Election Cybersecurity?

I’m here from the Government, and I’m here to help.

I’m sure we’ve all heard this before.

Well, this time, DHS (Department of Homeland Security) is offering to “ensure the security of our election infrastructure”. Secretary Jeh Johnson hosted a phone call with members of the Association of Secretaries of State on August 15^th. What he proposed was to assist state officials in managing risks to voting systems. Why did he not say “eliminate” the risks? What he does not mention in the call, however, is that the machines themselves can be “rigged”. We’ve already seen evidence of that.

The Secretary says he will convene a Voting Infrastructure Cybersecurity Action Campaign with many experts from all levels of government and the private sector. Would these include the voting machine ‘hackers’? Would this be done in time for the election in November? Or will the committee drag on for years as many other things do these days? State Officials were encouraged to focus on implementing existing recommendations from NIST [2] (National Institute for Standards and Technology) and the EAC [3] (Election Assistance Commission) on securing election infrastructure. He only seems concerned about a threat from having the voting machines connected to the Internet while voting is taking place. Hackers do not need the Internet to “adjust” the election totals. There is already too much documentation about this.

If DHS decides that our elections are a ‘critical infrastructure’ – just like the banking system, or the electricity grid….. What? Give the government control over another aspect of our lives?

All it would take, under Presidential Decision Directive 21, [1] would be to designate one lead agency (DHS) to serve as a liaison with election officials – and offer them a range of assistance. Really, what kind of assistance? According to a DHS official, Election infrastructure is not designated as a separate critical infrastructure under PPD-21, it is critical to the functioning of our Democracy.

Assuming that State Officials are willing to safeguard the voting process …. Of course, as an accountant, I would recommend auditing of the systems and examining the poll results. Audits are usually completed by independent auditors, who do not have any interests in the entity for whom they are performing the audit. Independent Auditors must adhere to pre-defined Auditing Standards. That is not really the most important protection we can provide – The biggest threat is that the Government will be auditing the Government. How much more preposterous can that be?

Audit standards require that:

The auditor must maintain independence in mental attitude in all matters related to the audit.
The auditor must have adequate technical training & proficiency to perform the audit.

The auditor must obtain a sufficient understanding of the entity and its environment, including its internal control,

To my knowledge, DHS possesses none of these attributes.

The things that will go a long way guaranteeing an honest election are:

Voter ID – You even need that to claim government benefits.

Current (and correct) voter registration lists

Paper Backup to the Electronic Voting Machines – to track hacking, and verify unusual looking results when necessary

Closely examining races that appear “too close”

Require Voting machine vendors to publish the results of independent security audits (if they have ever been performed) Standards are needed for these machines, as well.

The solution is not expanding the government and adding a new committee to see if there is a problem. We already know there is. Whether from inside or outside our borders, our officials have sworn to defend the country from all enemies, foreign and domestic;

We have met the enemy – and it is us!