Paper - Cyber Security Project, Belfer Center
Hacking Chads: The Motivations, Threats, and Effects of Electoral Insecurity
Summary
This paper addresses a growing concern to one of the most fundamental components of our democracy: how cybersecurity risks can influence the integrity of our elections. This past summer's hacks and attempted network intrusions into a variety of Democratic Party networks and into election infrastructure highlight the urgency of the issue. The mounting evidence of Russian involvement, confirmed in an unprecedented statement by the Obama Administration in October, underscores the stakes. While there previously have been occasional — and mostly unfounded — concerns about localized voter fraud in U.S. elections, this is the first time a foreign nation attempt to influence a U.S. election by taking advantage of weaknesses in our cybersecurity.
Two vital questions emerge. First, how concerned should we be about election cybersecurity? Second, how vulnerable is the United States to a foreign power or other actor trying to undermine the public's confidence in our elections? In examining these issues, we consider the motivations of hackers for targeting elections, the plausible threats to election security, and the effects of real and perceived manipulation.
We argue that foreign intelligence agencies, most prominently Russia's, have plausible motivations and capabilities for some kinds of electoral interference. In addition, there are other actors, such as terrorist groups, partisan activists, and groups with narrow parochial interests, which might seek to manipulate an election. There is a range of possible mechanisms for carrying out these threats, including targeting voters, voting rolls, voting machines, tabulation, and the dissemination of results. We draw on security audits and demonstrated cases of previous Russian operations in analyzing these risks. We argue that it is not just the reality of fraud that is concerning, but the perception of it. The effects of perceived illegitimacy can be deeply damaging and perhaps harder to counteract. In particular, persistent questions about electoral integrity may by itself advance foreign interests.
We put forth five recommendations for improving the cybersecurity of elections, showing their integrity, and guarding against threats. First, the federal government should designate election systems as critical infrastructure, catalyzing additional federal and state attention to improving cybersecurity. Second, backed by federal funding, states should purchase and deploy voting machines that generate a voter-verifiable paper audit trail. Third, states should expand their use of pre-election security audits to identify and remediate vulnerabilities. Fourth, states should establish or improve their post-election audit procedures, applying statistically rigorous methods to increase confidence in the reported results. Lastly, the United States should outline a clear policy on the seriousness of electoral interference as a means of deterring foreign adversaries.
For more information on this publication:
Please contact
Cyber Project
For Academic Citation:
Buchanan, Ben and Michael Sulmeyer. “Hacking Chads: The Motivations, Threats, and Effects of Electoral Insecurity.” Paper, Cyber Security Project, Belfer Center, October 2016.
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions
- The Hill
We Must Sustain America’s Big Tech Engines of Innovation
Analysis & Opinions
- MIT Technology Review
How AI Could Write Our Laws
In the Spotlight
Most Viewed
Paper
India's Foreign Policy
Analysis & Opinions
- Project Syndicate
What Caused the Ukraine War?
Policy Brief
- Caspian Studies Program
The Essentials of Good Governance
Summary
This paper addresses a growing concern to one of the most fundamental components of our democracy: how cybersecurity risks can influence the integrity of our elections. This past summer's hacks and attempted network intrusions into a variety of Democratic Party networks and into election infrastructure highlight the urgency of the issue. The mounting evidence of Russian involvement, confirmed in an unprecedented statement by the Obama Administration in October, underscores the stakes. While there previously have been occasional — and mostly unfounded — concerns about localized voter fraud in U.S. elections, this is the first time a foreign nation attempt to influence a U.S. election by taking advantage of weaknesses in our cybersecurity.
Two vital questions emerge. First, how concerned should we be about election cybersecurity? Second, how vulnerable is the United States to a foreign power or other actor trying to undermine the public's confidence in our elections? In examining these issues, we consider the motivations of hackers for targeting elections, the plausible threats to election security, and the effects of real and perceived manipulation.
We argue that foreign intelligence agencies, most prominently Russia's, have plausible motivations and capabilities for some kinds of electoral interference. In addition, there are other actors, such as terrorist groups, partisan activists, and groups with narrow parochial interests, which might seek to manipulate an election. There is a range of possible mechanisms for carrying out these threats, including targeting voters, voting rolls, voting machines, tabulation, and the dissemination of results. We draw on security audits and demonstrated cases of previous Russian operations in analyzing these risks. We argue that it is not just the reality of fraud that is concerning, but the perception of it. The effects of perceived illegitimacy can be deeply damaging and perhaps harder to counteract. In particular, persistent questions about electoral integrity may by itself advance foreign interests.
We put forth five recommendations for improving the cybersecurity of elections, showing their integrity, and guarding against threats. First, the federal government should designate election systems as critical infrastructure, catalyzing additional federal and state attention to improving cybersecurity. Second, backed by federal funding, states should purchase and deploy voting machines that generate a voter-verifiable paper audit trail. Third, states should expand their use of pre-election security audits to identify and remediate vulnerabilities. Fourth, states should establish or improve their post-election audit procedures, applying statistically rigorous methods to increase confidence in the reported results. Lastly, the United States should outline a clear policy on the seriousness of electoral interference as a means of deterring foreign adversaries.
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions - The Hill
We Must Sustain America’s Big Tech Engines of Innovation
Analysis & Opinions - MIT Technology Review
How AI Could Write Our Laws
In the Spotlight
Most Viewed
Paper
India's Foreign Policy
Analysis & Opinions - Project Syndicate
What Caused the Ukraine War?
Policy Brief - Caspian Studies Program
The Essentials of Good Governance
