Skip to main content
banner image
venafi logo

Venafi Study: Election Infrastructure Is at Risk

Venafi Study: Election Infrastructure Is at Risk

Election Infrastructure
August 13, 2018 | Emil Hanscom

Last month, a grand jury issued a detailed indictment on international interference during the 2016 U.S. presidential election. Details in the indictment indicate that nation-state actors utilized encrypted tunnels to target vulnerabilities in election infrastructure, along with other attack methods.

Attacks that hide in encrypted tunnels are difficult to detect and block without a comprehensive machine identity protection program in place.

Security professionals have been discussing cyber attacks targeting election infrastructure well before July’s grand jury indictment. However, these concerns have come into sharp focus right now because there are many high-profile elections taking place this year.

Venafi recently surveyed over 400 IT security professionals in the U.S., U.K. and Australia to understand threats focused on the back end systems that support our election infrastructure. Unsurprisingly, the study reveals that 93% of security professionals are concerned about cyber attacks targeting election infrastructure and data.

Even more distressingly, 81% believe cyber criminals will target election data as it is transmitted between machines, software and hardware applications, and moved from local polling stations to central aggregation points.

“Security professionals clearly think that machine-to-machine communication in the electoral process is a high value asset for attackers targeting election results,” says Kevin Bocek, vice president of security strategy and threat intelligence for Venafi. “This is just one reason why governments around the world need to make the security of all encrypted, machine-to-machine communication their top concern.”

Additional findings from our study include:

  • Election systems are critical infrastructure. 95% believe election systems—including voting machines, software and back-end systems—should be considered critical infrastructure.
  • Voting machines are not the only vulnerable electoral assets. When asked what areas of election infrastructure were most vulnerable to cyber attackers:
    • 54% say voting machines that collect election data.
    • 52% say encrypted communications between polling stations and back-end election systems.
    • 50% say systems that store voter registration data.
  • Security professionals are not confident in protection. Only 2% are very confident in their local, state and federal governments' abilities to detect cyber attacks targeting election infrastructure. In addition, only 3% are very confident in their local, state and federal governments' abilities to block them.
  • Attackers already have access to vulnerabilities and exploits. 64% believe vulnerabilities and exploits connected with election systems are available to cyber attackers on the dark web.

“Last year, attendees at DEF CON managed to find and take advantage of vulnerabilities in five different voting machine types within 24 hours,” says Jeff Hudson, CEO of Venafi. “While these findings were disturbing, conference attendees only examined a small portion of our election infrastructure. It’s clear to nearly all security professionals that the back-end systems that transmit, aggregate, tabulate, validate and store election data are at least as vulnerable to cyber attacks as voting machines.”

Are you concerned about cyber attacks on election infrastructure? Do you think election officials are prepared to defend against these attacks?

Like this blog? We think you will love this.
Featured Blog

The (Nation) State of Cyber: 64% of Businesses Suspect They’ve Been Targeted or Impacted by Nation-State Attacks

82% believe geopolitics and cybersecurity are intrinsically linked

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more