Midterm Election Security: Why Patching Is a Critical IssueDarien Kindlund of Insight Engines on Vulnerabilities in Electronic Voting Devices
Many of the computer devices - also known as direct recording equipment - that will be used for electronic voting in November's midterm elections have unpatched older operating systems that make them vulnerable, says Darien Kindlund, a data scientist at the cybersecurity firm Insight Engines, which advises governments and others.
"Over half of the states have DREs installed and in operation," Kidlund says in an interview with Information Security Media Group. "And what we've seen so far, as well when talking with others, is that there is roughly 30 percent to 40 percent of them that have vulnerability and patching issues that need to be addressed."
Much of the problem can be attributed to these devices being placed into storage between election cycles and therefore missing out on critical patches and updates, creating a backlog of time-consuming fixes once the next election comes.
"The biggest challenge that many election officials face is that security is not a single time activity; it's a constant process," he says. "So instituting sound processes to make sure that these systems remain secure - that's a challenge that every local election has to come to grips with."
In this interview (see audio link below photo), Kidlund also discusses:
- Vulnerabilities in the operating systems of election devices;
- The degree of network connectivity of these devices;
- Why paper backups are so critical.
Kindlund is vice president of technology at Insight Engines. He has developed tactical and strategic security programs focused on advanced threat detection and response. Kindlund works with natural language processing and machine learning experts to develop cybersecurity-focused solutions