Sen. Ron WydenRonald (Ron) Lee WydenDemocrats scramble to reach deal on taxes Pelosi open to scrapping key components in spending package Under pressure, Democrats cut back spending MORE (D-Ore.) on Tuesday questioned a leading voting machine manufacturer on whether it sells products with remote-access software, raising concerns about the machines' potential vulnerability to hacking.
Wyden, in a letter to Election Systems & Software (ES&S), cautioned that malicious hackers could seek to exploit such software if it is built into the machines or other election-management products.
“The American public has been repeatedly assured that voting machines are not connected to the internet, and thus, cannot be remotely compromised by hackers,” Wyden wrote in the letter.
His letter comes amid concerns that Russia or other nation states may seek to interfere in future U.S. elections, including this year's midterm elections.
U.S. officials say that Russian hackers targeted election infrastructure in 21 states ahead of the 2016 presidential election and, in a small number of cases, were successful. While the systems targeted ahead of 2016 were not involved in vote tallying, the revelation has nevertheless spurred concerns about vulnerabilities in U.S. voting infrastructure, including voter databases and voting machines.
"Given the real threat that our democracy now faces from hostile foreign governments it is of paramount ignorance that our election infrastructure be secure against cyberattacks," he wrote.
His letter referenced a report last month in The New York Times Magazine detailing how machines produced by ES&S had pre-installed remote-access software so technicians could access the election systems from afar. Voting machines are typically not connected to the internet, but Wyden raised concerns that the software could expose the machines to compromise.
“Election systems sold by your company frequently include pre-installed remote access software, which exposes election systems to remote attack and compromise,” Wyden wrote, citing the New York Times Magazine piece.
“The default installation or subsequent use of remote-access software on sensitive election systems runs contrary to cybersecurity best practices and needlessly exposes our election infrastructure to cyberattacks,” he continued.
Last year, Wyden pressed several voting machine manufacturers, including ES&S, on their cybersecurity practices and whether they had fallen victim to breaches.
Wyden, a Senate Intelligence Committee member, accused ES&S of failing to provide answers to his original questions in his latest letter.