With government warnings of cyberattackers probing U.S. election systems, Cal State Fullerton cybersecurity expert Mikhail Gofman discusses the vulnerabilities and potential havoc that hackers could cause in the presidential race. Gofman, associate professor of computer science and director of the CSUF Center for Cybersecurity, studies internet security, virtualization, cloud security and biometric authentication.
Is the U.S. election under cyberattack?
If you follow the news, it becomes apparent that Americans are concerned about the overall security of the election process. These fears are not completely unfounded. There were security breaches of the voter registration banks in Arizona and Illinois. Even the FBI was concerned about the possibility of Russian hackers.
Should voters be concerned about hackers stealing information?
This is a real threat. The voter registration banks in every state store information about registered voters. For example, hackers have discovered a Structured Query Language (SQL) injection vulnerability in the Illinois State Board of Elections website and have stolen voter data. They were able to steal data of 200,000 registered voters. SQL is a language used for manipulating and querying databases and is very widely deployed in many applications. If the programmers fail to properly validate user queries, a malicious website user can use it for modifying or stealing the data in the database. In our CSUF security courses, we cover the importance of implementing proper defenses against these types of attacks.
How vulnerable are election systems?
The election system consists of the voting machines and other technology for collecting votes, which has multiple layers of security. These systems have no internet connection; the votes are backed up, and advanced encryption techniques are used for further security. In addition, the election process is largely decentralized, which makes it harder for the attackers to find a single point of security failure. Even with these safeguards, vulnerabilities do remain, such as the potential for tampering with memory chips used in election machines to alter voting results.
What can be done to safeguard voting systems?
As in many security problems, there is no silver bullet here. However, a well thought out security-centric design of voting systems, security-conscious implementation, as well as penetration testing of the system in order to uncover and fix vulnerabilities, can go a long way. I think considering the modern trends of cyberthreats, it sounds almost cliché to reiterate the fact that we need an increased quantity and quality of security experts.
What is the center doing to increase interest in cybersecurity careers?
In order to sustain and increase interest in cybersecurity careers, we need to better promote the science and practice of cybersecurity to the general public. Cybersecurity can be a profitable career opportunity, but more pressing, it’s an important science that is highly practical for our survival today. We also need to do a better job of reaching out to get more people excited and inspired about the field. Crafting successful defenses against attacks is as much of a creative art as it is a science, which in its own way can be aesthetically beautiful. When I teach, I do my best to convey these rewarding benefits; it is the core of my teaching philosophy.