to state,” Limbago said.   

Voting machines, many of which rely on Windows 7, are no longer supported with bug-fixes or security fixes. The Associated Press reported in July 2019 that it found multiple battleground states affected by the end of Windows 7 support.

While modern voting machines have a shelf life of perhaps 10 to 15 years, as The New Yorker observed, many are in use for considerably longer.

Aging equipment that poses cyber-vulnerabilities is broadly similar in the industrial and ICS security sector. “The refresh cycle in IT is three to five years, said Jason Haward-Grau, chief information security officer at PAS Global. The refresh cycle in operational technology is several times slower. A 2017 Reuters analysis indicated the average age of industrial equipment is a decade. Often, OT equipment is in use for 15 or 25 years, Haward-Grau said. 

Human Error Is a Risk to Election Security

Election Security doesn’t need to involve a breach for problems to occur.

Voting systems can also be misconfigured, sometimes without the awareness of voters or election officials. When it comes to misconfigured ballot-marking systems, for instance, “officials have no way to tell whether there was a BMS malfunction, the voter erred, or the voter is attempting to cast doubt on the election,” wrote Philip B. Stark, a professor at the University of California, Berkeley.   

While running parallel testing of devices such as ballot-marking systems can help detect problems, “the only remedy is to hold a new election,” Stark wrote. “There is no way to reconstruct the correct election result from an untrustworthy paper trail,” he continued. 

Recent elections in Georgia encountered a string of problems, nearly all of which were related to human error, according to a local NPR affiliate. 

Lack of Funding Is a Common Excuse

One of the most common reasons organizations postpone making cybersecurity-related upgrades is lack of funds. Many election officials would like to upgrade equipment but lack the funds to do so, according to the Brennan Center. 

It’s not just end-users that are cash strapped. “This industry is significantly underfunded,” Tom Burt, CEO of Election Systems & Software, told NBC News. “Margins are very thin. Very frankly, it is not a great business to get into.” 

While lack of funding poses a challenge, another difficulty is finding time to take systems offline to upgrade them. While this is a concern when it comes to voting systems, the challenge is greater when it comes to systems used in health care and manufacturing, where bringing a system down for hours or days is rarely an option. 

While it can be challenging to find resources — whether time or money — to upgrade vulnerable software and hardware, there are enough stories of cyberattacks to warrant dedicating resources to securing critical infrastructure. “Analysis of return on investment and potential downside risk of not upgrading are helpful in the discussion,” Howard said. 

Tags: Network security Security Features

Related


  • Image shows welding robotics and a digital manufacturing operation.
    IoT Supply Chain Vulnerability Poses Threat to IIoT Security
    The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
  • IoT Security Needs Pen Testing Approach
    IoT pen testing is a no-brainer, say experts. But don’t test everything.
  • Image shows a digital background depicting innovative technologies in security systems,
    Securing IoT Devices With Zero Trust Requires Mindset Shift
    Zero-trust approaches require a shift in mindset to ensure IoT devices have rigorous security policies applied — and the work is never done, say IT pros.
  • An Integrated Approach to IoT Security
    This e-book provides a comprehensive framework to help organizations reduce risk in IoT products and environments.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Common Internet of Things Security Pitfalls 
  • Can Privacy-Preserving Machine Learning Overcome Data-Sharing Worries?
  • Developing a Critical Infrastructure Cybersecurity Strategy
  • Addressing IoT Security Challenges From the Cloud to the Edge 

News

View all

Webex Collaboration Banks on Hybrid Workplace Model at Cisco Live 2021

2nd April 2021

Cisco Enlists Networking Automation, CX Cloud in COVID-19 Response

31st March 2021

White Papers

View all

Telehealth and COVID Infographic

30th March 2021

Medical Supply Chain Management with Smart Devices and Sensors

30th March 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Real-Time Analysis of Driver Behavior Using Machine Learning

13th May 2021

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

Embedded IoT World 2021

28th April 2021 - 29th April 2021

The Virtual Industrial AI Summit

29th June 2021 - 30th June 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

How Smart Environments Will Take Shape Post-COVID-19 dlvr.it/RxfPG2 https://t.co/Y6DMWxZf9S

14th April 2021
IoTWorldToday, IoTWorldSeries

IoT Enterprise Deployments Continue Apace, Despite COVID-19 dlvr.it/RxWwsS https://t.co/BSkxdf17vs

12th April 2021
IoTWorldToday, IoTWorldSeries

🥳Happy #IoTDay! How are you celebrating? We're giving $50 off All Access Passes to join our upcoming virtual event,… twitter.com/i/web/status/1…

9th April 2021
IoTWorldToday, IoTWorldSeries

🎉 Announcing #EIOTWORLD sponsor, @InnoPhaseinc — a fabless wireless semiconductor platform company specializing in… twitter.com/i/web/status/1…

8th April 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X