August 10, 2018 - 6:16 pm
Regional U.S. election officials attending a hacker conference Friday in Las Vegas said they need more money and training to enhance cybersecurity of their election infrastructure.
The thousands of local election officers around the U.S. have neither the cyber-knowledge nor resources to stand up to attacks from adversarial nations and need the support of state and federal governments, they said.
But they warned that focusing too much on the vulnerabilities could backfire by undermining citizens’ confidence in the system.
“There has never been such a spotlight and emphasis (on election hacking) as there has been since 2016. That is our new reality,’’ California Secretary of State Alex Padilla told an audience attending the annual Defcon computer security conference at Caesars Palace.
“If it gets into the mind of anybody that maybe my vote isn’t going to matter, so why should I go vote — that is a form of voter suppression,” he said.
The regional officials gathered Friday to tour a room filled with hackers trying to break into U.S. voting infrastructure. The officials learned more about potential vulnerabilities in current voting equipment and to address what they are doing to strengthen their systems.
The conference comes amid concern that Russia could try to meddle in elections again. Director of National Intelligence Dan Coats last month warned that Russia was carrying out cyberattacks against the United States. Partially in response, Congress last month authorized $380 million be given to states for election cyberdefense.
“It is not nearly enough to do a technology refresh,’’ Noah Praetz, director of elections in Cook County, Illinois, told a packed room. “(Defense) is a very, very difficult thing to do.’’
Praetz said Illinois is using part of the money it received to pull together a group of cybertech professionals who will work with local election officials to make sure their election systems are secure. There are 108 election officials in Illinois and about 8,880 around the country, Praetz said to emphasize the extent of the help needed.
Neal Kelly, chief of elections for Orange County, California, said the security of voter registration systems ”is one of the things I lose sleep about.”
Jeanette Manfra, assistant secretary for the Department of Homeland Security’s office of cybersecurity and communications, said her organization is working with more local and state governments and with makers of the election machines to ensure defenses are strong.
“The whole coordination and cooperation is relatively new,’’ Padilla said.
The officials later visited the room where hundreds of hackers were trying to penetrate infrastructure that is used to conduct elections around the United States. The Defcon conference featured more than 30 pieces of voting equipment including machines and poll books.
Harri Hursti, founding partner of Nordic Innovation Labs, said three companies account for nearly all of the 52 voting machine models in use in the U.S. While the diversity of voting machines makes it hard for hackers to influence voting all around the country, they could focus on a few small elections to bring about big change.
“You can go to the small counties and hack their not-well-known system and win the state,’’ he said.
But the regional officials said machines are only part of the problem. Election employees continue to click on phishing emails and compromising their systems.
“It is not just replacing equipment upgrading firewalls — for us it’s also about professional development and training,’’ Padilla said.
“The phishing campaigns are a big concern,” Kelly said. “You can have one individual in one office click on something and can cause problems. So the training side has increased tremendously. This is going to be an ongoing struggle for us.”
Amber McReynolds, director of elections for Denver, said her state improved its election security by mailing paper ballots to eligible voters weeks ahead of the election and setting up convenient drop-off sites.
“Paper is very important. We have paper backup, which I think is absolutely critical,’’ Kelly said.
Kelly said thorough post-election auditing is another key to ensuring voting integrity.