Elections are a cybersecurity problem
But from these truths Herb reaches, I think, the wrong conclusion: “a focus on preventing the hacking of election systems is misleading and dangerous—it distracts us from the real danger to the republic today, which is the toxic nature of political discourse in an internet-enabled information environment that Russia can manipulate in entirely legal ways.” To me this smacks too much of fighting the last war rather than the next.
We know, beyond doubt, that prior attempts at penetrating election infrastructure have been made. We know as well that “the machines…Americans use at the polls are less secure than the iPhones they use to navigate their way there.” Indeed, as Bruce Schneier has noted, vulnerabilities in electoral systems are widespread across the diverse locally managed systems that comprise the U.S. election infrastructure. Many are, for example, running “severely outdated operating systems like Windows XP, which has not been patched . . . since 2014.“
I am certain that we need to look at social media and a polarized society as causes of electoral unease. But, unlike Herb, I think a focus on electoral infrastructure is both valuable and essential. Today’s electoral system is in much the same place as the electric grid was 15 years ago — diverse, under-resourced, and mostly inattentive. Unlike Herb, I think we can and should focus effort on changing that state.