Recently the Senate Select Committee on Intelligence released a set of recommendations to combat efforts by hostile states to interfere with U.S. elections. The committee’ draft recommendations cover six areas and include guidance on deterrence, information sharing, securing election systems and providing assistance to states.
At the same time, the Committee recommended that that Department of Homeland Security (DHS) set up clearer communication channels between state and federal officials and conduct assessments of each states voting machines and infrastructure.
Of particular note was one of the cybersecurity best practices recommended by the committee that included the use of multi-factor authentication (MFA) and keeping voting machines disconnected from Wi-Fi networks.
The idea is to expand the current single-factor approach of simply providing a driver’s license to prove identity, to include a second step, such as a finger print or perhaps a code sent to a voters’ cell phone to verify the voters’ legitimacy.
MFA is the key. Just like a power grid, or any critical IT application, we need to treat the US voting system as critical infrastructure that requires similar levels of authentication before voting services can be accessed. In addition, by performing this level of voter authentication, voting machines would not be required to be connected to the Internet during the voting process, making the security of these individual voting machines effectively a non-issue.