With all the concern over cybersecurity heading into the midterm elections, it’s actually quite difficult for outsiders to directly manipulate votes. Unlike corporate networks and email systems, voting machines aren’t connected to the internet, making them hard to access.
So as government officials prepare for the hotly contested congressional elections in November, their focus is more on protecting the integrity of the systems that support the pre- and post-voting periods than on the ballots themselves.
“This is about more than just voting machines,” Jeanette Manfra, the top cybersecurity official at the Department of Homeland Security, told CNBC in an interview on Wednesday. “If an [attacker] was intent on sowing discord, how could they do that? It involves us looking at the broad elections administration process.”
Manfra was in Washington, D.C., this week for a three-day series of simulated cyberattacks. Officials from 45 states and territories participated, both in Washington and remotely, in an effort to consider a vast array of scenarios that could be used to interfere with the elections.
It’s a different approach than what you will find at hacker conferences, which have tried to show how easy it is to break into voting machines. For example, last week children as young as 11 took part in an educational exercise at the DEF CON hacking conference in Las Vegas, demonstrating that even kids can crack into the machines and change votes.
But according to Manfra, that’s not how it works, in part because states are required to use machines without internet connections. To tamper with such a device, someone would need direct access to it. Additionally, each state has its own protocols and their voting machines consist of hardware and software that differ from place to place.
The more concerning methods are those that could affect much wider swaths of voters. As the Russians showed in 2016, there’s a coordinated effort to cast doubt on results and “sow uncertainty and discord” in the election process itself, Manfra said.
DHS has been working to protect places where hackers could do real harm, like administrative offices and the databases that house voter registration information. The agency has placed new sensors on the databases to monitor web traffic in and out so it can more precisely spot malicious activity.
DHS is also working with state and local cybersecurity organizations under the umbrella of the Multi-State Information Sharing and Analysis Center, an organization that allows specialists at the state and local level to swiftly share data about potential attacks.
Greater communication and collaboration is important, Manfra said. DHS is planning ways to communicate various issues that may arise both to election officials and the public.