State works to block election hacking
Homeland Security report on Russians has Conn. on alert
WASHINGTON — Connecticut is among the states scrambling to bulk up election defenses just 11 weeks before voters go to the polls, with officials concerned over renewed Russian attempts to hack into potentially vulnerable registration and tabulation systems.
The state has reason to be concerned. The Department of Homeland Security included Connecticut on its list of 21 states whose election networks were targeted by Russians in 2016.
“We definitely are on alert, based on the fact that it happened before,” said Connecticut’s elected Secretary of State, Denise Merrill. “The sense we get from DHS is it will happen again.”
At the federal level, both Rep. Jim Himes and Sen. Richard Blumenthal are involved in legislative efforts to protect election systems nationwide.
“It’s not clear today that we are where we need to be on this,” said Himes, who is one of the authors of the Secure Elections Act, which would authorize $400 million in grants to states for improving systems and give local and state officials security clearances so they can get up to speed on international threats.
While the bill enjoys bipartisan support on in both House and Senate, the Trump administration has weighed in against it. White House officials argue the DHS already has all the authority it needs to combat electoral interference.
“The White House is trying to scuttle (the bill),” Himes tweeted early Friday. “I wonder why.”
President Donald Trump has called the investigation of special counsel Robert Mueller into his 2016 campaign’s contacts with Russians “a hoax,” and has threatened dismissal of Attorney General Jeff Sessions from recusing himself in the probe.
Last week, a jury in Alexandria, Va., convicted New Britain-native Paul Manafort, Trump’s former campaign chairman, on 8 counts of tax evasion and bank fraud.
Though the case is not directly related to the Trump-Russia investigation, the convictions were portrayed as a blow to Trump and a boost to Mueller. It came on the same day that former Trump lawyer-fixer pleaded guilty to pre-election payoffs to two women who claimed to have had affairs with the president.
But regardless of Trump’s mounting legal difficulties, Connecticut lawmakers agree with assessments by intelligence officials that the Russian hacking threat continues at full throttle _ “the warning lights are blinking again,” as Dan Coats, director of national intelligence, put it last month.
“Connecticut is better positioned and more prepared than many other states, but that’s a low bar,” said Blumenthal, author of the Defending the Integrity of Voting Systems Act, which places election hacking under computer crimes statutes.
Of the 21 states where DHS reported election-system hacking in 2016, intruders gained entrance in only one _ Illinois.
Earlier this year, Congress appropriated $380 million to help states and localities protect their systems. Connecticut got $5 million, which Merrill said will be used to hire IT professionals to check routers between localities and the states, as well as educate local election officials.
“It was very welcome, let me tell you,” Merrill said.
Connecticut has a few natural defenses that make hacking more difficult.
Results are aggregated at the state level. But voter registration lists are maintained in each of the state’s 169 towns, with registrars from both parties maintaining vigilance over the rolls, voting procedures and results.
It appears unlikely that hackers from Russia or elsewhere would target small towns in a New England state _ but not inconceivable.
“My fear is that a phishing email to a small-town registrar could open up a registry,” Merrill said. “That does worry me. I’m not sure we can totally guard against that.”
Connecticut voters use paper ballots that are scanned in to computers for tabulation at the local level. Electronic ballot counting backed up by paper and selective paper audits makes it extremely difficult to game the results, Merrill said.
“Personally I’m less concerned because we have checks and balances in place,” said Merrill, running for her third terms this November and a former state representative from Mansfield and Chapin. “Paper results come right out of the machine are posted on the wall (locally) for all to see. Discrepancies would be discovered.”
It takes about two weeks for her office to certify results, she said.
But vulnerabilities do exist at the local level. Some localities in the state are not up to date on computerization, let alone protections against hacking.
Wallingford, for instance, maintained very few computers for municipal business before last year, said Merrill.
And when registrars are elected, “it’s not for their computer skills,” Merrill said.
But state law now requires computer training and certification for registrars. Local officials are urged to follow protocols comparable to defenses commonly used in business and home computers _ changing passwords and awareness of “phishing” aimed at retrieving passwords or other sensitive information.
The purpose of the intrusion remains unclear, though most experts say that altering voter rolls or tabulations to affect election outcomes would be a logical guess.
The Mueller probe last month won indictments against 12 Russians it accused of hacking into the Democratic National Committee and the Hillary Clinton presidential campaign.
And in February, Mueller got indictments of 13 Russians involved in efforts to promote discord through phony web sites and social media postings.
Russians may have ulterior motives in targeting of U.S. election systems.
“My fear is the chaos or distrust that sewn with all this, rather than a change to results that would be substantive,” she said. “I think we’re doing everything we can.”