Pa. lawmakers pledge bipartisan approach to election cybersecurity | News | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

[ad_1]

HARRISBURG — There is no conclusive evidence that election results in Pennsylvania or anyplace else in the U.S. have been altered by computer hackers, election security advocates told state senators Monday, but existing vulnerabilities must be addressed to avoid a malicious attack.

Three cybersecurity experts reinforced a shared viewpoint of 20 data security analysts who encouraged a full statewide shift to a system of hand-marked paper ballots and using optical scanners for efficient vote counts.

There are 47 counties that employ this system where most in-person voters mark a paper ballot by hand, according to Kevin Skoglund, president and chief technologist with Citizens for Better Elections.

Skoglund and others testified before the Senate State Government Committee.

The remaining 20 counties, he said, use touchscreen ballot marking devices for all in-person ballots cast.

Though not infallible, votes cast in systems using hand-marked ballots can easily be traced even if an optical scanner is compromised by error, accident or malice. That’s because the voter creates the record.

With ballot marking devices, the machines could be hacked or misconfigured causing votes to be incorrectly recorded and printed, perhaps on purpose, Skoglund explained.

The machines produce a barcode and human-readable text, however, there’s no way to read the barcode by eye and contrast it with the accompanying text or the voter’s account — pointing to errors that occurred in Northampton County last fall.

Should the system crash, there’s no way to reproduce a ballot with a barcode, either, Skoglund said, pointing out that hand-marked balloting can continue uninterrupted in the event of an error with technology.

“The problem with ballot marking devices is you can’t react to it in an appropriate way during or immediately after an election,” said Andrew W. Appel, a computer science professor at Princeton University.

Appel said he’s performed 20 years of research in voting machines. There’s a clear consensus among cybersecurity experts that public elections be conducted using hand-marked paper ballots and optical-scan voting machines. No hardware on any ballot devices should be internet-capable, he added.

“There’s no evidence that anyone has used this security vulnerability to cheat in elections thus far, but I strongly recommend that Pennsylvania change to hand-marked paper ballots in all counties and limit the use of touchscreen voting machines to those voters who cannot mark a paper ballot by hand,” Appel said.

Alec Yasinsac, a computer scientist experienced in election administration, also warned that vote by mail — Pennsylvania allows any registered voter to cast ballots by mail — presents serious flaws in chain of custody. He called it “impossible” to maintain a “rigorous chain of custody” of mail-in ballots, whether they’re being delivered to voters or returned for counting, and said it’s the least secure collection method for elections.

“As with (ballot marking devices), it is not worth the wholesale risk of using vote by mail for the broad voting population. However, limiting vote-by-mail use to a small percentage of voters, as it was originally intended, eliminates the risk of wholesale fraud,” Yasinsac said.

While hardly aligned on voting integrity matters from elections past, the chairs of the State Government Committee that hosted Monday’s hearings agreed that cross-aisle efforts are needed to address cybersecurity concerns around elections.

“It sounds like we have some bipartisan work to do on this issue,” said Sen. Amanda Cappelletti, D-Montgomery/Delaware, minority chair.

“I agree, we should be doing this in a bipartisan manner,” said Sen. Cris Dush, R-Cameron/Centre/Clinton/Elk/Jefferson/McKean/Potter, majority chair.

[ad_2]

——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW