As Americans prepare to vote next week, is the election safe from rigging and hacking? On today's The Cutting Edge, E&E News reporter Blake Sobczak discusses the parallels between election security and the security of the electric power grid. He explains how the two systems are similar, even though they are classified differently by the U.S. government. Sobczak also talks about the feasibility of a wide-scale hack of next week's elections.
Monica Trauzzi: Welcome to the Cutting Edge. As Americans prepare to vote next week, is the election safe from hacking? E&E News reporter Blake Sobczak joins me with some new reporting on the parallels between election security and the security of the electric power grid. Blake, thanks for joining me.
Blake Sobczak: Thank you.
Monica Trauzzi: Blake, it's a very interesting comparison, and you've been speaking to experts in both spaces who draw parallels between the vulnerabilities facing either sector. How did you come to this story?
Blake Sobczak: So the story idea actually got started from a tweet from Mudge, who's a famous hacker who was part of a hacking collective back in the 2000s.
He was basically making the point that both of these are enormously complex systems with many vulnerabilities, but it's hard to hack them at scale. In other words, it's hard to cause a nationwide power outage that'll really throw an election.
As I got thinking about it, I realized that there are a lot of parallels there and that the U.S. government is really trying to protect both without having the appearance of interfering in either. So the Department of Homeland Security has gotten involved in the security of the election process, as with the power grid.
So I thought it would be worthwhile to talk to some of my sources and see how those comparisons worked out.
Monica Trauzzi: So you've been having lots of conversations. What are the biggest similarities that you've identified?
Blake Sobczak: Well, on the technical level, there are actually quite a few similarities. Both systems rely on a relatively small number of suppliers. In the case of the election system, they have voting machines that come from fairly few election companies.
In the case of the electric grid, they have many different pieces of grid equipment that come from a limited number of companies. So there are some vulnerabilities potentially evident in those supply chains, and that's something that both areas are looking at very closely.
In addition to that, there's this idea of the air gap system. So in order to prevent hackers from getting in, both election overseers and power grid operators try to separate their key networks from the internet so that they're not accessible remotely.
Now on the policy side, I think both their examples, again as I mentioned, are the federal government wanting to help without seeming to interfere.
Now in the case of the power grid, of course, they're actually regulated and have enforceable cybersecurity standards unlike election systems. So that's one key difference to keep in mind when you're comparing any cyber defenses for these areas.
Monica Trauzzi: Is there movement to change that?
Blake Sobczak: Yeah. So what's happening now is there isn't necessarily a movement to regulate election systems per se, but there are conversations happening now in the halls of the Department of Homeland Security about upgrading election systems to be considered critical infrastructure alongside energy and telecommunications and dams and nuclear and things of that nature.
So the sources that I spoke to about this are a little bit mixed as to how much this would actually change the security of our election systems.
On the one hand, it could potentially free more funding or more access to assistance from the federal government if you had this designation, but on the other hand, there's a case to be made that there's a lot of overlap here and, in fact, the transmission of electronic voting results, for instance, and even the process itself is already covered by other critical infrastructure sectors. So you wouldn't really need to carve out this potentially duplicative critical infrastructure sector for election systems alone.
Monica Trauzzi: So Russia is a threat to both systems. In terms of next week's elections, how feasible is some kind of wide-scale hack?
Blake Sobczak: So the past year has been really quite testing for both election systems and the power grid in terms of threats from Russia. Last year, we saw an attack on Ukraine's power grid from suspected Russian hackers that disabled power to nearly a quarter-million customers for a few hours, and we also saw a series of Russia-based actors breaking into key email accounts and networks at our political institutions and some of our political parties here in the U.S.
So I think some experts are definitely concerned that there could be some hacking activity going on to coincide with the election Nov. 8.
However, there's a very slim chance that the results could be tampered with. I think the consensus of U.S. intelligence agencies and many of the cybersecurity companies that I talk to is that this is a very low-frequency but high-impact type event. The idea that you can actually hack a national election.
In that way, again, it's similar to the power grid. The U.S. intelligence community assesses the risk of the energy sector to be actually quite low, but if it did happen, it would obviously be enormously impactful.
Monica Trauzzi: Really great reporting. This is a story that will be running in EnergyWire early next week ahead of the elections. So everyone should look out for that for some additional reporting there. Thank you for coming on the show.
Blake Sobczak: Thank you.
Monica Trauzzi: More Cutting Edge coming next Friday. We'll see you then.
[End of Audio]