My earlier posts walked through the arithmetic of two recent Presidential elections. We saw that nullifying a small proportion of the total votes would have been sufficient to change the results. To close out the subject, let's make a few observations.
First, attackers generally have some options as to which regions they can attack. Areas where the vote is expected to be closest make sense as good targets. We saw that in the 2016 elections, a large number of combinations of regions could be put together to affect the required number of votes. The 2012 election offered a fewer number of combinations but options were still available.
Second, the federated nature of the U. S. election system cuts both ways. Design diversity is a good approach in all sorts of high reliability systems. The range of systems and procedures used in different counties means that an attacker cannot roll out a one-size-fits-all attack. On the other hand, a security wall is only as good as its weakest point. Some counties are likely to be more difficult to attack than others. Given that a relatively small proportion of the jurisdictions need to be compromised, and given that multiple combinations of regions can be put together to produce the required number of votes, attackers can probe for weak links to achieve their ends.