Printable Page Headline News   Return to Menu - Page 1 2 3 5 6 7 8 13
 
 
States,Feds Unite on Election Security 10/19 06:20

   Election officials and federal cybersecurity agents alike tout improved 
collaboration aimed at confronting and deterring election tampering.

   WASHINGTON (AP) -- Weeks before the 2016 election, federal officials started 
making mysterious calls to the head of elections in Inyo County, California. 
They asked her to contact them if she noticed anything unusual. But they 
wouldn't elaborate.

   "I asked them: 'How am I going to be able to protect against it if I don't 
know what it is?'" said the official, Kammi Foote.

   Now, Foote communicates regularly with federal officials. They came to her 
small county of about 10,000 registered voters to analyze the security of her 
ballot system. She participates in state and federal information-sharing groups 
that didn't exist two years ago and is getting a sensor that can help detect 
unwanted intrusions.

   "I'm feeling optimistic," Foote said about the Nov. 6 election. "I feel like 
the entire field of election administration has grown and matured in their 
ability to understand the cyber component and cyberthreats."

   Election officials and federal cybersecurity agents alike tout improved 
collaboration aimed at confronting and deterring election tampering. Granted, 
the only way to go was up: In 2016, amid Russian meddling, federal officials 
were accused first of being too tight-lipped on intelligence about possible 
hacking into state systems and later for trying to seize control from the 
states.

   Officials from Homeland Security, the department tasked with helping states 
secure elections, say the midterms will be the most secure vote in the modern 
era. They said they haven't yet seen the type of infiltrations that happened in 
2016.

   Still, cybersecurity experts aren't so sure the improved security and 
local-federal cooperation will be enough, given the breadth of threats that 
electoral systems may face.

   States run elections, a decentralized process that makes it harder for 
anyone to conduct a nationwide attack on the electoral system. The downside is 
there is no national playbook. The 10,000 or so election jurisdictions use a 
combination of paper ballots scanned into computers, entirely computerized 
ballots stored online and old-school paper ballots, marked and hand-counted by 
humans.

   With the realization that Russian-backed agents were interfering with the 
2016 vote, then-Homeland Security Secretary Jeh Johnson designated election 
systems as "critical infrastructure," a change that allowed the federal 
government more leeway to help states. There is no evidence that votes were 
altered in 2016, but intelligence officials say all 50 states had some type of 
intrusion, though only a few were compromised, like in Illinois, where records 
on 90,000 voters had been downloaded.

   Johnson's decision irked some local officials concerned about the federal 
government meddling in their elections.

   "We don't like to be told what to do without any say," said John Merrill, 
Alabama's secretary of state.

   Federal officials concede the beginning was rocky. "Communication was not a 
key element of the initial rollout," Christopher Krebs, Homeland Security's 
cybersecurity chief, said at a recent election security conference. "When I 
look at where we are right now, the single most important factor that has been 
established ... with our state and local partners is trust."

   States are managing antiquated machinery, built by a few unregulated and 
secretive vendors. The outdated software is highly vulnerable to cyberattacks. 
Online voter registration databases are frequent targets.

   Election systems are constantly under fire --- efforts to steal sensitive 
data, disrupt services and undermine voter confidence.

   "We experience thousands of attempts every day," Vermont Secretary of State 
Jim Condos said. In one example, he said his state recently reported that it 
had blocked two intrusion attempts into its online voter registration database. 
The federal government, using data from the sensors, traced the attempts to 
addresses that originated in Russia.

   State election officials aren't cyber experts and government jobs don't pay 
enough to attract high-level private-sector information technology workers.

   To assist states, Homeland Security offered them vulnerability assessments 
and help responding to incidents --- so far, 37 states have signed up. 
Secretary Kirstjen Nielsen has urged states to make their systems auditable. 
Her department has funded "Albert sensors," systems that can detect attempts to 
hack into networks. So far, 31 states and 61 counties have installed sensors.

   "They are valuable because they give visibility to us, to DHS about what's 
going on," said John Gilligan, executive chairman of the Center for Internet 
Security, a cybersecurity venture funded by government, academia and the 
private sector.

   State officials say the sensors, while limited, work to paint a picture of 
what's happening across the country.  

   "It doesn't offer a specific defense," said Noah Praetz, elections director 
for Cook County, Illinois. "But it does offer the potential for information."  

   Cybersecurity experts warn, however, that the Albert sensors won't detect 
all forms of intrusion.

   "If something more sophisticated gets in ... it's going to be very, very 
difficult to detect them," said Bob Stasio, a former National Security Agency 
supervisor. 

   The department this year created the Elections Infrastructure Information 
Sharing and Analysis Center to help state and local election jurisdictions 
share information on cyberthreats and security. The Center for Internet 
Security runs it, and more than 1,100 counties in 50 states are signed up.

   Foote, of Inyo County, said her partnerships with other states have 
increased her trust of federal officials. She reached out to colleagues in 
Colorado when she invited federal agents into her county.

   "I was still nervous about it," she said. "But when they got here, what 
really set my mind at ease was these were not partisan, ideologue people. These 
are the rank-and-file. They're experts in cybersecurity."

   Federal officials are handing out security clearances to state and local 
officials so some can read in on classified briefings, but so far, fewer than 
100 have been given. And local officials still know very little about what 
happened in 2016.

   "I never received any information and still --- to this day --- I have no 
inside access to anything more than what's reported in the media and the 
general public on what those threats are," Foote said.


(KA)

 
Copyright DTN. All rights reserved. Disclaimer.
Powered By DTN