Election Administration Clearinghouse Shares Info with States
The 2002 Help America Vote Act, which created the U.S. Election Assistance Commission, plus the DHS critical infrastructure designation, ensured that federal and state officials were on the same page, with appropriate resources, to secure the 2020 elections.
The EAC is a federal clearinghouse for election information, says Benjamin Hovland, EAC chairman, and that’s critical because U.S. elections are decentralized. The organization provides resources on voting accessibility and voter registration, but also cybersecurity and specific election security resources.
“We are the only federal agency that is solely dedicated to thinking about how to improve election administration in this country,” he says. “That gives us a vantage point of understanding election official capacity.”
Biweekly calls with federal and state stakeholders allow federal and local election officials to touch base on issues of the day, he says.
“We’re able to share information on what people are doing or hearing and compare notes, then try to work together to identify a shared voice where we can ensure people are getting trusted source information and actionable information they can use. That did not exist before and is a big difference between 2016 and now.”
The EAC publishes regular updates on voting system analysis, and a resource page about coordinating with voter system manufacturers (which now also includes tips on cleaning voting machines in light of COVID-19).
“I think good election administration comes down to good governance and customer service, and so in the cyber realm, that means taking care of the basics and making sure patches are done and upgrades are done,” Hovland says.
“It’s really important to understand that we now have working relations,” Hovland adds. “We’ve got names of people. They know who we are, and we have a better sense of what we can ask for and get that resource from them. These were all very significant accomplishments.”
Training and Exercises Prepare States for Worst-Case Scenarios
CISA helps states detect suspicious activity that may indicate an attempt to attack a voting system. And the DHS tabletop in a box explores various scenarios to help states prepare to defend their networks.
Such scenarios may include news and social media manipulation, spear phishing campaigns, disruption of voter registration information systems and processes, denial of service attacks and web defacements, malware infections on electronic voting machines and election management system software, and the exploitation of state and county board election networks.
“A pretty broad example would be, you show up on Election Day and you don’t have internet access,” Robert Giles, director of the New Jersey Division of Elections, told radio station NJ101.5. New Jersey ran the tabletop exercises in all 21 of its counties last September. “There will be cyber incidents, police/fire-type incidents, natural disaster incidents.”
New Jersey officials used $9.8 million obtained through Help America Vote Act provisions to pay for the exercises, another example of state-federal cooperation.
The training “is an extraordinarily good thing,” Christine Hanlon, clerk for Monmouth County, N.J., tells NJ Spotlight. “This is forcing all election officials to deal with scenarios we may not have planned for. It’s critically important that we are prepared, and if it’s not in our plan, we need to add it.”
Keeping communication between local officials and federal agencies is key to keeping elections secure.
“The most important thing is to get the local election officials to the people who can help them best address the issue,” Matt Masterson, senior cybersecurity adviser for CISA, said at a National Association of Secretaries of State meeting in February, according to StateScoop. “Put together the contacts needed for each one of the systems; in some places you have 10 or more vendors. There ensues debate if it’s a voter registration problem or an e-pollbook problem.”