Market Overview

Venafi Study: 93% of Security Professionals Say Election Infrastructure Is at Risk


Eighty-one percent believe cyber attackers will target machine
communications from local polling stations to central aggregation points

the leading provider of machine identity protection, today announced the
results of a study on the security of election infrastructure. According
to the study, ninety-three percent of security professionals are
concerned about cyber-attacks targeting election infrastructure and
data. Eighty-one percent believe cyber criminals will target election
data as it is transmitted by machines, software and hardware
applications, from local polling stations to central aggregation points.

"Last year, attendees at DEF CON managed to find
and take advantage of vulnerabilities in five different voting
machine types
within 24 hours," said Jeff Hudson, CEO of
Venafi. "While these findings were disturbing, conference attendees only
examined a small portion of election infrastructure. It's clear to
nearly all security professionals that the back-end systems that
transmit, aggregate, tabulate, validate and store election data are at
least as vulnerable to cyber-attacks as voting machines."

Additional findings from the study include:

  • Ninety-five percent believe election systems—including voting
    machines, software and back-end systems—should be considered critical
  • When asked what areas of election infrastructure were most vulnerable
    to cyber attackers:
    • Fifty-four percent say voting machines that collect election data.
    • Fifty-two percent say encrypted communications between polling
      stations and back-end election systems.
    • Fifty percent say systems that store voter registration data.
  • Only two percent are very confident in their local, state and federal
    governments' abilities to detect cyber-attacks targeting
    election infrastructure. In addition, only three percent are very
    confident in their local, state and federal governments' abilities to block
  • Sixty-four percent believe vulnerabilities and exploits connected with
    election systems are available to cyber attackers on the dark web.

Earlier this month, a grand jury issued
a detailed indictment
on international interference during the 2016
U.S. presidential election. Details in the indictment indicate that
nation-state actors utilized encrypted tunnels to target vulnerabilities
in election infrastructure, along with other attack methods. Attacks
that hide in encrypted tunnels are difficult to detect and block without
a comprehensive machine identity protection program in place.

"Security professionals clearly think that machine-to-machine
communication in the electoral process is a high value asset for
attackers targeting election results," said Kevin Bocek, vice president
of security strategy and threat intelligence for Venafi. "This is just
one reason why governments around the world need to make the security of
all encrypted, machine-to-machine communication their top concern."

Conducted by Dimensional Research in July 2018, the study included
responses from 411 IT security professionals in the U.S., U.K. and


Web: Detailed
study results

Blog Post: Venafi
Study on Election Infrastructure Risks

About Venafi

Venafi is the cybersecurity market leader in machine identity
protection, securing connections and communications between machines.
Venafi protects machine identity types by orchestrating cryptographic
keys and digital certificates for SSL/TLS, IoT, mobile and SSH. Venafi
provides global visibility of machine identities and the risks
associated with them for the extended enterprise—on premises, mobile,
virtual, cloud and IoT—at machine speed and scale. Venafi puts this
intelligence into action with automated remediation that reduces the
security and availability risks connected with weak or compromised
machine identities while safeguarding the flow of information to trusted
machines and preventing communication with machines that are not trusted.

With over 30 patents, Venafi delivers innovative solutions for the
world's most demanding, security-conscious Global 5000 organizations,
including the top five U.S. health insurers; the top five U.S. airlines;
four of the top five U.S., U.K., Australian and South African banks; and
four of the top five U.S. retailers. For more information, visit:

View Comments and Join the Discussion!