Newly released “playbooks” from a bipartisan team at Harvard’s Kennedy School of Government aims to help state and local elections officials protect against hacking and disinformation.
Here are the group’s key findings and recommendations.
— Elections officials generally lack the resources to secure their operations, especially in smaller counties. Many can’t even afford such vital security measures as two-factor authentication, which helps protect networks by requiring users to verify their identity twice, usually with codes texted to their phones, when logging in.
Most Read Business Stories
- Emirates negotiations may deal blow to key Boeing 777X order
- New Airbus leadership steps out in Paris Air Show, talks climate change and trashes Boeing
- First flight of Boeing's new 777X delayed at least until the fall VIEW
- Former tobacco executive is making his mark at Ste. Michelle Wine Estates
- Muilenburg says Boeing brings ‘a tone of humility and learning’ over 737 MAX to Paris Air Show
— Voting equipment vendors, which play an outsized role in elections because local poll workers often have limited tech skills, can be easy, valuable targets. More than 60 percent of U.S. voters cast ballots on systems owned and operated by a single company. Hostile infiltration of one vendor could affect many elections.
— Don’t just worry about the Russians. Insiders and people seeking political gain or notoriety also pose potential election-manipulation threats.
— Institute background checks for everyone with access to sensitive elections information and privileged systems. This includes voter registration databases and vote tabulation and reporting systems. Employees of voting-equipment vendors should also be cleared this way.
— Voting systems should have a paper trail — a physical copy of every ballot cast. Without one, it’s impossible to “audit” elections after the fact to detect possible tampering. Five states continue to rely wholly on digital-only voting machines that leave no paper trail.
— Audits should be standard, with paper records confirming electronic results. Currently, the only states requiring the rigorous audits recommended by voting technology experts are Colorado and Rhode Island.
— Officials should be transparent about any election threats and immediately explain to the public what they are doing about them. This doesn’t come naturally to organizations that typically shun the spotlight.