After Russia's misinformation campaign rattled the 2016 United States election season, scrutiny over this year's midterms has been intense. And while foreign cybersecurity threats have so far been relatively muted, an unclassified government report obtained by The Boston Globe this week indicates more than 160 suspected election-related incidents since the beginning of August, ranging from suspicious login attempts to compromised municipal networks. Officials haven't attributed most of it to an actor yet, but the situations include suspicious attempted logins on election systems like voter databases and municipal network compromises. Even in July, Microsoft said it had spotted four incidents of attempted campaign phishing.
Since the wakeup call of the 2016 election, local, state, federal officials, and privacy organizations have worked together to improve system defenses around the country in ways they never have before. The process has been both controversial and, in some cases, too late to help the 2018 midterm election season. But plenty of municipalities have already updated and reinforced their digital networks, replaced insecure voting machines, increased their hiring of specialized security personnel security hiring, and implemented post-election audits. The Department of Homeland Security has aided localities by actively probing election systems for vulnerabilities—and helping fix them—and expanding their ability to monitor their voting infrastructure. The foundation of a secure election was laid well before Tuesday.
But on the day itself, election officials and third parties say the biggest cybersecurity improvements have to do with communication between the many organizations that participate. Elections are run, after all, not by the federal government, but by state and local officials spread across more than 1,300 local election jurisdictions. For the first time in 2018, that fractured landscape will be tied together by a hubs like the Elections Infrastructure Information Sharing and Analysis Center, which the Department of Homeland Security will use to coordinate information from all 50 states.
"What we lacked in 2016 and before was an organized way to identify patterns and spot trends from above," says David Becker, executive director of the nonpartisan Center for Election Innovation and Research, who formerly worked as a Department of Justice voting rights attorney. "Now we'll be able to connect the dots about the origin and nature of the activity thanks to coordination through DHS."
The irregularities those officials will watch for include things like mass voting machine failures, unexpected voter registration issues, and suspicious network activity on election infrastructure systems. Unlike 2016, they'll now have clear channels for reporting those anomalies, hearing what other local officials are doing to combat similar issues, and even calling in specialized assistance.
In August, DHS conducted a tabletop exercise—essentially an election day dry run—with representatives from 44 states to review and practice using the expanded resources that will be available. "The progress we’ve made since 2016 is immense," the DHS official said. "We’re not just able to push information down, but we're receiving a great amount of information back that allows us to understand the threats targeting information systems."
Unlike 2016, many secretaries of state and other top election officials have gotten security clearances that allow them to be briefed on classified threat intelligence, and understand the context of what they may see on election day.
"This could be everything from general threat information around things like phishing or SQL injections to specific threat indicators that the IT components across the states and municipalities can use to manage risk and identify if they’re being targeted and mitigate those threats," a DHS senior administration official told reporters on Wednesday.
A successful phishing attack could give hackers the keys to an official email account or voter registration system. The technique known as an SQL injection could grant them unauthorized access to the information in a voter registration database. And sharing threat indicators though a coordinating body like DHS could allow analysts notice that, say, multiple precincts have strange issues with software from the same vendor. The decentralization of elections in the US is a security strength, because it makes the system difficult to attack as a whole, but can also be a weakness if multiple regions experience the same problem and no one realizes the commonality.
Separately, the Department of Justice runs an Election Day Watch Program that appoints a district election officer in each US attorney’s office around the country—roughly 94 total—and trains them as liaisons between DoJ in Washington, DC, attorneys and investigators in the field, and state and local election officials.
The DoJ says it has three divisions ready for action on Tuesday. The criminal division investigates election crimes like ballot fraud, while the civil rights division monitors Voting Rights Act issues and other election-related civil rights violations. The national security division will now be involved in Election Day as well, to keep an eye on potential foreign influence activity. The Justice Department also runs hotlines for voters on election day to support any suspicious activity.
Washington, Illinois, and Wisconsin all have National Guard cybersecurity units on call to assist election officials in case of a digital attack. And just as DHS will help coordinate state and local-level insights, the National Security Council will act as a clearinghouse for election-related information from the US intelligence community. And if foreign meddling does occur Tuesday, the agency will mete out sanctions.
"If there is interference in [the election] that fundamentally wrecks the natural process that we have established in this country and really undermines what we will be looking at," a senior administration official said on Wednesday. "That has to be met with swift and severe action."
The government won't go it alone. Verified Voting, a group that promotes election system best practices, is part of the nonpartisan Election Protection coalition, which offers a hotline for voter information and issues. Verified Voting particularly specializes in fielding questions about technology issues related to voting. Some of those have already come up; in Texas and Georgia, outdated software and poor design features on paperless voting machines have caused a small but jarring number of incidents in which votes appear to be switched from a voter's selection.
"Issues come up all the time," says Verified Voting president Marian Schneider. "Machines are down when the polls open, they didn’t boot up or the poll workers weren’t able to get them up and running. The other big issue that comes up is a calibration error where the touch screen got out of whack and needs to be adjusted or perhaps the voter put their hand on the touchscreen and inadvertently marked it."
As with the big federal communication centers, the coalition looks to analyze disparate information from voters and poll workers on the ground to ensure that everyone is able to vote. "We always are looking for patterns—that’s what the command center is looking for—to see if there’s a systemic problem that needs to be escalated," Schneider says. If the poll workers can't help resolve the issue, the Election Protection coalition will call on county officials for a remedy.
Officials and advocates all say that the biggest thing citizens can do to protect their vote on election day is check and recheck their entry before submitting it, and let poll workers know if anything is wrong so it can be resolved.. But even with heightened awareness and concern about digital threats, it's also crucial to remember that it's normal for small things to go wrong, and officials are prepared.
"There are inevitably going to be problems, and we’re going to have to resist the urge to think that everything that happens is a cyber event," the Center for Election Innovation and Research's Becker says. "The single most important thing at this point in the process is that voters know their votes are going to count."
- Step inside the Air Force's sound-swallowing chamber
- A stupid simple wonderful way to make Google Docs
- My dad says he’s a “targeted individual.” Maybe we all are
- In Texas, techies are trying to turn the red state blue
- PHOTOS: A Blade Runner-esque vision of Tokyo
- Hungry for even more deep dives on your next favorite topic? Sign up for the Backchannel newsletter
