U.S. voting machines need to be updated regularly, advises UMBC cybersecurity expert

In recent months, as the U.S. presidential election has approached, concerns over email hacks and the security of voting systems have frequently appeared in the news. Rick Forno, assistant director of the UMBC Center for Cybersecurity and director of the Cybersecurity Graduate Program at UMBC, recently described to WYPR’s Sheilah Kast that voting machines are just one part of a system that has concerning vulnerabilities.

“I think we have to separate the issue between voting machines and the overall voting process, because the two are related but have very different threat and vulnerability characteristics,” said Forno, who is particularly interested in the voting process and technologies used to collect data, as well as how that data is collected, counted, and reported.

A voting machine might report votes to a laptop across the room at a polling location, and that computer might then share data from the single polling place with a computer in a regional or state hub to be aggregated. In this scenario, Forno wonders how the laptop—as one small but crucial piece in the full chain of data transfer—is protected.

Data can be corrupted at moments when it is moving, and also when it is stationary, he says. “You’re looking at a range of security concerns that start with the individual voting machine in the voting booth, all the way up through the systems that officially record and report out the outcomes of an election.”

Voting machines include computers and other hardware that need to be maintained on a regular basis, much like computers that people use at work or at home. Forno warns that not regularly updating the technologies used in voting systems, can give hackers and researchers the opportunity to identify weaknesses and potential vulnerabilities in those systems.

Listen to the full segment “Cybersecurity and the Ballot Box” on the WYPR website.

Image: Rick Forno. Photo by Marlayna Demond ’11.