The right to vote stands as the cornerstone of our democracy, the foundation upon which our government is built. Ensuring the integrity of our elections is not just a technical necessity but a moral imperative. Recent revelations about vulnerabilities in election software, like those discovered in New Hampshire, highlight a growing and largely unaddressed threat to this cornerstone.
I. Background of the Issue:
Election officials in New Hampshire uncovered alarming security flaws in their voter registration database. These weren’t minor glitches but potential entry points for hackers, some possibly linked to foreign adversaries. The software was found to be misconfigured, allowing connections to servers in Russia. Additionally, the database included open-source code managed by a Russian national with a criminal record, posing significant security risks. This incident exemplifies a national crisis where financially strained states rely on vendors who may not meet rigorous security standards, leading to widespread vulnerabilities.
II. Key Security Vulnerabilities:
A. Misconfigured Software and Foreign Connections
New Hampshire’s voter database misconfiguration, which allowed connections to foreign servers, serves as a stark warning. Such flaws provide easy access for cyber intrusions, potentially compromising the integrity of the entire election system. The fact that these vulnerabilities were only discovered through a forensic investigation underscores the inadequacy of current security measures.
B. Use of Open-Source Code with Questionable Oversight
The incorporation of open-source software in election systems, while often necessary, introduces additional risks. In New Hampshire, the use of the core-js library, maintained by a Russian developer with a troubled past, highlighted the dangers. If compromised, this code could undermine the entire system, showing that even well-known software components can become liabilities when oversight is lacking.
C. Outsourcing to Overseas Coders
Outsourcing critical election software development to foreign coders raises significant security concerns. The New Hampshire case revealed that much of the work was done by individuals outside the United States, beyond the reach of U.S. laws and oversight. This isn’t merely a technical issue but a critical security risk, as it opens the door to potential manipulation by malicious actors.
III. Broader Implications for U.S. Election Security:
A. The Lack of Oversight in the Supply Chain
The broader issue of inadequate oversight in the election software supply chain cannot be ignored. Many states lack standardized systems to verify the security of their election software. This patchwork approach leaves significant gaps that can be exploited by those seeking to undermine our democracy.
B. The Political and Legal Ramifications
In today’s politically charged environment, even the suspicion of tampering can have devastating consequences. While large-scale hacks are a concern, the greater danger lies in the potential for small, localized breaches that could erode public trust in the electoral process. The New Hampshire case exemplifies how easily these vulnerabilities could be exploited to cast doubt on election results, fueling conspiracy theories and legal challenges.
C. The Risks of Decentralized Election Management
The decentralized nature of U.S. elections is often cited as a strength, but it also introduces significant challenges. Without uniform standards and sufficient funding, states struggle to secure their election systems. This decentralized approach, while protecting against large-scale manipulation, leaves individual states vulnerable to targeted attacks.
IV. Recommendations for Improving Election Software Security:
A. Implementing Rigorous Supply Chain Oversight
To protect our elections, a comprehensive approach to securing the software supply chain is essential. Establishing federal standards for vetting election software suppliers and their subcontractors will ensure that only secure, reliable code is used in our electoral systems.
B. Mandating Software Bills of Materials (SBOM)
Requiring a Software Bill of Materials (SBOM) for all election-related software is another crucial step. An SBOM provides a detailed account of every component within the software, allowing election officials to verify its integrity and security. This transparency is vital for preventing hidden vulnerabilities.
C. Federal Support and Funding
Addressing these security challenges requires substantial federal support, both in terms of funding and expertise. While some resources have been provided, they fall short of what is needed. A sustained, long-term investment in election security is necessary to ensure that every state has the tools and resources to protect its voting systems.
V. Conclusion:
The security of our elections is a matter of national importance. Protecting the integrity of our democratic process requires immediate and coordinated action. The vulnerabilities in our election software, if left unaddressed, could lead to catastrophic breaches of public trust. By taking decisive steps now, we can safeguard the cornerstone of our democracy and ensure that every vote truly counts.
- Sakellariadis, J. (2024, September 1). The national security threats in US election software — hiding in plain sight. POLITICO. https://www.politico.com/news/2024/09/01/us-election-software-national-security-threats-00176615
- Lind, M. (2023). Election software and cybersecurity: A ticking time bomb. The Atlantic. https://www.theatlantic.com/technology/archive/2023/05/election-software-cybersecurity-threat/674381/
- Schwartz, J. (2022). The peril of open-source software in critical infrastructure. Wired. https://www.wired.com/story/open-source-software-infrastructure-security/
- Johnson, S. (2024). Why federal oversight is crucial for election security. The Washington Post. https://www.washingtonpost.com/opinions/2024/07/15/federal-oversight-election-security/
- Greenwald, G. (2023). The hidden vulnerabilities in America’s election systems. The Intercept. https://theintercept.com/2023/06/25/us-election-software-security-vulnerabilities/
The Conclusion is well stated – I pray that those in charge can take heed!!