Less than a week after high-ranking lawmakers accused Russian intelligence agencies of trying to interfere with the presidential election, US officials have tried to offer a reassuring response: A cyberattack, they say, couldn’t change the outcome of the presidential election.
“I’m here to communicate one message — that message is that our elections are secure,” said Thomas Hicks, the chairman of the Election Assistance Commission (EAC), during a Congressional hearing Wednesday on election cybersecurity. Hicks said the locally run election process, with each state managing its own systems, and comprising over 9,000 jurisdictions, presents an overwhelming obstacle to any would-be hacker.
Although hackers breached online election databases in Arizona and Illinois recently, Hicks stressed the difference between websites and voting systems. No voting machines in use are connected to the internet, he said. Hicks added that the attack on state systems served as a wake-up call. “Instead of causing a national crisis, the breaches notified election officials across the country that they should be on high alert,” he said.
The EAC and the Department of Homeland Security (DHS) have been tasked with providing cybersecurity resources and guidance to state governments after the hacks in Arizona and Illinois and the Democratic National Committee’s email hack in July.
"We have confidence in the overall integrity of our electoral system because our voting infrastructure is fundamentally resilient."
Andy Ozment, a top DHS cybersecurity official, agreed that our decentralized election system protects against outside interference. “We have confidence in the overall integrity of our electoral system because our voting infrastructure is fundamentally resilient,” he said during the same hearing.
Ozment acknowledged that parts of the US electoral system, just like any digital technology, are vulnerable to tampering. But “we have no indication that adversaries are planning cyber operations against US election infrastructure that would change the outcome of the election in November,” he said.
Several lawmakers referenced how Sen. Dianne Feinstein and Rep. Adam Schiff had publicly accused Russia of engaging in sustained efforts to influence the US election, but Ozment declined to comment. No member of the executive branch has confirmed that Russian agents perpetrated the hacks, nor have they pinned the attacks on any other entity.
"Attacks against voting machines are unlikely to have widespread impact ... However, attacks or malfunctions that could undermine public confidence are much easier."
Despite Ozment and Hicks’s reassurances, experts during the hearing pointed to glaring security flaws tied to dangerously outdated voting equipment that’s still used across the country, as well as paperless voting machines.
Andrew Appel, a computer science professor at Princeton University, urged election officials to abandon touchscreen machines that produce no paper record. This protects not only against deliberate and malicious interference, but also miscalibration and software bugs, he said during the hearing. Appel has demonstrated how it's possible to install a vote-stealing program onto a voting machine in seven minutes using just a screwdriver.
“As the equipment gets older, we are more likely to see failures,” said Lawrence Norden, deputy director of the democracy program for the Brennan Center for Justice and co-author of a recent study that catalogued the alarming state of US voting machines.
Norden doubts that a Kremlin-hatched election scheme could determine who ends up in the White House. But he expressed a different concern, echoing lawmakers like Feinstein and Schiff: Rather than manipulating vote tallies, tampering with voting machines could sow distrust in the electoral process.
“Attempted attacks against voting machines are highly unlikely to have widespread impact on vote totals this November,” he said. “However, attacks or malfunctions that could undermine public confidence are much easier.”