This is an area where internal threats may be even greater. Admins of these systems have the ability to “adjust” vote counts. This means processes will need to be put in place to ensure this does not happen or is logged and reported.
To learn that our voting system is vulnerable to something that is easily preventable as SQL injection really makes you cringe a little bit. I am no expert in coding, but have taken some classes pertaining to database security. Some of the things that I’ve learned was how to prevent SQL injections by using prepare statements and other techniques to remove “injected” code. I’m probably talking in simpler terms and SQL injections may be more sophisticated but considering that it’s a known threat, I believe that more proactive measures could’ve been implemented to protect something as important as voting information.
Regarding the election system hack as you mentioned the threat is more probably the internal threat than the external threat.
There has to be strict monitoring mechanism pertaining to election system admins.
The admin credentials will be limited to certain number of people so there has to be check using a bio-metric system for the admin owners so that there is no unwanted sharing or monitoring of admin data.
The election system software available to the admin to work should be integrated with data logging mechanism so that every request sent to servers can be monitored and checked to find if any adjustment has been made to vote counts.
Loi Van Tran says
To learn that our voting system is vulnerable to something that is easily preventable as SQL injection really makes you cringe a little bit. I am no expert in coding, but have taken some classes pertaining to database security. Some of the things that I’ve learned was how to prevent SQL injections by using prepare statements and other techniques to remove “injected” code. I’m probably talking in simpler terms and SQL injections may be more sophisticated but considering that it’s a known threat, I believe that more proactive measures could’ve been implemented to protect something as important as voting information.
Vaibhav Shukla says
Regarding the election system hack as you mentioned the threat is more probably the internal threat than the external threat.
There has to be strict monitoring mechanism pertaining to election system admins.
The admin credentials will be limited to certain number of people so there has to be check using a bio-metric system for the admin owners so that there is no unwanted sharing or monitoring of admin data.
The election system software available to the admin to work should be integrated with data logging mechanism so that every request sent to servers can be monitored and checked to find if any adjustment has been made to vote counts.