States aim to guard vote
Russia likely to target U.S. again in midterms
After warnings that Russian hackers would target 2018 congressional elections and with little help coming from Washington, states are taking measures on their own to ensure ballot safety. Mississippi encrypted its system and even paid a company — which failed — to hack into the new system.
WASHINGTON – With the first congressional primary less than three weeks away, state election officials are ramping up efforts to protect their voting systems from cyber attacks as the nation’s intelligence officials warn that Russia will once again try to meddle in U.S. elections.
Some states are moving to protect election data by encrypting their systems to thwart hackers, while others are asking the Department of Homeland Security to check their systems for vulnerabilities.
Their actions come in the wake of revelations by Homeland Security officials last year that Russian hackers tried to break into the election systems of 21 states in 2016. Although no votes were changed, hackers did breach Illinois’ voter registration database.
On Friday, special counsel Robert Mueller filed his first criminal charges against Russian citizens and businesses for what he called a wide-ranging effort to undermine the 2016 presidential election.
“The threat is real, and the response needs to be robust and coordinated,” said Matthew Masterson, chairman of the Election Assistance Commission, an independent agency of the U.S. government that provides information about how to administer elections. “Folks in the election community are taking the threats very seriously and taking whatever steps they can to address it.”
So far, Congress has done little to help.
A bipartisan Senate bill to provide $386 million in federal grants to states to help them improve their election systems hasn’t received a hearing or vote in the Senate Rules and Administration Committee. And there are no immediate plans by Senate leaders to bring the Secure Elections Act to the floor for a vote.
Sen. Amy Klobuchar, D-Minn., who introduced the bill with Sens. James Lankford, R-Okla., Lindsey Graham, R-S.C., and Kamala Harris, D-Calif., said she will try to attach it to a mustpass government-funding bill in March. She said more than 40 states rely on electronic voting systems that are at least 10 years old.
“Two-hundred-and-sixty six. That’s the number of days left before the 2018 (general) election ... a little more than nine months, and we still cannot assure Americans that our elections are secure,” Klobuchar said Monday during a speech at the Center for American Progress. “It is unacceptable, and, at this point now, it’s on us.”
Sen. Susan Collins, R-Maine, who is co-sponsoring Klobuchar’s bill, said Congress needs to act soon to do states any good.
“This is an election year in our country, and it’s frankly frustrating to me that we haven’t passed legislation to help states strengthen the security of their voting systems,” Collins said Tuesday at a hearing where the heads of the FBI, CIA and National Security Agency warned the Senate Intelligence Committee that Russian hackers will target the 2018 congressional elections.
The committee plans to release a plan soon to help give states recommendations on ways to protect their voting systems. The first primary is set for March 6 in Texas, followed by one March 20 in Illinois. There is also a special election for a western Pennsylvania congressional district March 13.
The Center for American Progress, a liberal think tank, released a report this week evaluating state election systems. Not a single state received an “A” rating. Eleven states received a “B,” 23 states received a “C,” 12 states received a “D,” and five states received an “F.”
Masterson said cash-strapped state election agencies could use more funds to safeguard against cyberattacks.
“Whether it’s at the congressional level, state level or the local level, there’s a big need for resources for elections officials,” he said.
Meanwhile, states are doing what they can.
In Mississippi, Secretary of State Delbert Hosemann said his agency just finished encrypting its system, including its voter database, and recently paid $27,750 for a company to try to hack its election system. The hackers could not penetrate it.
“That doesn’t mean it’s not hackable,” Hosemann said. “I guess everything is in some form or fashion. We continue to be vigilant about that. We have all kinds of firewalls.”
Other states have set up task forces and hired cybersecurity experts. Election officials created the Government Coordinating Council last fall to improve communication between federal agencies and state and local officials.
The Department of Homeland Security came under fire last year for taking so long to tell states about Russia’s hacking attempts.
“They have not been as helpful as they could have been. That’s probably an understatement,” said Alabama Secretary of State John Merrill, who complained to federal officials. “We were not pleased with the communication that we received. Because if you’re not helping us by informing us about what we can do to be better prepared, then why are you even talking?”
Merrill, a Republican, said communication has been lacking under both the Obama and Trump administrations.
“This is not new,” he said. “It’s something that has to receive attention.”
Jeanette Manfra, chief cybersecurity official for the Department of Homeland Security, said in a statement Monday that “there’s no question” that state, local and federal officials are “making real and meaningful progress together.”
“States will do their part in how they responsibly manage and implement secure voting processes,” she said. “For our part, we’re going to continue to support with risk and vulnerability assessments, offer cyber hygiene scans, provide real-time threat intel feeds, issue security clearances to state officials, partner on incident response planning, and deliver cybersecurity training.”
Louisiana Secretary of State Tom Schedler said DHS officials are visiting his office this week to review vulnerabilities in his system and offer advice.
“I’m going to let them do as much as they can — as long as it’s free,” he said.
Schedler said the state also has taken steps to secure its equipment, including updating its laptops, and is staying in contact with federal security officials.
“We are as comfortable as you can be comfortable in this day and age,” he said.
Schedler, Hosemann, Merrill and other state election officials have been in Washington, D.C., over the weekend for the winter conference of the National Association of Secretaries of State and have have been invited by the Department of Homeland Security to a meeting to discuss election security.