STATETECH: Can you talk about how Colorado approaches ensuring that its election systems are resilient in the event of cyberattacks?
Griswold: Absolutely. It’s really important to have various backup plans, basically. We have same-day voter registration. So, say the worst-case scenario happens when our statewide poll book is down; no voter will be turned away from the polls because of that same-day voter registration. But we do have backup servers that are continuously updated in real time. All of that information on those servers also goes onto a paper record that we can pull from.
I also issued a series of rules to make sure that, leading up to the election, every county has a backup of their registrations, either printed or on a laptop that is not connected to the server, that has the most recent registrations within the last 24 hours. And then I ran an emergency rule that is now a regular rule to make sure that we have a sufficient amount of paper ballots and provisional ballots at every polling location.
We were the first state in the nation to conduct a risk-limiting audit that shows to a high statistical degree of certainty that our election results are correct. We were the first in the nation to institute two-factor authentication to that statewide voter registration database and the first to do a secure ballot return. And, specifically related to the statewide poll book, based on what we learned from our primary elections, we set up a virtual command center where we are partnering with the Colorado National Guard, our IT security team and other partners to make sure that we are monitoring all of our election and support systems.
STATETECH: How do you see the election security threat landscape?
Griswold: From my perspective, we have the three priority threats, and these aren’t in order of their severity; they’re all very important. No. 1 is directed hacks on election infrastructure. No. 2 is the increase in ransomware attacks we’re seeing, where the election infrastructure itself is not being attacked, but a door to the election infrastructure is being attacked. And No. 3 is these misinformation campaigns.
It’s very important to contextualize for your readers that misinformation isn’t about one person saying a falsehood. These are coordinated campaigns from foreign countries to try to suppress the vote or trick voters. These are sophisticated campaigns that go right to the heart of our democratic right to vote. We prioritize all of them.