The biggest threat to election security is not a sophisticated cyberattack but a confused poll worker or a loose cable, according to a major new analysis of the voting machines used by millions of Americans.
Researchers from Towson University have mapped over 70,000 specific ways that Precinct Count Optical Scanners (PCOS) can fail, revealing that mundane procedural errors often create more significant vulnerabilities than technical flaws.
The findings come after 70 per cent of Americans voted in person during the 2024 presidential election, relying on these machines to tally their ballots.
“In-person voting is more complex than mail voting, and that means there are more points in the process where things can go wrong,” said Natalie M. Scala, professor in the College of Business and Economics at Towson University. “Seeing all those routes mapped out showed us how important it is to secure every link in the process – not just the machines themselves.”
Vulnerability pathways
The team built custom software to visualise unique vulnerability pathways across the entire voting process, covering the setup, voting and teardown phases. The analysis identified three main categories where risks are highest: procedural failures, usability issues and device handling.
Ineffective poll-worker briefings and inconsistent interpretation of unclear ballot markings emerged as top drivers of error likelihood. Additionally, simple interactions, such as mistimed ballot feeds or confusion about prompts, can cause significant delays under election-day pressure.
Physical security also remains a critical vulnerability, with unsecured flash drives, open ports, and unplugged cables posing significant risks across all modelled scenarios.
“It’s not always about software or code,” said Scala. “Sometimes it’s about missing paperwork or incomplete chain-of-custody documentation. Our work showed that tightening those everyday details greatly improves overall election security.”
The researchers are now developing an interactive version of their threat modelling tool to help election officials explore “what-if” scenarios in their own precincts. This will allow officials to measure how minor procedural improvements — such as better chain-of-custody checks — can dramatically alter the total risk profile of an election.
“Our model highlights each possible path in a scenario, so we can see weak spots and understand where extra protection would make the greatest impact,” said Scala.
