Government and Policy

Integrity attacks on voting machines, tabulation would have severe consequences for US elections: CISA-backed RAND report

Data integrity attacks on voting machines and tabulation rank highest for impact severity on US elections, according to analyses conducted in a RAND Corporation report.

Sponsored by the US Cybersecurity and Infrastructure Security Agency (CISA), the report assesses cyber risks to five components of state and local election systems, along with three specific types of attacks.

“Attacks on the confidentiality, integrity, or availability of election system components might also have consequences for the public confidence in the credibility of the elections”

The election system components include:

  • Voter Registration Data Base (VRDB)
  • Pollbooks
  • Voting Machines
  • Tabulation
  • Official Websites

The three specific types of attacks include:

  • Confidentiality
  • Integrity
  • Availability

Integrity attacks on voting machines and tabulation were identified as potentially having the most severe impact on elections.

However, when severity was weighted against likelihood and scale, then integrity attacks on official websites was given the highest overall risk score to US elections.

Let’s break it down.

“An integrity attack on voting machines changes the record of votes”

Source: RAND (Highlights Mine)

“The scale of an attack will be more widespread if it happens during the preparation or programming of election machines, as opposed to during machine use”

An integrity attack, according to the report, “is intended to alter the primary function of, or the data stored within, the targeted election system component.”

In the case of voting machines, “An integrity attack on voting machines changes the record of votes.”

What’s more, “The scale of an attack will be more widespread if it happens during the preparation or programming of election machines, as opposed to during machine use.

For example, “an integrity attack on a single voting machine in a precinct affects that machine or precinct, but attacks on a jurisdiction’s central preparation or programming of machines could affect the entire jurisdiction using the attacked component.

“If machines are prepared at the state level, attacks on the preparation process could affect the entire state.”

“The mere claim of an integrity attack on vote tabulation in a specific jurisdiction might decrease public confidence in the election outcome or prompt legal challenges”

Vote tabulation includes hand counting, optical scans of paper ballots, and direct electronic tabulation of votes.

An integrity attack on tabulation, according to the report, could “alter the outcome of an election by changing votes recorded or the tabulation of such votes.”

What’s more, “The mere claim of an integrity attack on vote tabulation in a specific jurisdiction might decrease public confidence in the election outcome or prompt legal challenges.”

“To provide a risk score, we calculated the product of the numeric representations of capability (likelihood), scale of attack, and severity”

While integrity attacks on voting machines and tabulation ranked as being the most severe, they did not have the highest overall risk score when scale and likelihood were factored in.

Source: RAND

“An integrity attack may include […] manipulating the election results reported on official websites to spread false information”

To provide a risk score, the authors “calculated the product of the numeric representations of capability (likelihood), scale of attack, and severity.”

Using these calculations, the highest risk score was was given to integrity attacks on election officials’ websites, which are used “to communicate information to the public, including how to register to vote, where to vote (e.g., precinct lookup tool), and contest results.”

According to the report, an integrity attack could be used to manipulate the election results reported on official websites to spread false information.

The report was sponsored by the National Risk Management Center, a division of CISA, and conducted within the Strategy, Policy, and Operations Program of the Homeland Security Operational Analysis Center (HSOAC) federally funded research and development center (FFRDC).

Tim Hinchliffe

The Sociable editor Tim Hinchliffe covers tech and society, with perspectives on public and private policies proposed by governments, unelected globalists, think tanks, big tech companies, defense departments, and intelligence agencies. Previously, Tim was a reporter for the Ghanaian Chronicle in West Africa and an editor at Colombia Reports in South America. These days, he is only responsible for articles he writes and publishes in his own name. tim@sociable.co

Recent Posts

How a former Wall Street exec is saving your plants and the planet 

Jeanna Liu’s love for nature is rooted in her childhood. As a young girl, Liu…

2 days ago

New initiative announced to accelerate cloud, GenAI adoption in Latin America

The arrival of generative artificial intelligence (genAI) into the mainstream at the end of 2022…

2 days ago

Deborah Leff to join Horasis Advisory Board in boost to machine learning and data initiatives 

Data analytics and machine learning models deliver the most powerful results when they have access…

2 days ago

37, Emotionally Stuck, and Why the Journey Didn’t Change Me

I’ve been on the road for almost a year now. Chasing freedom, adventure, and purpose.…

4 days ago

Will iPhones Get Pricier Under Trump’s Leadership?

As technological use increases, so may the cost of innovation due to the global movement…

4 days ago

The Science of Gift-Giving: 10 Functional Gifts for the Holidays

Have you ever asked yourself why some people are amazing at picking gifts, while others…

4 days ago