While the 2017 designation that federal election infrastructure is part of the nation’s critical infrastructure was a significant step toward protecting voting integrity, some vulnerabilities remain, says a Virginia Tech expert.
“While voting machines are required to be offline and separated from the network, eventually the voter data is transferred, traditionally via memory drive, to networked devices,” said Justin Monday, a former cybersecurity officer in the U.S. Air Force who now teaches an election security class as an assistant professor of practice in Business Information Technology at Virginia Tech. “This presents opportunities for intentional or unintentional means and internal or external threat actors to manipulate voter data.”
Monday said that the Cybersecurity and Infrastructure Security Agency recently said it has no information suggesting any cyber activity against U.S. election infrastructure has impacted the accuracy of voter registration information, prevented a registered voter from casting a ballot or compromised the integrity of any ballots cast.
While lauding the federal infrastructure designation, Monday said state and local election officials are the primary lines of defense and awareness for protection of their election infrastructure.
“The Election Assistance Commission, initiated by the Help America Vote Act, supports states with research and funding, and by establishing voluntary standards of voting systems,” he said.
In Virginia, Virginia Tech and other universities are supporting the election community by educating students to work with some of the 133 election localities. These select students evaluate policy and assess risk and make recommendations to improve locality election infrastructure.
The Cybersecurity and Infrastructure Security Agency, a federal agency under the Department of Homeland Security, has released a free toolkit available to the election community. This toolkit allows election officials to assess risk and select the proper cyber response to address the threat.