The general election in 2016 was a watershed moment for Federal, state, and local election officials.
After learning that Russians had successfully attacked numerous state election systems, the Department of Homeland Security (DHS) designated the nation’s election infrastructure as critical infrastructure sector, meaning DHS would supply the election infrastructure with increased cybersecurity assistance.
While the relationship between DHS and state and local election officials may have gotten off to a rocky start, according to state and local election officials speaking at yesterday’s Route Fifty webinar, Federal and state and local officials are now working collaboratively to shore up their cybersecurity posture ahead of the 2018 midterm elections. During the webinar, sponsored by Fortinet, state and local election leaders discussed security-related election challenges and best practices to strengthen cyber defenses.
In terms of best practices, many of the experts offered similar tips–paper ballots, post-election audits, and same-day voter registration were all suggested numerous times. Noah Praetz, director of elections for Cook County, Ill., also stressed the importance of “top-notch” security personnel. He suggested that every locality needs an election security officer. Praetz also mentioned that his team was using funds from the Help America Vote Act (HAVA) to hire a “brigade of cyber defenders” that will work with election localities to strengthen election security.
Jim Condos, secretary of state for Vermont, also addressed HAVA funds and the need for Federal funding to ensure election security. “We need ongoing sustainable funding at the state and local level going forward,” Condos said. When pressed to give a rough estimate on how much funding states and local governments would need, Condos didn’t give a specific number. However, he said the cost of replacing voting systems would be in the billions and said the existing $380 million in funding was “a drop in the bucket.”
Judd Choate, director of elections for Colorado, discussed how the state has implemented risk-limiting audits, which took the state 9 years to implement. Colorado will be the only state using the audits in the midterm elections. Choate explained that the audits were challenging to implement and require the state to have a new technology system. Essentially, states are able to compare how humans and the computer system reviewed a specific ballot. Choate explained that if every state wanted to use risk-limiting audits, it could mean replacing computer systems in 40 or 45 states.
The webinar wasn’t the only election security news of the day. The Center for Election Innovation and Research also released a new report on voter registration database security. The report, released yesterday, found that while states have made significant improvements in securing their voter registration databases, they still have a ways to go. The report said that states need to review and strengthen their password requirements and increase adoption of multi-factor authentication.