States Deem Midterm Election Security Efforts a Success — Mostly

Spending by the federal and state governments appeared to mitigate voting vulnerabilities in the 2018 midterms, but states see more work to do.

After evidence linking Russia to attempted hacking of U.S. election infrastructure in 2016, states teamed with the federal government to bolster voting cybersecurity for the 2018 midterm elections. The results of those efforts appeared to be largely successful.

“An unprecedented federal and state collaboration to defend election systems against Russian interference ended with no obvious voting system compromises, although it's not entirely clear why,” noted the Associated Press.

Part of the reason is clear: states ramped up cyberdefenses in the year leading up to the elections. Forty states invested more than $75 million in election cybersecurity, according to the Center for Strategic and International Studies, and the U.S. Election Assistance Commission allocated $380 million to the states through the next election to improve voting security. On Election Day, the U.S. Department of Homeland Security and 45 states holding elections monitored cyberthreats, and none reported detecting anything significant.

“The difference was stark compared to 2016, when federal officials were accused first of being too tight-lipped on their intelligence about possible hacking into state systems and later for trying to exert control over election infrastructure, which is operated by state and local governments,” the AP reported.

MORE FROM STATETECH: Discover why states should move toward zero-trust security models to shore up voting systems.

Florida Offers a Look at How Election Cybersecurity Improved

Florida handed out $1.9 million in grants to Supervisors of Elections for the purchase of a network monitoring security solution called ALBERT, offered through the Multi-State Information Sharing and Analysis Center, said Sarah Revell, communications director for the Florida Department of State, which handles elections.

“MS-ISAC shares information about potential threats with states and assists with the 24/7 monitoring of state networks for suspicious activity. ALBERT will provide automated alerts about system threats that will allow counties to respond quickly when data is at risk,” Revell explained. 

While the work of securing election systems and databases is important, Revell said, state agencies can’t forget external-facing systems and resources. Prior to the 2016 election, Florida upgraded its hardware, software and firewalls to safeguard voter information in the Florida Online Voter Registration System.

Cybersecurity_IR_howstrong_700x220.jpg

“Today, the department is enhancing the security of the Florida Election Watch website to ensure there is no disruption in election night reporting of results, as well as strengthening protection of Florida’s online voter registration website,” Revell said.

Jeremy Rasmussen, CTO of Abacode Cybersecurity Experts, inspected the election systems of Pinellas County, Fla., and gained confidence in the state’s voting security measures. “It’s not impossible to go and change all those ballots, but at least it would be very, very difficult to do. Overall, my sense is I feel pretty confident with how the elections are run,” Rasmussen said, according to WTSP-TV in Tampa.

MORE FROM STATETECH: Find out how network segmentation can protect voting infrastructure! 

Some Vulnerabilities Remain Unaddressed by Cyberdefenses

Experts report voter registration systems in several states still harbor vulnerabilities. They have identified security gaps in systems used by Georgia and Washington which could allow hackers to interfere with voting, the Tribune News Service reports. “And states such as North Carolina, which make their voter registration data widely available, could enable someone to change voters’ data by mail,” TNS reports, adding that Washington and North Carolina officials are confident they would detect any anomalies in voter registration records.

Many states still plan to purchase new voting machines, which are seen as particularly vulnerable to hacking attempts. For example, Nebraska received $3.5 million in federal elections security funding in 2018 but estimates it will require $12.6 million to replace its voting machines

“Lawmakers have discussed the need to replace voting machines but haven't moved forward because of a struggling farm economy and several years of tight state budgets. When they reconvene in January, legislators will have to balance the state's finances in the face of a projected $95 million revenue shortfall,” states the Lincoln Journal Star.

Some jurisdictions are asking the public to evaluate their efforts. As Pennsylvania upgrades its voting machines, Centre County, Pa., recently invited citizens to inspect the machines, expressing confidence they would prove secure.

“Counties will be required to select new voting systems that provide a paper trail by the end of 2019, preferably put in place before the November election but no later than the 2020 primary,” reports StateCollege.com.

This article is part of StateTech's CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.

CITizen_blog_cropped_0.jpg

luismmolina/Getty Images
Jan 03 2019

Sponsors