Illinois outlines election security strategy

Although the Department of Homeland Security is working  to secure the 2020 elections, state officials and independent experts say the federal government could be doing more.

At an Oct. 15 House Homeland Security Committee field hearing in Gurnee, Ill., lawmakers heard from state and local officials responsible for administering and securing elections with only a fraction of the resources the federal government can bring to bear.

In 2016, Illinois suffered one of the most high-profile attacks, when its voter registration system was penetrated by Russian hackers looking to sow chaos about voter eligibility.

Illinois Board of Elections Executive Director Steve Sandvoss told the panel his state has fixed the software design flaw that allowed the Russians to access voter registration files and has put together an emergency response team composed of state officials, representatives from DHS and the National Guard to provide emergency assistance in the face of an emerging attack.

The state has also created a Cyber Navigator program, which makes experts available to election jurisdictions to help them best allocate new dollars, like the $380 million in leftover Help America Vote Act funds released by Congress last year, to achieve a better security posture.

Additionally, election authorities are required to use the Illinois Century Network – a state-managed provider of network and internet services for government agencies in Illinois --  as their internet service provider for all traffic between their offices and the State Board of Elections to ensure that voter registration and elections operations data never flows over the internet, Sandvoss said in his prepared testimony. The ICN also gives the state the ability to provide additional security measures and monitoring, he added.

Other cybersecurity measures include new agency perimeter firewalls, machine learning-based endpoint detection and remediation technologies, secure web gateways and weekly internal vulnerability scans against all agency systems and websites, Sandvoss said.

Government is far better prepared to sniff out and mitigate foreign interference efforts than it was in 2016, Matthew Masterson, a senior cybersecurity advisor at DHS' Cybersecurity and Infrastructure Security Agency (CISA), told lawmakers.

Information and context about threats culled from DHS, the U.S. intelligence community and law enforcement agencies are now flowing through an election-specific Information Sharing and Analysis Center, where they're disseminated across the country, and Albert sensors designed to detect malicious activity targeting election infrastructure -- which were largely missing in 2016 -- have been deployed across the country.

Masterson said the technical support CISA provides to states has changed as the agency gained a greater appreciation for the specific needs of the election community. Initially, states were offered the same tools and services -- such as vulnerability scans -- provided to federal agencies and critical infrastructure. Masterson told the panel that strategy has since given way to tools that are "quicker, less intrusive and can scale."

As an example, he cited new penetration testing capabilities deployed by DHS in 2018 and 2019 that can remotely identify security vulnerabilities in election systems without having to deploy field teams to a targeted state or jurisdiction. He also promoted the agency's "Last Mile" initiative, which provides state-specific threat profiles and customized technical guidance to counties.

"This scalability is critical because while our initial efforts in 2018 were primarily targeted at state election officials, we recognize the need to increase our support to counties and municipalities who operate elections as well," Masterson said.

The agency has also taken a more active role advising political campaigns and their party organs on how best to protect their assets from hackers, creating guidance on disinformation tactics and pushing for more unclassified intelligence to be made available to the election community.

Security experts argue that many of the main vulnerabilities plaguing states like Illinois have long been known. Their potential remedies: a regular federal funding stream, mandates around paper ballots and risk limiting post-election audits. The Brennan Center for Justice has advocated for a $2 billion injection of state and federal funding to tackle those and other problems long term, including a nationwide expansion of Illinois' navigator program.

"We know what we need to do to harden our election infrastructure, but we're lacking in leadership and funding," said Elizabeth Howard, counsel for the Democracy Program at the Brennan Center.

Less certain is how to mitigate disinformation campaigns or lessen the impact of the bots and trolls that spread them. Sandvoss said his state is encouraging residents to report instances of disinformation online, but he acknowledged that a formal reporting chain between states, the federal government and social media platforms had yet to be worked out.

"We haven't solidified that yet, but I think the idea will be to communicate it probably to us and we would distribute it to our partners and it would eventually make its way to whatever social media company it originated from to get it corrected," he said.

CISA has established real-time information-sharing relationships with major social media platforms and works to spread awareness about emerging false narratives around when and where to vote, but researchers have noted that such campaigns tend to go well beyond simply spreading confusion about voting logistics around Election Day.

This article was first posted to FCW, a sibling site to GCN.