A cyber-security option for the 2022 elections
If voting machines are connected to the internet, they can be hacked. While there is evidence that there were cyber-attacks in all 50 states, the sad truth almost a year after the 2020 election debacle is that our voting machines are still connected to the internet. We are still vulnerable to cyber-attacks in our future elections. Now is the time to take steps to prevent future cyber–election fraud. Minimizing or eliminating their internet connectivity for the 2022 elections is still possible with some prudent steps that we can take now.
Let's review three options to count votes without an internet connection:
Option 1. Many believe that the solution is to count all votes by hand. The problem is that this method is time-consuming and less accurate than a machine count. Moreover, supervisor of elections offices across all states have invested millions of dollars in voting machines, and this option is a non-starter for them.
Option 2. Another solution is to purchase voting machines that are not designed for any internet connection whatsoever. This option is the long-term solution for the problem, and unfortunately, it will not be ready until 2024 at the earliest.
Option 3. A possible third way to provide cyber-security at a relatively low expense is by "hardening" existing voting machines from cyber-interference. This option would involve removing all transmitters, modem, Bluetooth, Wi-Fi, cellular, or any other internet connection from the device. A certification team would inspect the machine to ensure it does not have internet capability and counts ballots correctly.
For the 2022 midterm elections, Option 3 is the best possible solution. There is no other credible way to stop cyber-interference in our election until new voting machines can be designed, built, and purchased that do not connect with the internet. Admittedly, this option is not perfect and is considered a "95% solution" to the immediate problem. A determined hacker could probably find a way to break through, but we must make it as difficult for him as possible.
The proposed legislation should include the following:
- Before the election, cyber-penetration testing and verification will be conducted on all the election systems (hardware and software).
- Vote-tabulating machines at precinct, county, and state levels will be prohibited from any network or internet connection.
- USB and other physical access ports will need to be sealed and/or rendered inoperable.
- Voting machines will employ open-source software and hardware for the ballot-tabulating machines that anyone can verify for potentially malicious code before, during, and after tabulation.
- The proprietary vendor code does not provide the necessary visibility to ensure integrity. Therefore, any proprietary vendor code needs to be evaluated by third-party certification experts as well.
- Voting machines must be certified by accredited third-party inspectors to be air-gapped (physically and electronically separated) from the internet, not just rubber-stamped as they are currently in some states.
- After certification, no software updates shall be allowed.
- If a software update is required, the machine must be recertified to include penetration testing before the election.
- Election offices and vendors must allow for full forensic audit capability for twelve months (perhaps longer) following an election.
- After the election, voting machines must be sequestered and secured with physical and electronic security measures to ensure accurate post-election audits if needed.
- Real-time data transparency and public accessibility should be made available.
These recommendations are by no means conclusive. We need to begin the debate on addressing the existential threat cyber–election fraud poses to our constitutional republic. With the 2022 election soon upon us, we need to act quickly to put measures in place to secure the voting process. Patriots should contact their state legislators to bring these measures to their attention and pass them into law.
Jeff Lukens can be contacted here.
To comment, you can find the MeWe post for this article here.