Many of the companies that supply voting machines or voting software are small and vulnerable. An article in USA Today had the scoop:

An attempt by Russian hackers to infiltrate an obscure Florida elections technology company is igniting concerns about whether the small industry is vulnerable to attacks that could undermine confidence in election results.

Russian hackers apparently targeted employees of Tallahassee, Fla.-based VR Systems with phishing attacks to swipe their computer log-in credentials, then impersonated the company’s workers by sending emails with nefarious attachments to local governmental officials, according to a National Security Agency document leaked to news site The Intercept. The NSA concluded it was “likely” that at least one of the employees’ accounts was compromised.

The Brennan Center for Justice at NYU School of Law recently posted a great article by Lawrence Norden that had great information to add:

The leaked NSA report adds disturbing details to this knowledge, making it clear that the attacks against local election offices and the voter registration system were even more extensive than was previously known and that they came after President Obama personally told Vladimir Putin to “cut it out.” In other words, we cannot assume America’s election infrastructure is somehow immune to cyberattack. It’s wishful thinking to believe something that happened in Ukraine or Bulgaria couldn’t happen here.

Despite the alarms raised by these revelations in recent days, there has been little discussion of solutions. But the way forward is relatively clear. Protecting our elections against foreign attackers ultimately requires the will to squarely address known vulnerabilities—a will that has been lacking in Washington.

The details about Russian hacking cast into stark relief Congress’ stunning passivity around the issue of election infrastructure security—not just for the past few months, but for more than a decade.

https://www.youtube.com/watch?v=q_pM_I_hxd4