No refuge from hackers
Last week, the U.S. Department of Homeland Security said California was among the 21 states targeted by Russian hackers in their attempt to sway the 2016 presidential election.
On Wednesday, the office of California Secretary of State Alex Padilla reported that the Department of Homeland Security had retracted its previous conclusion.
The hacking attempt actually occurred at the California Department of Technology. (Department spokesman Bryce Brown said, “Although we did not have knowledge of the source until now, we have confirmed our security systems worked as planned and the activity was blocked as it happened in 2016.”)
“California voters can further rest assured that the California Secretary of State elections infrastructure and websites were not hacked or breached by Russian cyber actors,” Padilla said in a statement Wednesday.
But even with the caveat that voter data weren’t compromised, this news should be a wake-up call to California election officials.
We agree with Padilla that the Department of Homeland Security needs to be more forthcoming with state and county governments about potential hacking attempts. But California needs to do more to secure its own system, too.
The hacking attempt was a “scan” — an unauthorized attempt to find weaknesses in a secure computer or network. And earlier this year, a leaked document from the National Security Agency detailed a Russian effort to hack into voter registration systems by sending phishing emails to employees at a company that provides state and local election offices with voter registration systems.
Cyberattacks aren’t just an attack on government systems — they’re also an attack on voter trust.
Since many cybersecurity experts have warned that Russia’s election-related hacking in 2016 could easily be repeated in years to come, California needs to be doing everything it can to secure our systems.
Of particular concern is AB840, a bill on the governor’s desk that clarifies the rules for how county election officials are allowed to conduct the manual audit of 1 percent of precincts. The bill states that the audits only have to include ballots cast on or before election night — and cybersecurity experts are concerned this creates an easy target for hackers.
While Padilla’s office and the counties have insisted the bill merely codifies matters as they’ve historically been conducted, new times may call for new security measures. Gov. Jerry Brown needs to ask both Padilla’s office and the county registrars some hard questions before he signs this bill.