How State Governments Are Bolstering Cybersecurity for the Midterm Elections

In response to the hacking of the 2016 elections by hostile foreign parties, Congress has given state election authorities millions of dollars with which to upgrade their digital infrastructures.

As recently reported by CyberScoop, “Hackers have launched distributed denial-of-service [DDoS] attacks against at least two municipal-level Democratic campaigns in 2018.” Sources refused to identify the affected candidates, but they insisted that the timing of the attacks — one during an online fundraising drive and the other during a period of positive press following a public event — suggests politically-motivated foul play.

Of course, this is only the latest reported cyberattack on America’s electoral system. While the debate rages on as to what effect foreign meddling had on the outcome of the 2016 Presidential Election, the Senate Intelligence Committee’s report was crystal clear about one thing: “In 2016, cyber actors affiliated with the Russian Government conducted an unprecedented, coordinated cyber campaign against state election infrastructure.”

What’s more, while testifying before the Committee in February, Director of National Intelligence Daniel Coats warned, “There should be no doubt that Russia…views the 2018 midterm elections as a potential target for Russian influence operations.”

In an attempt to prevent — or at least discourage — such operations, Congress included $380 million of new funding for the Election Assistance Commission (EAC) in the $1.3 trillion federal spending bill it passed in March.

A Range of Approaches

Each state’s share of the $380 million is determined according to a voting age population-based formula outlined in Sections 101 and 103 of the Help America Vote Act of 2002. California is set to receive the largest slice of the pie ($34.6 million), whereas eight states — Alaska, Delaware, Montana, North Dakota, Rhode Island, South Dakota, Vermont, and Wyoming — are scheduled to receive a baseline sum of $3.0 million.

According to EAC guidelines, states are allowed to use their share of the funding to carry out any number of reforms. That goes from “replacing voting equipment that only records a voter’s intent electronically with equipment that utilizes a voter-verified paper record,” to “facilitating cybersecurity training for the state chief election official’s office and local election officials.”

In California, county officials have been given over $3 million to fortify digital voter rolls against cyberattacks and improve accessibility at polling places in advance of the upcoming midterm elections. The rest of the state’s funding will be dedicated to an assortment of longer-term projects, including $3 million for county cybersecurity training, $400,000 for implementation of risk-limiting audits, and $1 million for miscellaneous personnel costs over the next three years.

Further west, Hawaii plans to spend around 13% of its $3.1 million package on this year’s midterms, making sizeable investments in new computers, additional staff, and extensive cybersecurity training. In the long term, the state plans to spend more than $600,000 on new voting equipment.

Protecting the Democratic Process

Ultimately, while the newly appropriated EAC funds are a start, most state election authorities are still far from cybersecurity experts. As former NSA hacker Jake Williams points out, “Unlike larger organizations with dedicated IT security staff, smaller organizations [like local election authorities] are unlikely to have deployed instrumentation that would provide log evidence in the case of a DDoS.”

As such, many states are planning to solicit the services of outside experts to bolster the cybersecurity of their midterm election processes. For instance, as the State of Hawaii Office of Elections writes, “The State will hire contractors with senior security expertise who are familiar with software solutions to set up and optimize the [election] environment. The specialized personnel will assess vulnerabilities and monitor the environment.”

At Turn-key Technologies (TTI), we have nearly three decades of experience helping organizations of all types keep their IT systems secure. From full network audits, to managed IT services, to in-depth cybersecurity training, our wide range of offerings can be tailored to fit any organization’s unique needs. Whether you’re electing your state’s next senator or selecting a venue for your office’s next happy hour, TTI has the know-how necessary to keep the democratic process safe and secure.

By Craig Badrick

08.15.2018

Sign up for the TTI Newsletter