IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

Voter vulnerabilities: Cybersecurity risks impact national elections

By Contributor
Fri 17 May 2019
FYI, this story is more than a year old

Article by Malwarebytes A/NZ managing director Jim Cook.

The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 

New technologies are helping to ensure the accuracy of elections and as such, electronic voting is starting to become a bigger part of the Australian voting experience. But as with so many other industries, the more we digitise and find ways to heighten consumer experiences, the more opportunities we create for cybercriminals to exploit the gaps in the system. 

In February this year, it was revealed that the Australian Government was the victim of a sophisticated cyber attack. IT networks at Parliament House were disrupted, and while the occurrence was caught, and no data was breached or compromised, it does raise questions about the safety and security of the voting process in Australia. With the New South Wales (NSW) state election behind us, and a federal election taking place this weekend, it is important to understand how government departments are attempting to defend the voting process from cyber threats, and what learnings Australia businesses might be able to take away from this process. 

Digital dangers 

In April this year, a Deloitte review commissioned by the Department of Home and Affairs undertook a major review of electoral cybersecurity. The review noted that as electoral systems have become more digitised, attacks on electoral systems are increasing. The review raises concerns that hackers might find a weak point to exploit in the system, and use it to “sow doubt in the security and integrity” of Australian democratic processes. 

The security of digital voting systems has become a hot topic in recent years, and while the majority of Australians still flock in person to polling booths across the country, electronic voting is offered in extenuating circumstances where an individual is unable to visit a physical location. In the NSW state election earlier this year, thousands of voters reportedly took up this option, fore-going their democracy sausage sizzle, and trading in their pencil and paper to vote online.

For the third time running, the iVote system was rolled out to Australian voters, but the lead up to the big day was not all together smooth. Two weeks out from the election, the NSW Electoral Commission confirmed a critical defect had been found in the e-voting system that could potentially allow vote manipulation, validating the concerns of the Deloitte review. 

In this instance, a cryptographic trapdoor allowed malicious actors to change votes without being detected. The potential for interference occurs at the stage when votes are being randomised to ensure they cannot be connected to individual voters. The detection was a concern, however for this to have a negative impact on the results of the election, a bad actor would have to gain access to the physical machine that the votes were being counted on, and have all the right credentials and codes to alter the software. 

Counting the risks 

Despite these concerns, digital voting is not the only vulnerability in the election process – traditional pencil and paper ballots also have their flaws. While analogue voting may seem more secure than logging in online, votes still need to be counted, which introduces an element of human error. Counting and determining the results of both digital and static votes remains a vulnerable point of the democratic process because at some point in the counting process, some form of software will be used, even if it is only to calculate numbers. 

A recent review of the US democratic voting system by the Malwarebytes Labs team found this to be the most vulnerable stage of the process. As hackers become more sophisticated, breaches at this counting and decrypting stage could be the way to access the records, either to alter them to potentially change the outcome of the vote, or to on sell the personally identifiable information (PII) that they collect from voters. 

Securing the nation 

When looking to identify and mitigate the risks of potential vulnerabilities in the voting process, it is vital to ensure that any digitisation process or platform introduced to the public undergoes rigorous testing and review before being opened to the public. 

Such is the case with the iVote system defect that was made public during the NSW State election in March. Earlier in the year, the NSW Electoral Commission (NSWEC) invited individuals with a private or academic interest to review aspects of the iVote system source code prior to the election. In addition to its own private testing, these measures helped to identify the potential risks, and allowed the NSWEC team to put processes in motion that would mitigate the risks of any potential exploitation.  

After the votes have been cast, any machine that is being used to count and decrypt voting data should be secured against tampering, and have software running that actively monitors for and reports any abnormal activity. As a further security measure, these machines should remain air-gapped during the voting process to create an extra barrier against cybercriminals. While even air-gapped computers are not 100 percent safe, an attacker would require proximity to the machine to have an influence. 

With a national election only days away, security is top of mind for us all. Taking stock of the learnings from recent local and international elections will allow us to look forward, and instigate changes to our existing systems. These changes will help minimise the threat of election fraud or wider attacks on our national voting systems, while simultaneously leveraging technology to make the process more convenient. 

By securing infrastructure such as voting apparatus, testing the systems we deploy and being more generally aware of what the risks are, we can all feel safer knowing that one of the most vital actions we take as a country is protected. These are key insights and process that businesses can also learn from. Implementing similar checks and protection measures will help to protect any data collected or stored in Australia.  

