Give us cybersecurity or give us war

Hang on for a minute...we're trying to find some more stories you might like.


Email This Story






Last Monday saw cyber security vaguely debated between presidential candidates Hillary Clinton and Donald Trump. Whereas Clinton held that recent hacks on the Democratic National Committee and State department were evidence of Russian President Vladimir Putin’s “very tough, long game,” Trump rebuked with a statement that the true hackers were not known, postulating that it could be “somebody sitting on their bed that weighs 400 pounds.”

Trump is standing against a growing expert consensus that Russia was behind the attacks, although the point has yet to be substantiated with evidence. Regardless of the findings of this ongoing investigation, for Clinton to say the United States should “defend the citizens of this country” by “[engaging] in a different kind of warfare” is a disturbing motion. It would be foolish to unleash cyber warfare against an adversary when our voting security is systematically vulnerable to hackers.

The supposition is that rolling up our sleeves with Russia would be necessary for the sake of defense, but what these hacks really demonstrate is that we need to bring the fight here at home. Protecting our democracy should be among the highest priorities in the United States, yet the Senate Intelligence Committee and a stunning number of politicians seem to think the idea of an expensive cyber war is a better idea.

TIME Magazine claimed the likelihood of our elections being tampered with is “unlikely” and that the government has “pushed out patches for known vulnerabilities in state computers and offered security scans.” In theory, the voting booths should be secure because they are “decentralized” and “diverse.”

But other details in the article seem to indicate the problem is deeper. During the Democratic Primary, controversy broke out over the authenticity of the election results after thousands of voters found themselves in long lines and, in some cases, dropped from the voter rolls, most notably in New York which has a closed primary. While this was shrugged off at the time, by June the FBI had found a group of hackers on the deep web called “Fancy Bear,” which obtained a Microsoft Word document containing the voter data of almost 4 million people.

This is what our “decentralized” and “diverse” election management looks like.

While having a wide array of systems throughout the nation is a tactic of cyber security, since manipulating multiple encryptions and systems would become tedious, a lack of oversight on information management is not. This allows hackers to effortlessly troll through thousands of systems and exploit every lapse of judgment they can find. Cybersecurity is a constant and ever-increasing battle; every federal worker responsible for voter counts needs to be using a secure server and be aware when translating that data into applications or clipboards where they can be easily hacked.

Voting machines catch a lot of attention for being vulnerable as they leave no paper trail, meaning there is not a physical receipt for each vote to audit the results. Ariel Feldman, a computer science professor at the University of Chicago, told the Chicago Tribune, “The level of security confidence when it comes to these voting machines is much lower than the sort of industry standard … I mean, your iPhone is probably much more secure than most of these voting machines.”

But many states are veering away from these machines and have returned to paper ballots. According to Politico, The Princeton Group, who has been observing the vulnerabilities of voting machines for years, maintain that the problems extend beyond this stage of voting. In a successful hack, databases containing “digitized voter registration,” voting machines in development or software patches can be used to manipulate the results of an election. In fact, a committed hacker could trick a county clerk into installing the software under the guise of the government or a trustworthy group like FedEx.

“No county clerk anywhere in the United States has the ability to defend themselves against advanced persistent threats,” Dan Wallach, a computer science professor at Rice University said.

Government-issued patches could help, but many of these clerk offices interact with sensitive information on Windows XP computers, which have not been patched by Microsoft since April 2014. Moreover, we cannot rely on every federal employee being tech-savvy enough to fully implement or combat malware threats.

It is not likely that calling on Putin to put an end to the hacking, for which he has neither claimed responsibility nor been formally charged, will have any effect. Russia will continue to push its cybernetic capabilities to the limit and hack in any way they feel they can get away with.

The pragmatic solution to this problem is to call for competitive encryption technology to run our elections in a way that is decentralized, but with informed oversight to ensure maximum security. Brand-new machines in all 50 states with a paper trail and a substantial investment in internet security throughout the nation would go a long way as well. Perhaps most importantly, federal employees need computer science training before running an election.

Cyber security has the potential to affect every level of our national security – everything from private information to internet access can be weaponized by forces unknown. Voters across the country should treat suspect elections like the one in Arizona as a warning sign of troubles to come. It is hard to confirm the number of citizens disenfranchised, and connecting the hack to the primary’s malfunction is as speculative as connecting it to Russia, but the most sophisticated hacks are the ones we never detect. If we discover that a group has successfully influenced a United States election, it is not a good sign for our democracy. We should demand better and fight for our votes, not accept living in fear of an attack that could set off a war.

James Mazarakis is a Collegian columnist and can be reached at [email protected].