Critical Election Systems ‘Left Exposed Online’
An exclusive report from Vice News claims that researchers have discovered that 35 critical U.S. election systems have been connected to the Internet for months despite manufacturers and election officials claiming that the machines are never online. An exclusive report from Vice News has revealed that despite claims by voting machine vendors and election officials that their voting systems are never connected to the Internet and as a result can’t be hacked, researchers have discovered that nearly three dozen backend election systems in ten states have been connected to the Internet over the last year, including some in swing states.
Vice News reports:
“We … discovered that at least some jurisdictions were not aware that their systems were online,” said Kevin Skoglund, an independent security consultant who conducted the research with nine others, all of them long-time security professionals and academics with expertise in election security. Skoglund is also part of an advisory group, not associated with the research, that is working with the National Institute of Standards and Technology to develop new cybersecurity standards for voting machines. “In some cases, [the vendor was] in charge [of installing the systems] and there was no oversight. Election officials were publicly saying that their systems were never connected to the internet because they didn’t know differently.”
Vice News explained that some of these voting machines are meant to only be connected to the Internet for a brief few minutes in order to rapidly deliver election results to county officials:
For security reasons, the SFTP server and firewall are only supposed to be connected to the internet for a couple of minutes before an election to test the transmission, and then for long enough after an election to transmit the votes. But the researchers found some of the systems connected to the internet for months at a time, and year-round for others, making them vulnerable to hackers.
Vice notes that although there is no direct evidence that these machines were hacked, they were vulnerable and appears to show a lack of regard for digital security:
While no one is suggesting that any of these systems have been manipulated or hacked, the findings highlight how little local and federal election officials understand how these critical election systems are really configured and connected, and the extent to which they are beholden to what the vendors tell them.