Updated Jun 4, 2018

New election cybersecurity funding likely to be only a stopgap

Voters cast their ballots at voting machines at Cheyenne High School on November 8, 2016, in North Las Vegas, Nevada. Photo: Ethan Miller via Getty Images

The recent $380 million of federal funding to replace paperless voting machinery and improve cybersecurity is desperately needed, but it is unlikely to ensure the long-term cybersecurity of U.S. election technology.

The big picture: At best, the one-time spending will provide a catalyst for election organizations to gain basic cybersecurity competence. At worst, though, the money will be spent on discretionary purchases (e.g., digital pollbooks or new PC hardware) that only appear helpful and that, without proper security-centric integration, may increase the systems’ exposure to attacks.

The funds help states accomplish three goals:

  1. Pay for replacing unreliable paperless voting systems. While new systems provide paper trails, however, they rely on the same vulnerable hardware design.
  2. Design trustworthy, transparent processes for ballot audits. Audits can detect anomalies, but only if they adopt proven practices statewide.
  3. Fund election organizations to undergo post-election audit training, a process that will take years to implement. Anomaly detection is valuable, but doesn't impede adversaries from using stolen information to discredit an election.

The other side: This funding could also help states' election organizations pay for cybersecurity services, but likely for one-time events, such as basic training for non-technical staff (e.g., defending against phishing) or contracting cybersecurity professionals.

While professional IT services and training would mitigate some of the risk, none of these solutions will address U.S. election technology's fundamental vulnerability. And after 2018, election organizations will remain just as under-resourced to defend against adversaries as they were before.

The bottom line: In order to protect our democracy, the nation must start an intellectually honest discussion about how to design, develop and deliver a new election technology infrastructure.

John Sebes is a co-founder of the OSET Institute and CTO of its TrustTheVote Project. William Crowell is a former deputy director of the National Security Agency and a partner at Alsop Louie Partners.

Go deeper

The race to catch Nike's Vaporfly shoe before the 2020 Olympics

Illustration: Aïda Amer/Axios

Four months ago, on the very same weekend, Eliud Kipchoge became the first human to run a marathon in under two hours, and fellow Kenyan Brigid Kosgei shattered the women's marathon record.

Why it matters: Kipchoge and Kosgei were both wearing Nike's controversial Vaporfly sneakers, which many believed would be banned because of the performance boost provided by a carbon-fiber plate in the midsole that acted as a spring and saved the runner energy.

Go deeperArrow18 mins ago - Sports

Reassessing the global impact of the coronavirus

Illustration: Aïda Amer/Axios

Economists are rethinking projections about the broader economic consequences of the coronavirus outbreak after a surge of diagnoses and deaths outside Asia and an announcement from a top CDC official that Americans should be prepared for the virus to spread here.

What's happening: The coronavirus quickly went from an also-ran concern to the most talked-about issue at the National Association for Business Economics policy conference in Washington, D.C.

Tech can't remember what to do in a down market

Illustration: Rebecca Zisser/Axios

Wall Street's two-day-old coronavirus crash is a wakeup alarm for Silicon Valley.

The big picture: Tech has been booming for so long the industry barely remembers what a down market feels like — and most companies are ill-prepared for one.