I’ve submitted one threat analysis for the workshop tomorrow on threat assessment, on a broad class of threats that I call “precinct voting denial of service.” My short paper (“Precinct Voting Denial of Service” goes into much more detail on the various types of threats in this class of attacks, but here is a short teaser description:
The basic approach is that a perpetrator attacks precinct voting, regardless of voting system, on election day in an effort to disrupt the process sufficiently to produce an effective “denial of service” attack. The perpetrator, based on an analysis of past elections returns, would target selected precincts that are highly likely to cast votes in a certain direction. For example, if the perpetrator wished to sway the election for party X, he or she would target precincts that have very heavy concentrations of party Y supporters. In a close election, especially in lower-level races, such an attack could either sway the outcome of an election to party X or could throw considerable doubt and distrust into the announced election outcome.”
In the paper I provide a series of examples of these type of attacks, some of which have occurred, some of which are potential threats.
This looks like an interesting workshop, both based on the threat analyses posted so far on the NIST site and because of the strong response they have received to attend the workshop; I’ve heard they are going to have a very large group (I’ve heard numbers in the range of 150 and possibly more?). Clearly NIST is pursuing an important topic here, and they have gotten us focusing research energy on developing better threat assessments for our electoral process, from start to finish.