A Team of Election Security Experts say that they Discovered some Voting systems are connected to the Internet.
“We found over 35 [voting systems] had been left online and we’re still continuing to find more,” Kevin Skoglund, a Senior Technical Advisor at the Election Security Advocacy Group National Election Defense Coalition.
The National Institute of Standards and Technology (NIST), which provides Cybersecurity Frameworks for State and Local Governments and other Organizations, recommends that Voting systems should Not have Wireless Network Connections.
Skoglund and his team developed a Tool, “Google for Servers”, that scoured the Internet to see if the Central Computers that Program Voting machines and Run the Entire Election Process at the Precinct Level were Online. Once they had Identified such systems, they Contacted the Relevant Election Officials.
All the systems Skoglund’s Group found Online were manufactured by ES&S. The Online Systems were found in 11 States, in at least some Precincts, as well as in the District of Columbia.
The States were: Florida, Illinois, Indiana, Kentucky, Massachusetts, Michigan, Minnesota, Mississippi, Nebraska, Rhode Island, and Wisconsin.
It was an Assurance designed to bolster Public Confidence in the way America Votes: Voting machines “are not connected to the internet.” Then Acting Undersecretary for Cybersecurity and Communications at the Department of Homeland Security, Jeanette Manfra, said those words in 2017, testifying before Congress while she was Responsible for the Security of the Nation’s Voting system. It was the notion that if Voting systems are Not Online, Hackers will have a harder time Compromising them.
But that is an Overstatement, according to the NIST Team. While the Voting Machines themselves are not designed to be Online, the Larger Voting Systems, including the Voter Rolls, and the Vote Counting systems, in many States end up Online, putting the Voting Process at Risk.
The Three Largest Voting Manufacturing Companies: Election Systems & Software (ES&S), Dominion Voting Systems, and Hart InterCivic, have acknowledged they All put Modems in some of their Tabulators and Scanners. The reason? So that Unofficial Election Results can more Quickly be Relayed to the Public, to do Program Updates, and Troubleshooting. Those Modems Connect to Cell Phone Networks, which, in turn, are Connected to the Internet.
The Largest Manufacturer of Voting Machines, ES&S, said their Systems are Protected by Firewalls and are Not on the “Public Internet.” But both Skoglund and Andrew Appel, a Princeton Computer Science Professor and Expert on Elections, said such Firewalls can and have been Breached.
In New York, All their ES&S systems had their Internal Software changed to not allow Modem Access.
“AT&T and Verizon and so on try and protect as best they can the security of their phone network from the rest of the internet, but it’s still part of the internet,” Appel explained. “There can still be security holes that allow hackers to get into the phone network.”
The 35 systems Skoglund’s Team found represent a Fraction of Total Voting Systems Nationwide, though he believes they Only Captured a Portion of the Systems that are or have been Online. For Election Systems to be Online, even momentarily, presents a Serious Problem, according to Appel. “Once a hacker starts talking to the voting machine through the modem, the hacker cannot just change these unofficial election results, they can hack the software in the voting machine and make it cheat in future elections,” he said.
While the ES&S website states that “zero” of its Voting Tabulators are Connected to the Internet, 14,000 of their DS200 Tabulators with Online Modems are currently in use around the Country.
Hart said that it has approximately 1,600 Modem Tabulators in use in 11 Counties in Michigan.
With the 2020 Presidential Election, Appel and Skoglund believe All Modems can and should be Removed from Election systems. “Modems in voting machines are a bad idea,” said Appel. “Those modems that ES&S [and other manufacturers] are putting in their voting machines are network connections, and that leaves them vulnerable to hacking by anybody who can connect to that network.”
“Once you add that modem, you are de-certifying it,” Skoglund said. “It is no longer federally certified. And I don't know that all these jurisdictions are aware of that because ES&S is advertising otherwise.” “We should be unplugging all of these machines from the internet,” Skoglund said. “Even for elections nights.”
Appel agreed. “We can not make our computers perfectly secure," he said. "What we should do is remove all of the unnecessary, hackable pathways, such as modems. We should not connect our voting machines directly to the computer networks. That is just inviting trouble.”
But then what Communication system will State's use to allow E-Poll Books to Check for Duplicate Voting? Maybe a Closed Satellite system or some Future Closed Cloud system.
These Two Tech Experts also Agree on the path forward, saying they hope most Americans will Vote on Hand-Marked Paper Ballots, which are Counted by Machine, but can be Recounted by Hand, if the situation warrants, and for Audits.
NYC Wins When Everyone Can Vote! Michael H. Drucker
No comments:
Post a Comment