Elections agencies have a lot of security work to do before November, state and federal officials tell Congress

“No one wants to be the next John Podesta” — the chairman of Hillary Clinton’s 2016 campaign, whose personal emails ended up on Wikileaks after he fell for an email fraudulently claiming to be from Google — “but the biggest problem is you’ve taken 50 secretaries of state and 5,000 county officials, these sleepy government administrators, and put them on the front line of a war with a nation-state,” said John Dickson of the Denim Group, a cybersecurity consulting firm in San Antonio.

Dickson said that voting machines themselves, which tend to spend most of their lives in warehouses and are not networked, are easier to secure. But voter registration databases and websites that report election results are glaring targets.

Even if an election board has an accurate vote count stored offline, Dickson said that a successful denial-of-service attack can create a public perception that the results have been tampered with.

Instead of simply pursuing new hardware and other procurements, Dickson said election officials need to focus on training and education.

“What I recommend is some kind of two-factor authentication, at least at the state level, combined with social education to make [people] more aware about the phishing attacks that are always going to come in,” he said. “In some of the counties they do that, but think of the 254 counties in Texas.”

With respect to Texas, Dickson said some of the bigger counties — such as Bexar, where San Antonio is located — have the resources to upgrade authentication and educate staff, but many of Texas’ counties are rural and have small, part-time election officials.

“I think the question is how quickly they can move before November?” he said.

About Denim Group

Denim Group is the leading secure software development firm, serving as a trusted advisor to customers on matters of software risk and security. The company builds software for the most security conscious while helping organizations assess and mitigate risk within their existing software. Denim Group's flagship ThreadFix product accelerates the process of software vulnerability remediation, reflecting the company's rich understanding of what it takes to fix application vulnerabilities faster. Denim Group has emerged as a strong contributor to the larger application security community and has actively participated in the Open Web Application Security Project (OWASP) since shortly after its inception.

Among many other awards, Denim Group has landed on the "Inc. 5000" list - which recognizes the country's 5000 fastest-growing private companies - for five years in a row. In addition, the San Antonio Business Journal named Denim Group as one of the "Best Places to Work" in the city.

###

Denim Group is a registered service mark of Denim Group, Ltd.
Other names and brands may be claimed as the property of others.