As the U.S. election rapidly approaches, many citizens are strongly concerned with who they’ll vote for. Unfortunately, not enough of these same citizens are nearly as concerned with what they’ll vote on, as the electronic voting machines utilized in many polling places are notoriously insecure to breaches.
While most of the country doesn’t actually utilize these machines (¾ of American voters use paper ballots to elect the new President) there are some states who use these electronic machines exclusively: Delaware, Georgia, Louisiana, New Jersey and South Carolina. Because of this, there’s still a chance that these flawed machines could negatively influence an election. The way we see it, businesses could learn some valuable cybersecurity lessons from this major electoral oversight.
It is a matter of common sense that older operating systems will be vulnerable to more recent threats, even without the knowledge that developers eventually stop producing security patches to better protect the outdated OS after a period of time.
Knowing this, however, only makes it worse to know that the majority of electronic voting machines currently run Windows XP, which hasn’t received a patch since 2014. That makes three years of threats evolving and improving while these voting machines have gone without a single security update. This means that there is a potential for serious tampering to occur, potentially keeping citizens from being able to vote.
Furthermore, many of these machines have not been replaced in years, despite newer and more secure models becoming available. This is in part due to a lack of financial resources in most areas, and in part due to legislative pushback against spending money to replace a machine that has yet to completely fail.
These issues reinforce the importance of maintaining up-to-date solutions, as well as updating and maintaining equipment proactively rather than subscribing to a problematic break-fix model.
Fortunately for the American voter, there are resources in place for those who are concerned for the sanctity and efficacy of their vote. The Verified Voting Foundation, devoted to “safeguarding elections in the digital age,” has an online map resource that breaks down into counties and describes what devices they utilize in counting votes. However, there is little indication of when the website was last updated beyond the copyright information at the bottom of the page, which says 2014. Therefore, the website may not be fully up-to-date, so it is better used as a guideline, rather than gospel.
Despite the presumed budgetary benefits of waiting to replace equipment only when absolutely necessary, a break/fix approach will ultimately cause an administrator more issues and wind up costing more in the long run. On the other hand, a managed service approach allows for a stable, budgetable cost for IT services with reduced downtime, maintained solutions and systems, and an overall more pleasant and productive experience. If you’re interested in implementing a managed solution to your company’s IT, as American polling places clearly should, contact GTSS for more information.