West Virginia trying to build hacker-proof voting
Cybersecurity takes greater importance today, official says.
The next election in the Mountain State was still weeks away. But 5,000 miles from West Virginia’s capital city, in a suburb northwest of Moscow, someone was already scouting for ways to get into the state’s election computer network this spring.
That someone’s IP address, a designation as a “malicious host,” even a tiny Russian flag — it was all there on a computer display in an office just across the Kanawha River from the state’s gold-domed capitol. And he had company.
“See, right here, a Canadian IP address is trying to go into online voter registration,” said the West Virginia Air National Guard sergeant who was tracking the would-be intruders, pointing at the screen. “Here’s someone from Great Britain trying to do the same. China is trying to get into the home page — trying to, but they’re getting blocked.”
As West Virginians cast ballots Tuesday in a primary election, no one can guarantee outsiders will not disrupt the voting or even alter results. Since 2016, when Russian hackers attacked election systems in 21 states and even penetrated one voter-registration database, it has become clear any election that relies on computers — all of them — is a potential target for meddlers.
But the odds the state will be able to fend off the attackers, or detect and correct any damage they do, are far better today than they were two years ago. West Virginia is neither wealthy nor particularly tech-savvy, but since 2016 it has embraced election cybersecurity with an enthusiasm that many other states have yet to muster.
“We had a lot of county clerks saying, ‘Why are you talking so much about cybersecurity? The Russians aren’t going to attack us,’ ” the state’s chief election official, Secretary of State Mac Warner, said in an interview. But in an era when election irregularities can be instantly publicized and spread online, he said, any state that does not protect its election systems is inviting an attack.
While meddling by hostile nations is of greatest concern, hundreds and even thousands of other outsiders probe West Virginia’s election computer security almost daily, as they do in other states. It’s usually difficult to tell whether a specific probe comes from a government, a live hacker intent on doing harm, or a computer program that is automatically checking for vulnerabilities.
Warner’s point was driven home only last month when the elections website in Knox County, Tennessee, was immobilized by a so-called distributed denial-of-service attack as the polls closed for a primary election.
Warner, a Republican in his first term as secretary of state, says he has taken the security threat to heart. Last year he sought and received an FBI briefing on the origin and nature of the Russian cyberattacks, and he took a seat on a council of state, local and federal officials that coordinates election-security policies with the Department of Homeland Security.
He has since obtained a security clearance that gives him limited access to intelligence on election-related threats. And he has placed the National Guard sergeant, who has a top-secret clearance, in West Virginia’s Intelligence Fusion Center, a nexus of state and federal law-enforcement and intelligence officials who handle threats ranging from floods to cyberattacks.
According to the Brennan Center for Justice at the New York University School of Law, 13 states employ at least some voting machines that leave no paper record of ballots cast, making it impossible to detect fraud. Five of them use paperless machines exclusively. Georgia and Pennsylvania are particularly notorious for relying on voting devices that run ancient, unsecure versions of Windows software and create no paper trail that can be audited.