93% of cybersecurity professionals are worried about election hacking

By Lucy Ingham

Cyberattacks on election infrastructure are a significant issue, according to a wide-reaching poll of cybersecurity professionals. The poll, conducted by Venafi, found that 93% of those surveyed were concerned about election hacking.

411 cybersecurity professionals across the UK, US and Australia were asked their thoughts on the potential of election-related cyberattacks. The survey found that not only did they overwhelmingly believe that it was an issue, but that almost none had confidence in their governments’ ability to effectively respond.

Just 2% said they were very confident that their local, state and federal governments had the ability to detect election hacking attempts, while only 3% said they were very confident these governments could block such attacks.

The research follows demonstrations at cybersecurity event Def Con, which saw security researchers successfully hack voting machines and other devices used in US elections.

There have also been numerous accusations  against Russia in relation to the 2016 US elections.

Election hacking beyond voting machines

While coverage of election hacking has largely focused on voting machines, there are a number of other areas within the election infrastructure that are vulnerable to attack.

Voter registration data is also at risk from election hacking, with 50% of those surveyed saying this data was vulnerable to a cyberattack.

However, perhaps of bigger concern is encrypted communications sent between polling stations and back-end election systems, which 52% of cybersecurity professionals said were most vulnerable to attack.

In accessing these communications, hackers could in theory modify voting results without needing to access the voting machines themselves.

“It’s clear to nearly all security professionals that the back-end systems that transmit, aggregate, tabulate, validate and store election data are at least as vulnerable to cyberattacks as voting machines,” explained Jeff Hudson, CEO of Venafi.

“Security professionals clearly think that machine-to-machine communication in the electoral process is a high value asset for attackers targeting election results,” added Kevin Bocek, vice president of security strategy and threat intelligence for Venafi.

“This is just one reason why governments around the world need to make the security of all encrypted, machine-to-machine communication their top concern.”