Stanford CIS

Opinion: How to make democracy harder to hack

By Scott Shackelford on

With the alleged Russian government hack of the Democratic National Convention email servers, and further leaks expected over the coming months that could influence an election, the drama of the 2016 US presidential race highlights an important point: Nefarious hackers don't just pose a risk to vulnerable companies, cyberattacks can potentially effect the future of the free world.

And the trouble does not stop with the DNC. As The Washington Post and other outlets reported, what has been lost in the torrent of reporting on attributing the DNC hack are the latent vulnerabilities replete throughout our election infrastructure – including voting machines.

Unfortunately, we're not treating voting machines as the core pieces of critical infrastructure that they are, on either a national or global level.

What counts as “critical infrastructure” is often in the eye of the beholder. In the US, there are 16 critical infrastructure sectors designated by theDepartment of Homeland Security, ranging from finance to healthcare. In the European Union, the number is 11. The distinction matters because when something is designated as “critical,” regulation is more likely to follow.

Yet, so far, the machinery undergirding our democratic institutions has not received the same level of scrutiny as other critical infrastructure sectors such as our power lines and wastewater plants. That is despite a long, international history of attacks on voting machines and databases going back as far as 1994 in South Africa (when Nelson Mandela’s victory was initially diluted because of fraud). Even in the US as recently as 2012 during apilot program in DC to test online voting, researchers from the University of Michigan were able to hack the government website so that the University’s fight song would play after a vote was cast.

Read the full piece at The Christian Science Monitor.