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Australian consumers loyal to retailers who deliver speed and visibility
SOTI finds extensive order visibility and speed are the most important factors for turning one-off customers into loyal, long-term buyers.
Story image
Ivanti puts spotlight on power of employee digital experiences
The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe this impacts morale.
Story image
Artificial Intelligence
Juniper study reveals top AI trends in APAC region
Juniper's research shows an increase in enterprise artificial intelligence adoption over the last 12 months is yielding tangible benefits to organisations.
Story image
Public Cloud
Public cloud services revenues top $400 billion in 2021
"For the next several years, leading cloud providers will play a critical role in helping enterprises navigate the current storms of disruption."
Story image
Digital Transformation
Google Cloud launches new Digital Accelerator bundles for Aussie SMBs
The new bundles are designed to help Australian small and medium-sized businesses embrace digital transformation and take their businesses online.
Story image
Stock security features inadequate in face of rising risk
"Organisations must proactively find ways of identifying unseen vulnerabilities and should take a diligent, holistic approach to cybersecurity."
Story image
NOWPayments launches new service to analyse cryptocurrency fees
NOWPayments has launched a new network fee optimisation solution that analyses current network fees and picks the most profitable option out of the client's payout wallets.
Story image
Hybrid Cloud
Advent One acquires Layer 8 Networks, complements hybrid cloud offering
The acquisition comes at a time of surging demand in hybrid cloud, network virtualisation and network security.
Story image
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Vertiv releases updates on ESG initiatives, sets sights on future
Vertiv has released its inaugural environmental, social and governance (ESG) report, the company’s first public report of its ESG activities.
Story image
Identity and Access Management
Ping Identity named a Leader in Access Management
Ping Identity has been named a leader in the 2022 KuppingerCole Leadership Compass report for Access Management. 
Story image
Evonik relies on Getac F110 tablet to control autonomous robot
The aim of the project is to evaluate the practicality of an automated robotic maintenance and inspection solution in the chemical industry.
Story image
Sutton Tools deploys Infor M3 CloudSuite for manufacturing
Sutton Tools has also implemented the Infor OS cloud operating platform, including Infor Intelligent Open Network and Mongoose.
Story image
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
ASI Solutions named finalist of Microsoft Surface Partner of the Year
"ASI Solutions has a strong Microsoft focus, building value by helping customers maximise investment in modern workplace solutions."
Story image
Video: 10 Minute IT Jams - An update from CyberArk
Olly Stimpson joins us today to discuss the importance of MSP programmes and how MSP partners are experiencing success with CyberArk.
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Cloudian, Vertica to deliver on-premise data warehouse platform
"We’re enabling our customers to capitalise on a leading object storage platform and maximise the value of their digital assets.”
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why its time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
Dicker Data
EXCLUSIVE: Why women in IT makes good business sense - Dicker Data
The Federal government wants to bolster female participation in the tech industry to at least 40% by 2030. Here's how one homegrown Australian company has already reached that goal.
Story image
State Library of Victoria
State Library of Victoria entrusts Oracle support and security to Rimini Street
“Our finance team are very happy with the support and security that Rimini Street provides, which keeps our assets and our customers secure."
Story image
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Robotic Process Automation / RPA
Salesforce announces latest generation of MuleSoft
Salesforce has introduced the next generation of MuleSoft, a unified solution for automation, integration and APIs to automate any workflow.
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
Cloud Security
Palo Alto Networks bolsters cloud native security offerings
Latest Prisma Cloud platform updates help organisations continuously monitor and secure web applications with maximum flexibility.
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Story image
Digital Transformation
What CISOs think about cyber security, visibility and cloud
Seeking to uncover the minds of CISOs and CIOs across Asia Pacific, my company recently asked Frost & Sullivan to take a snapshot of cloud adoption behaviour in the region.
Story image
How to achieve your monthly recurring revenue goals
Monthly recurring revenue (MRR) is the ultimate goal, the most important issue on which anyone in the IT channel should focus.
Story image
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
Zero trust security adoption rises 27% in just two years
A survey of WAN managers has revealed that multi-factor authentication and single sign-on are the top zero trust features implemented.
Story image
Data ownership
Brands must reclaim trust by empowering data ownership
According to Twilio's new State of Personalisation Report 2022, 62% of consumers expect personalisation from brands, and yet only 40% trust brands to use their data responsibly and keep it safe.
Story image
New VMware offerings improve cloud infrastructure management
VMware has unveiled VMware vSphere+ and VMware vSAN+ to help organisations bring benefits of the cloud to existing on-prem infrastructure.
Story image
Forescout reveals top vulnerabilities impacting OT vendors
Forescout’s Vedere Labs has disclosed OT: ICEFALL, naming 56 vulnerabilities affecting devices from 10 operational technology vendors.
Story image
Zscaler launches co-located data centres in Canberra and Auckland
The investment will offer public and private sector enterprises greater resilience in support of their zero trust cybersecurity posture.
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Macquarie Data Centres
Macquarie deal to pioneer CO2-cutting data centre tech in Australia
Macquarie Data Centres has signed a multi-year deal with ResetData, an Australian first provider using Submer data centre technology. 
Story image
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.