Intelligence Panel Learns How to Hack Air-Gapped Voting Systems
Cybersecurity
,
Data Breach
,
Risk Assessments
DHS, at Hearing, Discloses that Russia Targeted 21 State Election Systems
Hackers can breach air-gapped voting machines and vote tallying systems – those not connected to internet – in an attempt to alter ballots to sway the outcome of an election, the Senate Select Committee on Intelligence has learned.
See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach
“Our election infrastructure is not as distant from the internet as it may seem,” Alex Halderman, a University of Michigan computer science professor, testified Wednesday before the Senate Select Committee on Intelligence
The Senate panel, as well as its House counterpart, held simultaneous hearings focused on the impact of Russian hacking on America’s election process (see Election Systems’ Hacks Far Greater Than First Realized ). At both sessions, lawmakers heard witnesses agree that Russian hackers did not alter votes in the 2016 presidential election.
“To my current knowledge, the Russian government did not through any cyber intrusion alter ballots, ballot counts or reporting of election results,” Jeh Johnson, who served as homeland security secretary during last year’s election, told the House Select Permanent Committee on Intelligence. Officials from DHS, FBI and state governments testifying at the Senate hearing agreed that no ballots were changed in last year’s election.
DHS: Russians Targeted 21 States
Meanwhile, at the Senate hearing, DHS Acting Deputy Undersecretary for Cybersecurity Jeanette Manfra disclosed that Russian hackers targeted election systems in 21 states before the 2016 election. Manfra declined to reveal which states hackers targeted. Arizona and Illinois had previously disclosed that their databases have been targeted.
Manfra also refused to identify any state that had data exfiltrated from their election systems. “I prefer not to go into those details in this forum,” she said.
At that Senate hearing, Halderman tried to dispel the notion that voting and vote tallying systems that are not connected to the internet cannot be hacked by actors – such as the Russians – interested in changing votes.
“Attacking the IT systems of vendors and municipalities could put the Russians in a position to sabotage equipment on election day, causing voting machines or electronic poll books to fail, resulting in long lines or other disruptions,” he said. “The Russians could even have engineered this chaos to have a partisan effect, by targeting localities that lean heavily towards one candidate or another.”
How-To: Hacking Air-Gapped Systems
How can air-gapped systems be hacked? Halderman explained that prior to an election, voting machines must be programmed with the design of the ballot, the races and candidates. Typically, he said, the programming – known as an election management system – is created on internet-connected desktop computers operated by local election officials or private contractors. Eventually, data from the election management system are transferred to voting machines. “Unfortunately,” Halderman said, “election management systems are not adequately protected, and they are not always properly isolated from the internet. Attackers who compromise an election management system can spread vote-stealing malware to large numbers of machines.”
Another common perception is that because of the complexity and highly decentralized nature of the American election system, the results from a presidential election cannot be altered. America’s presidential election is not a single election, but 50, separate state elections in which citizens cast ballots in some 185,000 precincts in 9,000-plus local jurisdictions. “The level of effort and scale required to change the outcome of a national election would make it nearly impossible to avoid detection,” Samuel Liles, DHS acting director of the Cyber Division’s Office of Intelligence and Analysis, testified before the Senate committee.
Among the safeguards Liles ticked off, based on a DHS assessment: diversity of systems, need for physical access to voting machines, pre-election security testing, logic and accuracy testing to ensure machines tabulate votes as expected and implemented security standards and protocols. “Before, during and after the election, there’s been an immense amount of media attention applied to this, which also brings in the idea of people actually watching and making sure the election result represent what they see,” Liles said. “Plus, there’s just statistical anomalies that would be detected, so we have a very high confidence in our assessment.”
Senator Voices Skepticism
Yet, Sen. Angus King, I-Maine, voiced skepticism. “There probably are 500 people within the sound of my voice who can tell you which 10 counties in the United States will determine the next presidential election,” King said from the Capitol Hill hearing room.
“A sophisticated hacker could hack a presidential election simply by focusing on particular counties,” the senator said. “I don’t think it works to just say, ‘Oh, it’s a big system, and the very diversity will protect us’ because [the presidential vote] is really county by county, city by city, state by state. A sophisticated actor, which the Russians are, could easily determine where to direct their attacks.”