Last year, a group of German security researchers, the Chaos Computer Club (CCC), published an alarming audit on their nation’s election infrastructure.
According to a report from Wired:
“The hackers found they could corrupt the updates from the server controlling that software to re-tabulate votes at will, with potentially disastrous consequences for the country's October parliamentary election. The CCC says that VOTE-IT, the company behind the software, privately fixed the security flaws the group exposed while publicly refusing to acknowledge the vulnerabilities.”
“German security professionals uniquely understand the risks to free and accurate elections,” says Kevin Bocek, chief cyber security strategist for Venafi. “Last year, it was shown that German election infrastructure software could be easily hacked – leading to the possibility of tampered tabulation and transmission of results. Adversaries want to raise doubts about our democracies, thus they are concentrating on voting tabulations to raise doubts about our elections.”
So, are German IT professionals still apprehensive about the security of their election infrastructure? Venafi recently polled 305 German security stakeholders to find out.
According to Venafi’s study, 86% of security professionals are concerned about cyber attacks targeting election data or infrastructure. Plus, 84% believe cyber criminals are likely to target election data as it is transmitted from local polling stations to central aggregation points.
Additional findings from the study include:
Ninety-four percent believe election systems, including voting machines, software and back-end systems, should be considered critical infrastructure.
When asked which parts of their election infrastructure are most vulnerable to cyber attackers:
Sixty-one percent say voting machines that collect election data.
Sixty percent say back-end systems that aggregate election data.
Forty-one percent say communications between back-end election systems.
Fifty-seven percent believe the potential damage from cyber attacks targeting election systems is more serious than the potential damage from election tampering efforts that target social media.
“It’s no surprise to see nearly all German security professionals agree that voting infrastructure is under attack,” concludes Bocek. “Ultimately, the back-end systems that transmit, aggregate, tabulate, validate and store election data are as vulnerable to cyber attacks as voting machines.”
Do you think your election infrastructure is secure?