In his post, Bill urged election officials to do “everything necessary” to combat against the threat of results from polling sites being manipulated through unsecured electronic systems. In particular, he says, election officials should pay careful attention to all results that are reduced to digital data, as they are most likely being stored electronically and transmitted over some type of network.
Here’s what Rainer had to say on the topic:
Fortunately, securing a networked voting system presents no particular challenge, Enders said. It doesn’t matter what type of information is being sent over the network, the solutions are the same.
“It’s critically important that as soon as you connect it to an external network it is secure and you don’t allow any unauthorized connections,” Enders said. And all data must be encrypted. “That is mandatory.”
Officials should not take too much comfort in the fact that election systems typically are up and operating for only a short time. “It does shorten the window of opportunity, but I don’t think it protects you too much,” Enders said. If an election system is being targeted, the attacker knows what that window is and will exploit it. He might not have time for a low and slow attack, but brute force is always an option.
The bottom line: This data is critical. “Don’t take shortcuts,” Enders said. “Use good, best-of-breed, standards-based security.”
Bill also points out that – fortunately – there have been no reports of large-scale problems and the chances of it having an impact on today’s US elections are small. “But if the last 20 years of IT history security have taught us anything, it is that if something can be done, eventually it will be done,” he adds.
You can read the full article here.