Government and Policy

Integrity attacks on voting machines, tabulation would have severe consequences for US elections: CISA-backed RAND report

Data integrity attacks on voting machines and tabulation rank highest for impact severity on US elections, according to analyses conducted in a RAND Corporation report.

Sponsored by the US Cybersecurity and Infrastructure Security Agency (CISA), the report assesses cyber risks to five components of state and local election systems, along with three specific types of attacks.

“Attacks on the confidentiality, integrity, or availability of election system components might also have consequences for the public confidence in the credibility of the elections”

The election system components include:

  • Voter Registration Data Base (VRDB)
  • Pollbooks
  • Voting Machines
  • Tabulation
  • Official Websites

The three specific types of attacks include:

  • Confidentiality
  • Integrity
  • Availability

Integrity attacks on voting machines and tabulation were identified as potentially having the most severe impact on elections.

However, when severity was weighted against likelihood and scale, then integrity attacks on official websites was given the highest overall risk score to US elections.

Let’s break it down.

“An integrity attack on voting machines changes the record of votes”

Source: RAND (Highlights Mine)

“The scale of an attack will be more widespread if it happens during the preparation or programming of election machines, as opposed to during machine use”

An integrity attack, according to the report, “is intended to alter the primary function of, or the data stored within, the targeted election system component.”

In the case of voting machines, “An integrity attack on voting machines changes the record of votes.”

What’s more, “The scale of an attack will be more widespread if it happens during the preparation or programming of election machines, as opposed to during machine use.

For example, “an integrity attack on a single voting machine in a precinct affects that machine or precinct, but attacks on a jurisdiction’s central preparation or programming of machines could affect the entire jurisdiction using the attacked component.

“If machines are prepared at the state level, attacks on the preparation process could affect the entire state.”

“The mere claim of an integrity attack on vote tabulation in a specific jurisdiction might decrease public confidence in the election outcome or prompt legal challenges”

Vote tabulation includes hand counting, optical scans of paper ballots, and direct electronic tabulation of votes.

An integrity attack on tabulation, according to the report, could “alter the outcome of an election by changing votes recorded or the tabulation of such votes.”

What’s more, “The mere claim of an integrity attack on vote tabulation in a specific jurisdiction might decrease public confidence in the election outcome or prompt legal challenges.”

“To provide a risk score, we calculated the product of the numeric representations of capability (likelihood), scale of attack, and severity”

While integrity attacks on voting machines and tabulation ranked as being the most severe, they did not have the highest overall risk score when scale and likelihood were factored in.

Source: RAND

“An integrity attack may include […] manipulating the election results reported on official websites to spread false information”

To provide a risk score, the authors “calculated the product of the numeric representations of capability (likelihood), scale of attack, and severity.”

Using these calculations, the highest risk score was was given to integrity attacks on election officials’ websites, which are used “to communicate information to the public, including how to register to vote, where to vote (e.g., precinct lookup tool), and contest results.”

According to the report, an integrity attack could be used to manipulate the election results reported on official websites to spread false information.

The report was sponsored by the National Risk Management Center, a division of CISA, and conducted within the Strategy, Policy, and Operations Program of the Homeland Security Operational Analysis Center (HSOAC) federally funded research and development center (FFRDC).

Tim Hinchliffe

The Sociable editor Tim Hinchliffe covers tech and society, with perspectives on public and private policies proposed by governments, unelected globalists, think tanks, big tech companies, defense departments, and intelligence agencies. Previously, Tim was a reporter for the Ghanaian Chronicle in West Africa and an editor at Colombia Reports in South America. These days, he is only responsible for articles he writes and publishes in his own name. tim@sociable.co

Recent Posts

GAN, Tec de Monterrey partnership highlights cross-border startup ecosystem building in Latin America amid trade dispute

Despite recent tensions between the United States government and Latin American countries over migration and…

3 days ago

This founder started out with US $5K to his name. Now, he owns a multi-million-dollar global business

Meet Nitin Seth, the Co-Founder and CEO of Screen Magic (SMS Magic), a messaging leader…

4 days ago

Building smarter: AI, the ultimate tool transforming an old-age industry

In this Brains Byte Back, we sit down with Hari Vasudevan, founder and CEO of…

4 days ago

When AI Goes Rogue: 8 Lessons from Implementing LLMs in the Healthcare Industry that Could Save the Future

By Santosh Shevade, Principal Data Consultant at Gramener – A Straive company All pharmaceutical companies…

5 days ago

Digital Public Infrastructure will enable public, private entities to control your access to essential goods, services & mobility

Digital Public Infrastructure is a top-down agenda coming from unelected globalists, bureaucrats, and their partners…

2 weeks ago

Open Source Claims to Be a Meritocracy—So Why Are Companies Buying Their Way In?

Imagine that you are a maintainer of a widely used open source project relied upon…

2 weeks ago