Why Election Security Matters

While running for president in 2016, Donald Trump said he reserved the right to not accept the election result, as if his possible defeat could only be explained by vote-rigging or corruption. His opponent, Hillary Clinton, retorted in a debate, "That's horrifying . . . He is denigrating — he is talking down our democracy."

致电IT愤世嫉俗，翻译或违反体育道，但特朗普与其他竞选主题符合，这些主题达到政府犯罪的暗示。将选举过程称为问题袭击了问题。虽然特朗普营地归咎于威胁选举诚信的非法选民的决定 - 各种研究被揭穿的指控 - 在这种激烈的政治时刻没有作出合法和尚未解决的问题：国家的投票机器和软件正在衰老，并凭借安全缺陷扭动。

To be sure, all information technology has weaknesses. A massive buildup of commercial and government defenses has not prevented spectacular breaches such as those exposing more than 40 million Target customers' credit and debit cards in 2013; data on more than 21 million background investigations at the美国人事管理办公室in 2015; and nearly 150 million Equifax consumer credit records in 2017.

But at least there are continuing efforts by the IT security industry and allied federal agencies to bolster threat detection and prevention. Voting infrastructure, which lacks a central authority, sorely needs this kind of help. It represents an urgent test for cybersecurity mobilization. Neglect and failure aren't options.

就在特朗普上任之前，国土安全部门的外向部门jeh约翰逊宣布投票是一个关键的基础设施，能源，金融服务和14个其他部门“有资格获得优先级网络安全援助”的国家。“选举基础设施对我们的国家利益至关重要，”Johnson，现在是保罗，韦斯，Rifkind，沃顿省和驻军partner，在一个人中说2017年1月陈述。"Cyberattacks on this country are becoming more sophisticated, and bad cyber actors" - he mentioned nation states, cyber criminals, and hacktivists - "are becoming more sophisticated and dangerous."

The国家国家秘书协会opposed designating election infrastructure as critical, so Johnson sought to reassure those officials that it "does nothing to change the role state and local governments have in administering and running elections.

必须做的事情。在菲bruary, citing results of a survey of 229 officials in 33 states, New York University School of Law's Brennan Center for Justice说过, "Election officials across the country say they are heading into the 2018 midterms with outdated voting machines and computer systems, and many of them do not have the resources to replace them" with updated, more secure technology.

A recent study by the美国进步中心concluded that "all 50 states have taken at least some steps to provide security in their election administration," but under the center's grading system for security and reliability, "no state received an A; 11 states received a B; 23 states received a C; 12 states received a D; and five states received an F."

According to Douglas W. Jones, a University of Iowa professor who is one of a cadre of computer scientists raising alarms in recent years about election-system vulnerabilities, the responsibility is spread among some 5,000, mostly county-level, offices.

The decentralization could be a security advantage; adversaries prefer big targets with high returns on their investment. Congressional and Justice Department investigations of alleged Russian meddling in U.S. politics have centered on so-called influence operations, often exploiting social media. Last year, in a retrospective on the 2016 election, Jones said that influence operations "could change more votes at a lower cost than any alternative" including attempts to alter vote counts.

但有新的问题。美国的最高官员警告了2月13日参议院聆讯，当房屋和参议院的控制时，俄罗斯将升级俄罗斯升级其试图影响11月中期选举。2月20日，杰夫会议委员会宣布宣布创造一个网络数字工作组assigned, in part, "to prioritize its study of efforts to interfere with our elections" and with critical infrastructure.

The University of Iowa's Jones now believes he may have "underestimated the resources that Russia has devoted" to discrediting democracy in France, the U.K., and the U.S. He says relatively few precincts in battleground states dictate the outcome of a close national election, and hackers would know which ones to target.

“加强选举制度将需要两党支持，所以不幸的是它可能不会发生，”Cyber​​security Company Comodo和Cyodo公司高级研究科学家Kenneth Geers说北约合作网络防守卓越中心ambassador. Political parties and corporations "are powerful but not impartial" Internet stakeholders, he says. "Therefore, the U.S. government should fund a broad-based commission, heavy on academic and technological expertise, to help guide the way forward."

The government spending bill that President Trump signed on March 23 — two days after Johnson and current DHS secretary Kirstjen Neilsen were criticized at a Senate Intelligence Committee hearing for moving too slowly on election security — included $380 million for technology, training, and audits at the state level. It's a start.

Jeffrey Kuller是全球风险专业团结出版的风险专业杂志的主编。