Video With too many electronic voting systems buggy, insecure and vulnerable to attacks, US election officials would be well advised to keep paper trails handy.
This is according to Dr Matt Blaze, a University of Pennsylvania computer science professor and top cryptographer, who spoke to Congress this week about cyber-threats facing voting machines and election infrastructure.
Among Blaze’s recommendations is that rather than rely on purely electronic voting machines to log votes, officials use optical scan machines that retain a paper copy of each voter’s ballot that can be consulted if anyone grows concerned about counting errors or tampering. In other words, due to the fact that everything has bugs and flaws, truly paperless voting systems should be a no-no.
“In many electronic voting systems in use today, a successful attack that exploits a software flaw might leave behind little or no forensic evidence. This can make it effectively impossible to determine the true outcome of an election or even that a compromise has occurred,” Blaze told [PDF] the House Committee on Oversight and Government Reform.
“Unfortunately, these risks are not merely hypothetical or speculative. Many of the software and hardware technologies that support US elections today have been shown to suffer from serious and easily exploitable security vulnerabilities that could be used by an adversary to alter vote tallies or cast doubt on the integrity of election results.”
It took DEF CON hackers minutes to pwn these US voting machines
READ MORE
The recommendation was one of several Blaze made to Congress to address what he says is a problem compounded by both the increasing sophistication of cyber attacks and the inherent complexity of managing voting systems in multiple jurisdictions over long areas, as is the case with US elections.
Blaze also believes regular audits need to be performed on election systems, including after every election. Those audits would be able to help spot potential software failures in voting machines as well as spot possible attacks on voting machines and networks.
Finally, Blaze said, the training and resources afforded to both local and state voting officials needs to improve. In particular, training on how to spot and avoid sophisticated cyber attacks that would seek to sway an election either by manipulating the vote tally itself or with more subtle tactics.
“Electronic voting machines and vote tallies are not the only potential targets for such attacks. Of particular concern are the back end systems that manage voter registration, ballot definition, and other election management tasks,” Blaze told Congress.
[公告]安泰科技:关于全资设立安泰科技(常州)新材料科技发展有…
“Compromising any of these systems (which are often connected, directly or indirectly, to the Internet and therefore potentially remotely accessible) can be sufficient to disrupt an election while the polls are open or cast doubt on the legitimacy of the reported result.”
He also appealed on Twitter to fellow computer security experts to help shore up tabulation system defenses, cautioning them, though, to understand the tricky rules and red-tape involved in the administration of American elections:
Plea for infosec folks interested in voting system security: Your expertise is valuable and welcome, but will likely be ignored if you don’t take the time to learn something about the (complex and highly constrained) problems and existing work in the field.
— matt blaze (@mattblaze) November 30, 2017

Or as one election clerk summarized: please help, but please don’t assume officials are morons…
在互联网时代,即便没有跑商业流程,只为发布信息的网站也得注意信息安全,数据的“真实性”是信息安全的重要内容。
Acid etch this tweet on the copper plate of your memory, people. Most of the folks on my side(elex admin) genuinely love talking shop with tech people. We just don’t want to be told we’re incompetent. https://t.co/ayeNtS4kkB
— Clerk of Election (@ElectionBabe) November 30, 2017
You can catch the committee hearing in the video below, and read written statements from panel chairman Will Hurd (R-TX) here; Homeland Security official Chris Krebs, here; Secretary of State of Louisiana Tom Schedler, here; Virginia Department of Elections Commissioner Edgardo Cortés, here; and Brookings Institution national security law expert Susan Hennessey, here. ®
Youtube Video
过去我们在网络系统的建设初期只重视互联、互通和互操作,忽视信息安全防护,这让我们出现安全问题后才想到采取补救措施,进而陷入“亡羊补牢”的被动局面,现在我们在前期的需求分析和功能设计阶段就考虑和置入安全特性。

猜您喜欢

防止军事间谍渗透从信息保密意识抓起
防泄密在线课程
Security-Frontline-安全前线
海归美女博士回国种菜养猪 年收入800万
7725 WHOLEHEALTHCENTERS
海外安全培训课程课件,帮助国外出差人员强化安全防范意识,积极应对劫持与绑架: