Note: This article first appeared at InCyberDefense.
By Dr. Kevin Harris
Program Director, Cybersecurity, Information Systems Security and Information Technology, American Military University
Start a Homeland Security degree at American Military University.
We are all experiencing many new challenges in 2020 as a result of the ongoing pandemic. Working from home online learning has become mainstream, resulting in computer users needing a greater understanding of cybersecurity.
With the presidential election less than a week away, cybersecurity has many Americans concerned about its impact on our election. As voting is a bedrock of our society it is critical that proper controls are in place particularly as the voting process continues to incorporate more technology. The actual balloting process and potential to manipulate information are areas to examine, including the role individuals have in supporting election security.
The Three Methods of Voting
One of the primary concerns is identifying whether individuals’ votes are secure from tampering. Voting machines are typically “air gapped,” meaning they are not connected to a computer network, reducing the chances of a malicious actor gaining access.
As jurisdictions across the country have implemented various types of voting machines, it is important to understand the three general methods of casting a ballot: Hand-Marked Paper Ballots, Ballot-Marking Devices (BMD) and Direct Recording Electronic Systems (DRE).
Ballot Marking Devices enable voters to use a computer to generate a paper ballot which is then tabulated. BMDs let voters check and verify their ballot by reviewing it prior to submitting it for tabulation similar to checking a paper ballot. DREs record the results electronically in two methods, one with paper auditing and one without. DRE with paper auditing lets voters confirm their response on paper prior to tabulation, as well as being available for review later if needed for recounts.
Voters using a DRE without paper cannot externally verify their ballots or by an external audit. But this method is used in just a few states as show on VerifiedVoting, which tracks the voting equipment used in every county across the country. Reviewing your ballot regardless of whether it’s a hand-marked ballot, BMD or DRE with paper audit is critical in ensuring election security. Please do not forget this step! If you recognize a discrepancy in your ballot immediately notify a poll worker before proceeding.
The Impact of Social Media
Among other concerns during elections is that disinformation could affect voters’ decisions or incorrectly question election results. As a result of the widespread use of the internet and social media, many Americans get their news from non-traditional sources. Cybersecurity is a collaborative process and in this case tech companies must be vigilant in the fight to identify malware that can be used to negatively impact elections.
Microsoft’s recent work to disrupt the Trickbot ransomware botnet is an example of global partnerships. In addition to tech companies actively identifying disinformation and removing content that has negative implications, users must stay vigilant and active as well.
Individuals Have a Role to Play
It is citizens’ responsibility to understand the potential for manipulating online content and verifying any dubious information directly with the local election commission if changes of polling locations or voting hours are posted. Additionally, users should understand deepfakes; technology can be used to manipulate images, audio or videos. This is another illustration of the importance of user verification with a reliable source before assuming something seen or heard on the internet is true.
Collaboration among Election Commissions across the Country
Election commissions across the country work tirelessly to design and implement secure voting systems whether they be for hand-marked ballots, ballot marking devices, or direct recording electronic systems. The decentralized implementation of voting equipment is another security layer as there is no one place where an individual could look to compromise our current voting systems.
Our election security is a continuing example of the collaborative nature of cybersecurity. Government agencies and private companies must create a secure infrastructure; we, however, as individuals are also a key component. So remember to examine your paper ballot or paper audit record to ensure it’s correct as you want it, and notify a poll worker if you see any discrepancy. Additionally, take the time well before Election Day to verify information you see online.
About the Author
Dr. Kevin Harris is the Program Director for Cybersecurity, Information Systems Security and Information Technology at American Military University. With over 25 years of industry experience, Dr. Harris has protected a variety of organizational infrastructure and data in positions ranging from systems analyst to chief information officer.
His career encompasses diverse experiences both in information technology and academia. His research and passion are in the areas of cybersecurity, bridging the digital divide, and increasing diversity in the tech community. As an academic leader, Dr. Harris has instructed students at various institutions, including community colleges, HBCUs, public, private, graduate, undergraduate and online. He has trained faculty from multiple institutions in the area of cybersecurity as part of a National Science Foundation multistate CSEC grant.