O’Shea Bowens is the head of cybersecurity consulting firm Null Hat Security in Providence. He is an expert on electoral systems and cyber integrity. He shared his thoughts with Providence Business News on cyberthreats and electronic voting machines, including how Rhode Island compares to other states.
PBN: What is your general assessment of where we are as a nation in terms of cybersecurity and electronic voting?
Facing the Holidays with a Cancer Diagnosis
The holidays are often painted as a time of joy, tradition, and togetherness. But for…
Learn More
BOWENS: Well, my answer is a bit two-sided. On one hand, I believe due to the controversy from the 2016 presidential election, this is a topic on more Americans’ radar. As a cybersecurity practitioner, I’m an advocate for more of the population understanding – at a pretty basic level – how cyberthreats may impede day-to-day life.
On the other hand, guidelines and polices for electronic voting are handled at the state level. This poses an issue and can create gaps, as each state is responsible for implementing cybersecurity practices.
PBN: Where is Rhode Island in all of this?
BOWENS: Rhode Island is in good position. The state department has been very proactive. Rhode Island was one of 11 states that received high grades for elections security from the Center for American Progress. [With] more information and recognition from the Department of Homeland Security, and states will see the benefits of taking more action.
PBN: The Center for Strategic & International Studies and other groups cite voter-verifiable paper audit trails as valuable in election security. What are those, and do you agree?
BOWENS: Think of it as a receipt similar to what you would receive at the grocery store to verify your purchases, or – if you’re like me – ensure you haven’t been overcharged and your coupons were used. The primary purpose of VVP is offering voters the chance to verify their vote is accurate. Secondary uses such as acting as an official vote for recounts and a safety measure against voting-machine malfunction are why I agree in leveraging this method.
PBN: What are some of the main challenges in achieving security for our voting systems?
BOWENS: There are a few. As I stated before, these practices are enacted at the state level, with little enforcement by the federal government. Also, finding cybersecurity experts to engage with isn’t very cheap. States will need to look to firms such as Null Hat Security to offer reasonable prices and believe in this mission to help reach their goals.
PBN: Is there anything individual voters can do to make a difference?
BOWENS: There is a public message many of us are familiar with, especially if you fly frequently: “If you see something, say something.” This applies to noticeable glitches on the screen of voting machines, candidates not appearing on the ticket, or an incorrect vote casted. I’d also recommend reviewing your state Board of Elections programs or literature explaining how your vote is secured. Attend town hall meetings and raise questions to your local representatives about the security of your vote.
Currently there have been no findings of votes being modified by cybersecurity attackers, but as a security professional, I tend to believe those that commit cyberattacks are relentless and eventually do succeed. Our democracy is an arena where that can’t be allowed to happen and must be defined at every turn.
Susan Shalhoub is a PBN contributing writer.
