October 2018

Cyber Watch

The Good News and the Bad News About Election Security in Nevada

By Aleza Freeman

Cybersecurity professionals and top U.S officials have some good news and some bad news for Nevadans ahead of the November midterms.

The good news: Nevada has taken positive steps to secure the state’s election systems.

The bad news: Russia meddled in the 2016 election cycle and continues to interfere now.

Let’s focus on the good news first.

Since the 2016 presidential election, Nevada Secretary of State Barbara K. Cegavske’s office has been working directly with the Office of Cyber Defense Coordination (OCDC) and the Election Infrastructure Sector (EIS) Government Coordinating Council (GCC) to ensure that all Nevada agencies who host or support elections-related information systems are informed on cyber security planning and strategy.

Her staff attended a cybersecurity incident response training hosted by Harvard University’s Belfer Center for Science and International Affairs in March, and a national summit on election security hosted by Missouri Secretary of State Jay Ashcroft in August.

Additionally, the secretary of state’s office has worked closely with voting machine vendor Dominion since the primary election to resolve identified ballot display issues. The machine updates have been verified by a U.S. Election Assistance Commission-certified voting system laboratory. Additional independent testing will be held at the state level with the help of the Gaming Control Board.

Jennifer A. Russell, a spokesperson for the SOS, has assured that the Nevada secretary of state and local election officials will continue to follow election system testing and security laws. “We are confident in Nevada’s voting systems going into the 2018 general election,” she says.

Cybersecurity experts seem to agree that voters can have confidence in Nevada’s voting system.

“Everyone’s worrying about the voting machines themselves; whether someone is going to tamper with those machines and change the vote count,” notes Brent Watkins, a retired FBI agent who specialized in computer and high-tech crimes. “Since the last election, there has been a lot more emphasis put on cybersecurity, so it could possibly still happen, but…it’s just less likely.”

Watkins, who now serves as director of business development for Las Vegas cybersecurity firm Axiom Cyber Solutions, describes an election systems protection protocol called an air gap: since Nevada’s voting machines don’t connect to the Internet, a hacker would have to physically access the machines to hack them. A typical voter wouldn’t have enough time at the machine, explains Watkins, and Nevada has a secure process for transporting and storing the machines.

“You can’t rule out anything, but the chances are so slim I don’t worry about it myself,” says Watkins.

Mark Dunaisky, owner of Las Vegas cybersecurity firm D3 Risk Management Group agrees.

“Even though the folks at DEF CON proved it can be done, I don’t see it happening,” he says.

Dunaisky is referring to the DEF CON hacking conference, held in Las Vegas every summer. For the past two years, DEF CON has featured a Voting Village, where attendees successfully hacked actual voting machines from multiple states; many of these types of machines are still used today.

Phil Stupak, a cybersecurity consultant who focuses on election systems, helped launch the Voting Village and points out that the voting machines “were hacked by some 16-year-olds who have never even voted, much less seen a voting machine.”

A senior political and international advisor for the U.S. Department of Homeland Security during the Obama administration, Stupak notes that our country’s voting machines are designated as critical infrastructure, much like the electric grid or water treatment facilities. Still, each machine type has its own vulnerabilities and each state has its own voting procedures; a bipartisan effort to improve the country’s voting systems was held up by Congress as of mid-September.

“It’s truly a non-partisan issue,” says Stupak. “This is about ensuring we have a basic level of trust in the process, which I think we’re all a little concerned about.”

Even so, Stupak isn’t especially worried about Nevada.

“The best system, and it’s one that Nevada is pretty close to using, is machine-enabled paper ballots that have a voter-verifiable audit trail,” he says. “In Nevada, you have a paper audit trail, which is great. That’s what you want to see in proper election systems.”

And now for the bad news.

Just because your vote is unlikely to be tampered with, doesn’t mean our elections aren’t being compromised by foreign operatives.

“The Russian attack against American democracy was not about hacking voting machines; it was an influence campaign,” explains Stupak. “It’s what they have done throughout their history. They have perfected these techniques.”

As of mid-September, U.S. Director of National Intelligence Don Coats confirmed that Russia is continuing its efforts to influence the U.S. political system, by weakening and dividing the United States.

“It’s all about encouraging divisions within society and encouraging some of those divisions to act in your favor,” says Stupak, calling it a form of social engineering. “As long as the nation is as tightly divided along partisan lines as we are now, it’s going to continue to be an issue. It’s going to reinforce existing partisan biases and that makes us very susceptible.”

Dunaisky points to the prevalence and divisiveness of unverified, fake stories on social media.

“I think this has been going on awhile and it’s just more evident now because social media goes two ways,” he says. “It’s not a television broadcasting it to you. It’s not a newspaper you’re reading. It’s not a one-way conversation like radio. People are engaged in social media. A large percentage get their news on Facebook. I don’t think it matters what side of the line you’re on.”

Stupak agrees, noting that unlike earlier forms of media, the internet “repeats information across multiple platforms, well beyond the speed of truth;” and it’s not only happening in our country.

So, what can you do as a mere voter? Watkins has this sage advice: Don’t believe everything you read on the internet.

It might seem obvious, but let’s take a moment of silence for Pizzagate, a viral conspiracy theory which has since been widely debunked. This theory arose after Russia hacked former White House Chief of Staff John Podesta’s emails during the 2016 presidential campaign. His emails then popped up on whistleblowing website WikiLeaks, and the conspiracy theories took off.

Twelve Russian intelligence operatives were indicted for the hacking crime in July.

“You really have to be skeptical of what you read on social media,” says Watkins. “There’s no verification process, for the most part, and you don’t know where it’s coming from. If you’re going to take what you read hook, line and sinker…that’s not a good way to decide who to vote for.”

Stupak warns that though Russia was fundamentally interested in an influence campaign during the last campaign, it doesn’t mean Russian President Vladimir Putin—and potentially operatives from other foreign countries—will only be interested in an influence campaign in the future.

In the meantime, he suggests some steps for stopping the spread of misinformation.

“Pause before you share things and ask, ‘Where did this come from?’” says Stupak. “If you have an emotional reaction to something, ask yourself, ‘Was it created for you to have that emotional reaction?’ and if it was, hold off on the sharing. If it’s real news other entities will share it.”

Also, do your research on Snopes or other fact-based organizations and take real world action by volunteering for a community organization.

“It is perfectly reasonable and normal to be upset about the state of the world and want to fix it, so go do that. If you don’t care enough to go do that, you shouldn’t care enough to share it on Facebook,” he says. “Your individual tweet is not going to change the status of whatever is making you angry, but if it originates from a nefarious source, you may be helping someone undermine American democracy.”

Share this Article