╌>

US election integrity depends on security-challenged firms

  

Category:  News & Politics

Via:  jasper2529  •  6 years ago  •  13 comments

US election integrity depends on security-challenged firms
It was the kind of security lapse that gives election officials nightmares. In 2017, a private contractor left data on Chicago's 1.8 million registered voters—including addresses, birth dates and partial Social Security numbers—publicly exposed for months on an Amazon cloud server.

S E E D E D   C O N T E N T



It was the kind of security lapse that gives election officials nightmares. In 2017, a private contractor left data on Chicago's 1.8 million registered voters—including addresses, birth dates and partial Social Security numbers—publicly exposed for months on an Amazon cloud server.

Later at a tense hearing , Chicago's Board of Elections dressed down the top three executives of Election Systems & Software, the nation's dominant supplier of election equipment and services.

The three shifted uneasily on folding chairs as board members grilled them about what went wrong. ES&S CEO Tom Burt apologized and repeatedly stressed that there was no evidence hackers downloaded the data.

The Chicago lapse provided a rare moment of public accountability for the closely held businesses that have come to serve as front-line guardians of U.S. election security.

A trio of companies—ES&S of Omaha, Nebraska; Dominion Voting Systems of Denver and Hart InterCivic of Austin, Texas—sell and service more than 90 percent of the machinery on which votes are cast and results tabulated. Experts say they have long skimped on security in favor of convenience, making it more difficult to detect intrusions such as occurred in Russia's 2016 election meddling.

The businesses also face no significant federal oversight and operate under a shroud of financial and operational secrecy despite their pivotal role underpinning American democracy.

In much of the nation, especially where tech expertise and budgets are thin, the companies effectively run elections either directly or through subcontractors.

"They cobble things together as well as they can," University of Connecticut election-technology expert Alexander Schwartzman said of the industry leaders. Building truly secure systems would likely make them unprofitable, he said.

The costs of inadequate security can be high. Left unmentioned at the Chicago hearing: The exposed data cache included roughly a dozen encrypted passwords for ES&S employee accounts . In a worst-case scenario, a sophisticated attacker could have used them to infiltrate company systems, said Chris Vickery of the security firm Upgard, which discovered the data lapse.


Read more at:  https://phys.org/news/2018-10-election-security-challenged-firms.html#jCp




Tags

jrDiscussion - desc
[]
 
Jasper2529
Professor Quiet
1  seeder  Jasper2529    6 years ago
"This is the type of stuff that leads to a complete compromise," he said. ES&S said the passwords were only used to access the company's Amazon cloud account and that "there was no unauthorized access to any data or systems at any time."


 
 
 
Jasper2529
Professor Quiet
2  seeder  Jasper2529    6 years ago
Many voting systems in use today across the more than 10,000 U.S. election jurisdictions are prone to security problems. Academic computer scientists began hacking them with ease more than a decade ago, and not much has changed. Hackers could theoretically wreak havoc at multiple stages of the election process. They could alter or erase lists of registered voters to sow confusion, secretly introduce software to flip votes, scramble tabulation systems or knock results-reporting sites offline.



 
 
 
Jasper2529
Professor Quiet
3  seeder  Jasper2529    6 years ago
Election vendors have long resisted open-ended vulnerability testing by independent, ethical hackers—a process that aims to identify weaknesses an adversary could exploit. Such testing is now standard for the Pentagon and major banks.


 
 
 
Jasper2529
Professor Quiet
4  seeder  Jasper2529    6 years ago
Sen. Ron Wyden, an Oregon Democrat, has long criticized what he calls the industry's "severe underinvestment in cybersecurity." At a July hearing, he accused the companies of "ducking, bobbing and weaving" on a series of basic security questions he'd asked them.


 
 

Who is online

Kavika


458 visitors