Penetration Tests Ensure Digital Voting Transparency

As the US presidential elections approach, government institutions are actively seeking cybersecurity solutions capable of enhancing the integrity of digital voting systems in response to widespread concerns about their transparency. While resilient security measures have been successfully integrated into voting machines, penetration testing stands out for its efficiency. This process involves simulating potential cyberattacks against a network to identify and address vulnerabilities and ensure the security and reliability of the voting process.  

The US government has enlisted the expertise of several cybersecurity companies to evaluate the resilience of three major voting machines used in the country’s electoral process. This initiative is a direct response to apprehensions stemming from the aftermath of the 2020 US election, during which supporters of former President Donald Trump alleged that voting machines, specifically those designed by Dominion Voting Systems, were manipulated to influence the outcome. The sentiment has persisted, as indicated by a CNN poll that revealed that 69% of Republicans still question the legitimacy of President Joe Biden's victory in 2020.

The US cybersecurity pentesting program is being led by the IT-Information Sharing and Analysis Center, a group of providers that includes the participating voting equipment vendors in the country’s electoral process. The ethical hackers spearheading the program aim to test various attack scenarios against the US digital voting systems. These scenarios include attempts to manipulate ballots through malware threats and disrupt electronic pollbooks used at voting stations through Distributed Denial of Service (DDoS) attacks. Although the cybersecurity evaluation of these voting machines is ongoing, US election vendors are already implementing security measures based on the outcomes of the pentesting results.

According to the Mexican Senate, only nine countries worldwide implemented comprehensive electronic voting systems in 2022. These countries include Belgium, Brazil, Bulgaria, Estonia, the UAE, the US, the Philippines, India and Venezuela. Nevertheless, multiple Latin American countries are increasingly considering electronic voting as an efficient means to ensure the accuracy of voting tabulation.

In Mexico, President Andrés Manuel López Obrador’s Electoral Reform sought to introduce electronic voting. However, outstanding cybersecurity concerns obstructed the adoption of these systems. Moreover, challenges related to credentialing services and IT infrastructure capacity within Mexico constitute additional barriers to an efficient and trustworthy digital voting system. However, penetration tests carried out by ethical hackers could effectively mitigate Mexican citizens’ concerns regarding corruption and transparency during the digital voting process by providing independent cybersecurity assessments without involving governmental authorities.

Rey Ortega, Co-founder and CTO, Octapus, was quick to warn the Mexican government about the ineffective resilience of INE’s voting systems. Octapus claims to have identified multiple software vulnerabilities within the institution's networks, which could potentially expose Mexico to various attacks aimed at altering the outcomes of the country's voting process. However, "changing the electoral outcome does not necessarily need a hacking attack. There can also be disruptions to render systems inoperative. Additionally, denial-of-service attacks can also impact the digital voting system," explains Ortega.