A new president will be elected on November 8 - and hackers will have nothing to do with it
That's the big takeaway to come from a House subcommittee hearing last week on the subject of election security, in which five experts testified that, for the most part, the election cannot be "rigged" by hackers, since every state has their own standards and uses a variety of voting machines, and not a single electronic machine is connected to the Internet.
"On 8 November, can a cyberattack change the outcome of our national elections?" asked Rep. Wiliam Hurd (R-Texas) of the panel, which included representatives from DHS, the Election Assistance Commission, and two cybersecurity experts who have done extensive research into electronic voting machines.
"I'm confident that that will not be the case," said Lawrence Norden, the deputy direction of the Democracy Program at New York University School of Law. No other panelist disagreed with that assessment.
'We have overall confidence in the system'
It's important to mention that the US election system is fraught with issues, but it's not as bad as some make it seem. As Norden had outlined in a voluminous report published in 2015, America's voting machines are incredibly old, but that mostly means a risk of crashes or software failure, not hacking.
There have been recent reports of hackers targeting voter registration systems in at least 20 states. In Arizona and Illinois, for example, intrusions of voter databases were found. In both cases, though, no changes were made to those systems, and the systems that were breached have "nothing to do with vote casting or counting," Kay Stimson, a spokesperson for the National Association of Secretaries of State, told AP.
"There is also wide speculation around the current 'probing' activity directed at online voter registration sites," Tod Beardsley, senior security manager at Rapid7, told Business Insider in a statement. "In isolation, this might seem alarming. However, all online systems are 'probed' all the time."
No matter what scenario we can dream up about a hacker changing election results, they all boil down to one thing: Physical access. As both the cybersecurity experts and government officials testified, electronic voting machines that are currently in use are not connected to the Internet, and there's no easy way to remotely attack them over a network.
So if the Russian government or some teenage member of Anonymous wants to elect their candidate, such an effort is going to take a lot of manpower, time, and coordination. "Such an attack is literally incredible," Beardsley explained. "While this sort of infiltration is possible, such a campaign would require formidable espionage assets, have a high risk of being detected before the election, and the effects would be noticeable in bizarrely inaccurate exit polling during and after the election."
"Even though individual parts of the system may be vulnerable," said Dr. Andy Ozment, assistant secretary for cybersecurity and communications at DHS. "We have overall confidence in the system."
So how can a hacker change votes?
To be clear, electronic voter machines have plenty of security issues that need to be addressed, as hackers have demonstrated over the years. At the Blackhat security conference in August, researchers with Symantec showed off a touchscreen voting machine that used a swipe card for voting which they modified.
The modified card could do things like change a person's vote to the opposite candidate, or vote repeatedly. "I could reset this card and then vote 10 times," Brian Varner, principal security researcher for Symantec, told Business Insider. But there are plenty of caveats: A hacker would need "inside knowledge" of those specific machines, while also needing to gain physical access to others at different polling places in order to have any noticeable effect.
And there's really no way of predicting what machines will be where, since how the election is actually is run is left to each state - and it's basically a free-for-all of different voting machines and counting procedures.
"The idea of a national hack of some sort is almost ridiculous because there is no national system," Denise Merrill, president of the National Association of Secretaries of State, told CBS News.
Dr. Andrew Appel, a professor at Princeton University, testified on how he was able to hack a certain type of voting machine used mostly in New Jersey and Louisiana. "I demonstrated exactly how to craft a fraudulent, vote-stealing computer program that would shift votes from one candidate to another," Appel said.
Appel says his hack took him about 7 minutes to pull off in a closed environment, with nothing more than a screwdriver. It required him to unscrew a compartment on the machine, take out a chip, and replace it with one he had modified. While it's certainly troublesome that a chip can be replaced to change votes, it seems highly unlikely that a hacker wouldn't be noticed taking a machine apart on election day, or while they are in transit.
"I don't know any kind of practical way to hack them through any network," Appel said.
In other words, stop worrying about hackers pulling off a Hollywood-level election heist next month. It's not going to happen.