Skip Navigation
Analysis

Mueller’s Latest Indictment Suggests Russia’s Infiltration of U.S. Election Systems Could Get Worse

With the 2018 midterms looming, we need to prepare for an even more damaging attack.

July 16, 2018

Cross-posted at Slate.

Much of the analysis follow­ing special coun­sel Robert Mueller’s Friday indict­ment of 12 Russian intel­li­gence officers has focused on their alleged conspir­acy to hack into Clin­ton campaign and Demo­cratic Party computers and email systems during the 2016 elec­tion, and on ques­tions about coordin­a­tion between then-candid­ate Donald Trump’s campaign and the Russian infilt­rat­ors.

But the indict­ment also included new revel­a­tions about the extent of Russi­a’s attacks on our elec­tion systems in 2016—and those details provide a warn­ing that we need to get seri­ous about prepar­ing for even more damaging attacks in this year’s midterms.

The latest indict­ment alleges that Russian intel­li­gence officers hacked into the website of a yet-uniden­ti­fied state board of elec­tions. Among other new inform­a­tion, it alleges Russia used that hack to steal inform­a­tion related to 500,000 voters. That figure’s surpris­ing. We already know that hack­ers targeted elec­tion systems in 21 states and allegedly hacked into the computers of a private U.S. elec­tions systems vendor. (The indict­ment did not name the vendor, but details seem to match a repor­ted hack of the company VR Systems; VR Systems has denied any breach had occurred.) But, thus far, offi­cials have only confirmed that data­bases from the Illinois elec­tion systems had ever actu­ally been comprom­ised. What’s more, reports previ­ously indic­ated the records of only about 100,000 voters had been accessed in the Illinois breach. That means the reach of Russi­a’s infilt­ra­tion of elec­tion systems likely went deeper than we’d under­stood.

Perhaps most import­antly, as Wired’s Kim Zetter iden­ti­fies, the indict­ments suggest the Russi­ans’ attack against U.S. elec­tion infra­struc­ture may have been an after­thought. The indict­ment puts the research and execu­tion of the state board of elec­tion and vendor attacks in June through Octo­ber of 2016—well into the elec­tion, and months after the initial hacks of the Demo­cratic National Commit­tee and Hillary Clin­ton’s campaign. As she notes, we would be wise to assume future attacks will involve more advanced plan­ning. Combine this with the fact that the Russi­ans undoubtedly learned inform­a­tion from their 2016 efforts, and there is reason to believe future attacks on our elec­tion infra­struc­ture could be far more damaging.

The good news is that many offi­cials tasked with protect­ing our elec­tion infra­struc­ture take this threat seri­ously. Elec­tion offi­cials, the Depart­ment of Home­land Secur­ity, and the federal Elec­tion Assist­ance Commis­sion have all been work­ing dili­gently to ensure they can catch and prevent future attempts to breach elec­tion infra­struc­ture. Congress has provided states with $380 million to increase elec­tion system secur­ity. A new govern­ment coordin­at­ing coun­cil now allows the federal govern­ment and local elec­tion offi­cials to share inform­a­tion like never before. And many states have made seri­ous invest­ments in new secur­ity.

This is crit­ical work, but it’s not enough. The truth is: We can never have 100 percent unhack­able elec­tions. If Russian intel­li­gence agen­cies (or other foreign powers) have decided that they want to make a concer­ted effort to attack our elec­tions, they will, at some point, be success­ful.

The single most import­ant thing states and counties can do in the next few months is to ensure that every polling place in the coun­try has contin­gency plans in place to deal with a success­ful breach. That means ensur­ing that, in spite of a success­ful attack, people can vote on Elec­tion Day, and we have a way of ensur­ing all of those votes will even­tu­ally be coun­ted accur­ately.

To start, it’s worth focus­ing on three crit­ical elec­tion systems that cyber­at­tack­ers are most likely to target—and to look at some of the actions that local juris­dic­tions should take to detect and recover from success­ful attacks against them.

Elec­tronic poll books: Thirty-two states use e–poll books, usually in the form of mobile computers or tablets, that allow poll work­ers to digit­ally look up voters’ regis­tra­tion inform­a­tion instead of manu­ally search­ing through paper lists of names. Most e–poll books come equipped with tech­no­logy that allows them to commu­nic­ate with, at minimum, nearby e–poll book units in the same polling loca­tion to share real-time voter check-in inform­a­tion. E–poll books may commu­nic­ate this inform­a­tion over wired or wire­less network connec­tions. But e–poll books that commu­nic­ate over wire­less networks present unique secur­ity chal­lenges because, unlike a wired network, a wire­less network can be monitored and attacked from a distance.

While the indict­ment does­n’t allege that e–poll books were hacked in the 2016 elec­tion, there’s reason to believe they could be an enti­cing target for hack­ers. If a juris­dic­tion is unpre­pared for e–poll book fail­ures, voters could be told they are not registered or forced to wait for hours to vote while elec­tion offi­cials scramble to fix the e–poll books or locate and print paper backups.

