Cybersecurity Threats to U.S. Elections

Strengthening election cybersecurity is essential for safeguarding American democracy, and it’s an increasingly urgent task. Despite 15 years of research demonstrating critical security weaknesses, most of the country continues to use vulnerable electronic voting machines, and the landscape of threats from cybercriminals and nation-state attackers has grown increasingly hostile.

In this talk, I will explain how cyberattacks on voting infrastructure threaten the integrity of U.S. elections. Sophisticated attackers can infiltrate electronic voting machines and silently alter results in swing states, potentially changing the outcome of a national election. Such attacks do not require voting machines to be connected to the Internet, and the technical capabilities are well within reach for hostile foreign governments. To illustrate this threat, I will demonstrate an attack on a real voting machine of a type still used in 20 states, including, until recently, Maryland.

Researchers have developed practical safeguards that can robustly defend our elections, but only a handful of states have deployed them so far, due to a lack of resources and political will. Fortunately, Congress recently appropriated $380M in new funding for the states—including $7M for Maryland—to strengthen election security. I’ll explain how Maryland and other states can use this funding wisely, and what computer scientists and other citizens can do to help.