County clerk: Voting system is still secure
Stanart maintains Russia poses no real hacking threat
Despite reports from federal intelligence agencies and media outlets of Russia’s widespread targeting of state and local elections around the country and in Texas, election administrators in the nation’ s third-largest county say Vladimir Putin’s government does not pose a unique or heightened cybersecurity threat.
Harris County Clerk Stan Stanart said his office, which runs local elections, has a slew of checks in place to prevent hackers from tampering with the vote, including multiple backed-up voter registration databases that are kept offline. He said reports produced by voting machines before every election ensure the machines do not come pre-loaded with votes and after the
election allow the county to cross-check against final tallies to make sure the vote is not manipulated.
While most observers and experts agree Russia exemplifies a new threat to election infrastructure nationwide, Stanart said the county faces no greater risk from Russia today than threats going back to the 1980s. He also challenged the veracity of reports that the Kremlin had attempted to coordinate widespread attacks on state and local election systems in 2016.
“Where’s the evidence?” Stanart said. “I would really question that.”
The Department of Homeland Security began finding incidents of scanning and probing of state and local election systems in August 2016, according to testimony before the U.S. Senate Intelligence Committee. A declassified report from national intelligence officials released in January stated that “Russian intelligence obtained and maintained access to elements of multiple U.S. state or local electoral boards.”
39 states targeted
Bloomberg reported in June that Russian hackers “hit” voter databases and software systems in 39 states, in some cases penetrating campaign finance databases and software used by poll workers, and attempted to alter or delete voter data in Illinois.
Also last month, the Dallas Morning News published a story that election officials there had found attempts to hack their election system ahead of the Novemberelection. The newspaper reported that election officials there cross-referenced hundreds of suspicious or possibly Russian-linked IP addresses provided to them by the U.S. Department of Homeland Security against those that had attempted to access Dallas County servers in early October and found 17 matches.
Stanart said his office has not seen that list of IP addresses. Dallas County election officials did not respond to a request for comment.
“I think there’s a recognition, whether it’s Russia or another state actor that we’re in a new threat environment and the threat is real,” said Matthew Masterson, chairman of the U.S. Election Assistance Commission, an independent government agency that has advised and collaborated with local governments on election security. “The move now is to understand what that means, what the risk environment is and how to continuously improve.”
Not answering
Harris County officials refuse to answer whether they saw any attempts to penetrate the county’ s Stan art himself said he has not found that Russian-linked hackers targeted the local election system, he acknowledged that other county security officials could have found and stopped such attempts before they reached his office.
Those officials repeatedly have not answered questions about whether they saw such a threat.
Bruce High, the chief and executive director of the county’ s Central Technology Services, has acknowledged a recent “spike” in attempts to hack Harris County servers from outside of America’s borders, but has declined to explain when the spike began, what is being targeted and where the hack attempts are coming from.
Dan Wallach, a Rice University computer science professor and a Rice Scholar in the university’s Baker Institute for Public Policy, penned an essay last week stating that Harris County’s elections were vulnerable to Russian hackers. Wallach said the Hart Inter CiviceS late voting machines used by Harris County, which Wallach and a team of other researchers studied in California in 2007, are vulnerable to infection.
Hart Inter-Civic did not comment.
Wallach said the county should hire third-party companies specialized in dealing with advanced threats like Russia to test the county’ s systems for vulnerabilities, and use companies to do audits after every election to make sure nothing has been compromised.
He said it would be likely that attacks by advanced actors like Russia would not be detected immediately.
“Are we going to sit around and wait for it to happen or are we going to be proactive?” he said.
The county vigorously has maintained that its voting machines and the system it uses to tally votes are impenetrable, and Stanart’s office wrote a rebuttal to Wallach’s piece, saying the essay was “inflammatory” and riddled with inaccuracies.
County clerk officials said the last time they hired a third party to test the county’s election system was a decade ago. Since then, the office has relied on internal tests.
“How far do we need togo and will everyone be said Mark Antil, Stan art’ s director of information technology. “Is it a good use of our dollars?”
The exchange between Wallach and the county, Master son said, is “a healthy dialogue to be having.”