Electronic Voting Machines (EVMs) – A Cyber Security Analysis

India Blames Pakistani Hackers For Latest IRS Website Hack
March 30, 2017
na.gov.pk – XSS Vulnerability [Cyber Alert]
April 12, 2017

Electronic Voting Machines (EVMs) – A Cyber Security Analysis

Introduction of EVMs (electronic voting machine) in Pakistan - soon to be happening elections is indeed something to laud . While this will open new possibilities in public voting and digitizes the whole electoral domain it also presents new dangers and threats to the integrity and security of electoral exercise.

THE RISE OF technology in Pakistan and introduction of EVMs (electronic voting machine) in soon to be happening elections is indeed something to laud . While this will open new possibilities in public voting and digitizes the whole electoral domain it also presents new dangers and threats to the integrity and security of electoral exercise. Officers of Election commission have already voiced their concerns labeling EVMs “ 100 percent fair and transparent “ rate just a myth. Examples of six European countries which switched back to conventional voting methods after abandoning EVMs because of a lack of transparency and trust are also quoted again and again in concerns.

Cyber attacks like phishing and DDOS doesn’t just endanger businesses only but they also endanger democratic elections around the world, in which a well-timed data breach or site outage can meaningfully impact—and potentially destabilize—the democratic process.
American Presidential elections are just one of the recent examples. We can see and study how gradually and systematically whole process got tainted with allegations of Cyber hacking and Vote manipulation. Prior studies of electronic voting security have recommended avoiding complexity and minimizing the size of the trusted computing base.

The new vector of Supply Chain attack should also be considered when considering foreign nations and security agencies meddling with local elections.To mitigate these kind of threats it is important that all hardware / software components to be made  and developed locally under strict supervision and maintaining highest industry standards.

Thanks to the recent leaks in American presidential election, we have all learned — again — that email is insecure. It can easily be compromised and released online with potentially dramatic consequences. It is unlikely that analysts will ever be able to conclude whether controversies over email had a major impact on the election, but the very word became an effective campaign slogan.

At National level, a more systematic approach is needed, which should involve the Govt’s plan to establish and review the cybersecurity strategy for elections next year. If needed there should be cyber security public-private partnerships just like American Government has teamed up recently with Google to release cyber security tools called “Protect Your Election.”
In a politically dynamic and charged up society like ours there is a special need to formulate a comprehensive cyber security policy so that concrete measures can be taken to safeguard the whole electoral process.

One way forward is to provide training on free cyber-defenses tools that can support the independent news outlets, election monitoring and audit groups, activists, and human rights organizations that help elections run smoothly. The innovation here isn’t the tools themselves, but packaging them to make them accessible and then training people who need them most.

This exercise will improve the trust of target audience but also sends a valuable message to General Public that Govt will take all necessary steps to fulfill its duty towards fair and transparent elections. All parties involved in election process should be aware that any organization that works with election data, security is an ongoing process that requires constant assessment and willingness to adapt.

Ensuring that any cyber security framework starts with an understanding of the fundamental properties of the Internet and an appreciation of the complexity of the cyber security landscape is the critical part of an effective response and threat detection process – and multi stakeholder cross-board collaboration is an essential component of it. Election Commission of Pakistan must work with all policy makers in our country to make sure this happens. Cyber Security and audit must be carried out prior to the decision to introduce EVMs in Pakistan on a national scale . All the proposed solutions should be audited and tested for scenarios like tampering with software before CPU Manufacture, substituting Look-Alike CPUs, tampering with Machine State, clip-on Memory Manipulator Attack and attacks that can lead to violations of ballot Secrecy.

While these are important elements of a response to the cyber threat that we may face, including ones in the political realm, there should also be recognition of the fact that, cyber security is a shared responsibility.

Leave a Reply