Fix security holes in election management

The NEC must come to a sober reflection on whether its security system has really been up to voters’ standards.

North Korea can infiltrate South Korea’s internal network to manipulate voting results if it wants to, according to the National Intelligence Service’s (NIS) investigation of the National Election Commission (NEC). The finding on the NEC that oversees the process of presidential, parliamentary and local elections is shocking, especially ahead of next year’s parliamentary elections on April 10. In the worst possible scenario, the security loopholes in the election management system can prompt losers not to accept the results of the legislative election.

On Tuesday, the NIS announced the results of its investigation on the NEC’s election management system from July 17. It discovered a fault in the ballot opening procedure, which is crucial to the election outcome. Anyone could break into the NEC system by using a staffer’s password, which was, simply, “12345.”

The confusion in the early voting system was also confirmed to be serious. Hackers can easily break into the computer network from unauthorized outside systems, change early voters into nonvoters and manipulate the numbers to influence the final votes.

Stamping in early votes also could be easily exposed, as faking ballot cards was possible through printing tricks. A North Korean hacking group broke into the email box of an NEC employee in 2021, stole sensitive data, and leaked it to outside.

Whether North Korea succeeded in raiding South Korea’s election management system is unclear. The latest results should not be linked to raising questions on the outcome of the 2020 parliamentary elections and others. But the NEC must come up with appropriate measures to address its systemic vulnerabilities to North Korea’s hacking threat, especially ahead of the parliamentary election next April. The election management body must pay more heed to the early voting system due to the alarming findings in the previous legislative election. If quick fixes cannot be possible, authorities need to consider strengthening the firewall or streamlining the system.

The NEC retorted that voting results cannot be manipulated as they proceed publicly unless there is a large organizational interference. Still, it must humbly accept the NIS’s warning by changing the password and toughening access to the voting server.

The NEC must come to a sober reflection on whether its security system has really been up to voters’ standards. The result of the presidential election last year was decided by a razor-thin gap of 0.73 percentage points. Security over our election results must be impeccable. The NEC must ensure that its system security and posture are 100 percent reliable.