Feds have eye on cybersecurity issues as voters go to polls

Posted at 4:38 PM, Nov 07, 2017
and last updated 2017-11-07 16:38:23-05

As voters head to the polls on Tuesday, state and local officials are working with the federal government to monitor any potential cybersecurity issues on the first major Election Day since the 2016 election.

While experts do not believe any interference with actual voting occurred last year, Russian efforts to meddle in the election — in part through hacking emails and some probing of election-related systems at the state level — have fueled a national conversation about the cybersecurity of elections.

The Department of Homeland Security has taken the lead for the federal government in helping shore up election systems, which are managed at the state and local level.

“We are working closely with officials in Virginia and New Jersey and other states and will have cybersecurity advisers embedded with state officials and with direct lines to DHS’ National Cybersecurity Communications Integration Center throughout the day today,” spokesman Scott McConnell told CNN in an email. “We continue to offer state and local governments our cybersecurity services, including cyber hygiene scans of Internet-facing systems and onsite risk and vulnerability assessments. ”

Virginia and New Jersey have high-profile gubernatorial elections, but voters across the country are casting ballots in other state and local races.

Despite the intelligence community’s assessment last year that Moscow was engaged in efforts to meddle in US elections, in part by cyber means, experts have long noted that it would be near impossible to alter the outcome of a national election by hacking. The myriad state and local offices that manage elections provide an element of decentralization, and voting machines are not connected to the Internet. Most also produce a paper trail for auditing purposes.

Still, the experience has heightened concerns — and tensions — between state officials and DHS over adequately protecting against possible threats, especially when a few votes could swing a small local election.

Multiple state officials complained to DHS, for example, that they publicly announced that 21 states were the target of hacking attempts in 2016 without notifying states if they were included until nearly a year later.

McConnell said DHS has worked to improve communication since last year.

“We’ve done a lot since last year in terms of building relationships and establishing information sharing mechanisms,” McConnell said. “Just last month, the first government coordinating council for the election infrastructure was convened.”

Still, DHS is not scoring top marks for its ability to share critical cybersecurity information. Last week, the department’s inspector general published a report saying that progress has been slow after a 2015 law designed to enhance DHS information sharing on cybersecurity with the private sector, saying “the system DHS currently uses (for that process) does not provide the quality, contextual data needed to effectively defend against ever-evolving threats.”

Earlier this fall, Virginia moved to decertify all of its paperless elections equipment.

“Our No. 1 priority is to make sure that Virginia elections are carried out in a secure and fair manner,” State Board of Elections Chairman James Alcorn said in a statement.