Q&A: Sam Houston State University cyber forensics intelligence expert talks foreign election hacking ahead of Nov. 3

Less than a week ahead of the Nov. 3 Election Day, Cihan Varol, an associate professor with Sam Houston State University's Cyber Forensics Intelligence Center, shared insight on foreign election hacking and what it means for voters. (Courtesy Adobe Stock)
Less than a week ahead of the Nov. 3 Election Day, Cihan Varol, an associate professor with Sam Houston State University's Cyber Forensics Intelligence Center, shared insight on foreign election hacking and what it means for voters. (Courtesy Adobe Stock)

Less than a week ahead of the Nov. 3 Election Day, Cihan Varol, an associate professor with Sam Houston State University's Cyber Forensics Intelligence Center, shared insight on foreign election hacking and what it means for voters. (Courtesy Adobe Stock)

Less than a week ahead of the Nov. 3 Election Day, Cihan Varol, an associate professor with Sam Houston State University's Cyber Forensics Intelligence Center, shared insight on foreign election hacking and what it means for voters.

According to Varol,
if a foreign or domestic cyber actor attempts to disrupt, manipulate, destroy or affect the process of the election by using cyberattack practices, this constitutes an election interference; election hacking refers to breaches that are intended to manipulate voter data, change the vote tally or discredit the results. Both types of attacks are tracked by the Federal Bureau of Investigation and the U.S. Cybersecurity and Infrastructure Security Agencies, which regularly meet with local election officials to brief for potential threats.

Varol added security measures include sensors on every state's network to monitor for cyberattacks, and once vulnerabilities are detected, they are patched as soon as possible.

This interview has been edited for length and clarity.


What impact can foreign election hacking have on election outcomes? Are there any specific past examples that you could share?


There is a very slim chance that the hackers can change vote count, but they can definitely influence people to believe that they did manipulate it. If election fraud is going to happen, it'll be because of disinformation. For instance, recently hackers on a Russian forum posted that they had stolen data on voters in Michigan, which raised concerns. Although it is a privacy issue—exposure of Personally Identifiable Information—it has no direct way of changing the vote tally. However, it has the potential to make people not vote if they start to believe that the election is hacked.

Has foreign election hacking always been a concern, or has it become more prevalent in recent election cycles? Why do you think that is?

This was always a concern, but with the recent magnitude of cyber attacks, such as WannaCry, StuxNext, Equifax and Target, not only the attackers increased their attempts after successful breaches, but also the government entities increased their attention for a secure election.

How has election security changed over the past couple of decades? Do you think elections have become more or less secure? Why?

With the increased use of social media and online campaigning, there are more ways to interfere with the elections. If successful, attackers can prevent people to not go for voting. However, the security of the election has not changed much. Still, in order to change the vote tally, one needs to either hack the voting machines in the poll locations or attack the communication lines. While it may be attractive to some foreign entities to manipulate the results, the system is getting secured each day via patching the vulnerabilities.

Should voters be concerned about foreign election hacking? Why or why not?

At the very least they should be concerned. According to several sources, voter data was obtained by foreign entities. Even though they may not able to change the outcome of the election, they still have Personally Identifiable Information, which is protected by a combination of federal laws, including the Electronic Communications Privacy Act, Telephone Consumer Protection Act, Family Educational Rights and Privacy Act, etc., that is a concern of losing one's privacy.

What do you think needs to be done in future election cycles to deter foreign election hacking?

Cybersecurity standards need to be tightened. Current security assessment standards of ISO 27001, PCI DSS, FedRAMP, even the comprehensive Cloud Security Alliance Security, Trust, and Assurance Registry standards do not emphasize the importance of digital forensics in their framework. Clarifying which logs should be acquired, analyzed and reported in a forensically sound manner is crucial to protect our elections. Any evidence that is not collected by the norms of the acquisition procedures or not analyzed according to the principles of digital evidence handling will be dismissed by the court. Therefore, security standards need to have a section on the digital forensics aspect specifically regulating data/log storage and evidence handling that should be implemented by the government.

Is there anything else you would like to add?