For juris­dic­tions using this tech­no­logy, there are two import­ant steps to take to curtail a poten­tial hack. First, they should limit or elim­in­ate wire­less connectiv­ity, includ­ing Wi-Fi and Bluetooth, to decrease the risk of a success­ful attack. Second, elec­tion offi­cials should ensure that every polling place using e–poll books on Elec­tion Day also has backup prin­ted paper poll books on hand in the event of a real or suspec­ted e–poll book fail­ure (some­thing that’s not just help­ful in the case of a hack but also for run-of-the-mill soft­ware and device glitches). Currently, only 17 states of the 32 states using e–poll books require backup paper poll books on Elec­tion Day.

Voter regis­tra­tion systems: The voter regis­tra­tion system main­tains the offi­cial list of registered voters, includ­ing indi­vidu­als’ names, phone numbers, addresses, district assign­ment inform­a­tion, and, in some states, polit­ical party affil­i­ation. Mueller’s indict­ments confirm that voter regis­tra­tion systems were indeed a target of the Russi­ans in 2016. Though the only substan­tial success­ful hack we know of involved steal­ing basic voter regis­tra­tion info (likely names, addresses, and the last four digits of Social Secur­ity numbers in the case of the Illinois). But other types of breaches could present poten­tial night­mare scen­arios. Imagine hack­ers could some­how delete or change voter regis­tra­tion inform­a­tion, so voters would show up at the polls only to find their names miss­ing or registered to the wrong precinct. Or nimble hack­ers might make it impossible for elec­tion offi­cials to access certain voter files when it comes time to create new poll books.

To ensure such attacks would not disrupt an elec­tion, offi­cials should down­load an elec­tronic copy of the voter inform­a­tion on a daily basis. This will allow them to recon­struct a list should they discover a hack and to access a list if the offi­cial data­base becomes unavail­able at any point.

Offi­cials should also ensure that every polling place has enough provi­sional ballots to last through at least two hours of peak voting time, so that if neces­sary, they can print and deliver more as needed without forcing voters to wait. Federal law requires that polling places provide provi­sional ballots, which allow an indi­vidual to record a vote even in the event poll work­ers can’t find the indi­vidu­al’s names on a regis­tra­tion list. These paper ballots are only coun­ted if elec­tion offi­cials can later confirm that the indi­vidual was eligible to vote at that polling place. In the event of a hack, provi­sional ballots would ensure that indi­vidu­als are able to cast a ballot while provid­ing elec­tion offi­cials addi­tional time to determ­ine eligib­il­ity using backup lists.

Voting machines: There are no alleg­a­tions in the Mueller indict­ments that Russi­ans targeted voting machines in the 2016 elec­tion. Never­the­less, this is obvi­ously a crit­ical system to protect from cyber­at­tacks. There are many steps juris­dic­tions should be taking to ensure that hack­ers cannot reach voting machines in a way that impacts the integ­rity of the elec­tion. Among those: conduct­ing pre-elec­tion “logic and accur­acy” test­ing for every machine. This is akin to running a mini-elec­tion on each machine before it’s put in use, to ensure each machine is count­ing votes accur­ately.

After the elec­tion is over, but before results are certi­fied, juris­dic­tions should also conduct post-elec­tion audits. For polling places in about two-thirds of the coun­try, this means compar­ing a manual count of the paper ballots voters cast to the tally gener­ated by the digital scan­ners that most of these juris­dic­tions employ to read said paper ballots. For polling places that use direct-record­ing elec­tronic voting machines—which allow indi­vidu­als to log votes by manu­ally touch­ing a screen, monitor, or other device—this means assur­ing these machines include “voter-veri­fied paper audit trails.” These paper prin­touts provide a perman­ent record of the votes cast by the indi­vidual and give voters the oppor­tun­ity to review a paper record of their choices before cast­ing their ballots.

Unfor­tu­nately, 13 states are still using at least some direct-record­ing elec­tronic voting machines that have no paper trail as their primary polling place equip­ment, making audits in these states impossible. These machines should be replaced as soon as possible. Come Novem­ber, it’s also crit­ical for any states using any kind of elec­tronic voting machines to have emer­gency paper ballots that can be deployed imme­di­ately in case machines break­down—whether that break­down is caused by a system fail­ure or hack.

All of the steps discussed above are crit­ical not just to detect and recover from a hack against our elec­tion infra­struc­ture but to instill greater public confid­ence in our elec­tion systems more gener­ally.  As of now, it does­n’t look like Russi­ans altered or erased any voter regis­tra­tions, meddled with any polling places, or changed any votes in the 2016 elec­tion. But they were also after another cent­ral goal: to cast doubt on the integ­rity of Amer­ican demo­cratic systems and insti­tu­tions. Regard­less of their abil­ity to success­fully hack elec­tion systems in the future, we still need to keep wary of the discord even suspi­cion of such sabot­age can sow. Elec­tion offi­cials who adopt strong contin­gency plans, and make those plans known to their voters, can help reas­sure citizens that, regard­less of what threats we face, voters will be able to cast ballots that will be accur­ately coun­ted.

To be sure, the 2018 midterms could go off without a hitch. But instead of wish­ful think­ing, states and counties need to hope for the best but prepare for the worst.

(Image: iStock)