With less than five weeks to go until the presidential election, U.S. officials are taking extra measures to reassure voters of the integrity of the election process, insisting it is safe from hackers despite a recent series of high-profile breaches, attempted attacks and warnings.“What people need to know about this is that our voting infrastructure is really quite resilient,” Lisa Monaco, assistant to the president for homeland security and counterterrorism, told a Cyber Warfare Summit hosted by the Washington Post Thursday. “We ought to be very confident in our election system.”
The reassurance comes as cybersecurity experts and U.S. lawmakers continue to blame Russia for the wave of online attacks they say are meant to undermine confidence in the November 8 election.
Most notable was the attack on the Democratic National Committee, which resulted in the leak of thousands of emails that embarrassed the party in the days leading up to its national convention in July and forced the resignation of its chair, Debbie Wasserman Schultz, a congresswoman from Florida.
Multiple U.S. government officials have said off the record that they believe Russia is trying to undermine confidence in the U.S. election process, though the White House has yet to publicly blame Moscow.
Hard to hack
In reality, hacking the U.S. election would be incredibly difficult, since it is not federalized into a single entity. Instead, the election is spread across about 8,000 localities, with each one using its own methods, systems and rules. In many jurisdictions, the process is offline altogether.
“Our system is decentralized,” said Thomas Hicks, commissioner of the Election Assistance Commission, who also spoke at the forum Thursday. “And with a decentralized system, you’d need an army of folks to try to get into the system.”
But there are still vulnerabilities, as described by specialists at the cyberwarfare event Thursday.
One risk is at the state and local level. Hackers have recently targeted voter registration systems in more than 20 states, the Department of Homeland Security said last week. In at least a few cases, officials said the hackers succeeded in gaining access to state voting-related systems.
Responding to the threats, at least 21 states have asked for federal cybersecurity assistance, according to DHS.
So far there have been no reports of manipulation. But the threat is real and could be highest in the handful of so-called swing states that typically determine the winner of U.S. elections.
A cybersecurity company, Carbon Black, warned last week that the battleground state of Pennsylvania could be the most at risk, in part because some parts of the state use electronic voting machines without adequate paper backup.
Campaigns, parties also vulnerable
It’s not just the voting process that is susceptible to hackers. Other parts of the U.S. election apparatus, including political parties and individual campaigns, are also at risk.
Though the DNC has so far experienced the worst of the hacking attacks, Republican Party operatives have also been targeted, according to Brett DeWitt, the senior policy adviser for cybersecurity for the U.S. House of Representatives Committee on Homeland Security.
“Both political parties have been hacked,” DeWitt says. “They’re trying to undermine the integrity and confidence of the entire election system, Republican or Democrat.”
The problem is complicated by the fact that many political campaigns and committees are traditionally reluctant to spend a major amount of money on cyber protections, instead preferring to concentrate funds into political ends.
“All these political organizations want to put all their resources into winning races and promoting candidates and building their party,” says Michael Sussman, a former Department of Justice cybercrimes prosecutor, who is on the DNC’s new cybersecurity board.
More to come?
Sussman says he expects more emails to eventually be released by the hackers who broke into the DNC networks. And he says he wouldn’t be surprised if there were more politically motivated attacks to come.
“We know it’s Russian state-sponsored, and we know that the groups doing it are very sophisticated, and in fact, it is their day job.” he said. “They’re not going to go away, and they’re going to be very persistent.”