There is still an enormous workforce need in cybersecurity. Because of the shortage of personnel, companies, government, and our elections are under more cyberattack threats than yesterday. Therefore, not only do we need to increase the number of security experts, but also move toward more artificial intelligence solutions.
By Hannah Zedaker
Born and raised in Cypress, Texas, Hannah Zedaker graduated from Sam Houston State University in 2016 with a bachelor's degree in mass communication and a minor in political science. She began as an intern with Community Impact Newspaper in 2015 and was hired upon graduation as a reporter for The Woodlands edition in May 2016. In January 2019, she was promoted to serve as the editor of the Spring/Klein edition where she covers Spring ISD and Harris County Commissioners Court, in addition to business, development and transportation news.


MOST RECENT

Heading into Thanksgiving, Texas Medical Center continues to report uptick in hospitalizations

The total number of COVID-19 patients hospitalized at Texas Medical Center facilities has increased by more than 50% over two weeks.

Texas Gov. Greg Abbott announced a COVID-19 vaccine distribution plan for the state Nov. 23 for a vaccine he said could be available as soon as December. (Courtesy Adobe Stock)
Texas Gov. Greg Abbott announces COVID-19 vaccine distribution plan

The vaccine could start being distributed "as early as next month," according to a Nov. 23 news release.

Harris County Precinct 4 and the Champions Municipal Utility District celebrated the completion of Champions Drive in a ribbon-cutting ceremony Nov. 19—just weeks before the 2020 U.S. Women's Open Golf Tournament is scheduled to take place in the area. (Courtesy Harris County Precinct 4)
Harris County Precinct 4, Champions MUD celebrate completion of Champions Drive ahead of 2020 U.S. Women's Open Golf Tournament

In anticipation of increased traffic on the roadway for the 75th annual event, Harris County Precinct 4 and the Champions Municipal Utility District began construction in September 2018 on a $13.3 million joint project to upgrade Champions Drive from a two-lane asphalt road to a two-lane concrete paved section with improved drainage between FM 1960 and Cypress Creek.

As coronavirus cases continue to rise among teachers and students, Spring, Klein and Cy-Fair ISDs have reported that an 32,783 more students are learning in person during the second grading period than were on campus at the start of the 2020-21 school year. (Courtesy Adobe Stock)
More than 32,700 students in Spring, Klein and Cy-Fair ISDs switch to on-campus learning for second grading period

Spring, Klein and Cy-Fair ISDs have reported that an 32,783 more students are learning in person during the second grading period than were on campus at the start of the school year.

Despite losing his position on the Klein ISD board of trustees by 26 votes in the Nov. 3 general election, incumbent Doug James has been appointed to fill a Position 2 vacancy after the winning challenger, Alvin Vaughn, declined his position as a trustee. (Courtesy Doug James)
Klein ISD appoints incumbent Doug James to fill vacant Position 2 after winning challenger declines candidacy

"I want to thank the Klein community for voting for me," Vaughn said in a statement. "Winning the election is more than I could have hoped for, but upon further investigation as to the time requirements of this position and in consultation with my family, I have decided to decline this position."

Laura Colangelo
Q&A: Laura Colangelo discusses challenges facing private schools during pandemic

Colangelo said private schools have adapted to remote learning and other obstacles in 2020 despite less revenue and a 9% decline in enrollment statewide.

Shake Shack opened its new standalone location at The Woodlands Mall in November. (Courtesy Christine Han)
Shake Shack opens in The Woodlands Mall and more Houston-area updates

Read the latest business and community news from the Greater Houston area.

The Skeeters will be the first-ever independent baseball league team to become an MLB team's Triple-A affiliate. (Courtesy Sugar Land Skeeters)
Sugar Land Skeeters selected as Triple-A affiliate for Houston Astros

In joining the Houston Astros organization, the Sugar Land Skeeters will be the first-ever independent baseball league team to become an MLB team's Triple-A affiliate.

Schools now have the power to temporarily suspend on-campus instruction if “a significant number of the instructional staff at the campus is impacted due to a confirmed COVID-19 outbreak." (Courtesy Adobe Stock)
Texas Education Agency authorizes schools to close doors for 14 days due to coronavirus-related staffing concerns

Campuses can now instate a hybrid or fully remote instruction model for up to 14 days if adequate instructional staffing is not possible due to high numbers of COVID-19 cases among employees.