Many States Reject DHS Offer to Check Election Systems for Flaws, Saying They’re Safe from Hackers

From China allegedly intercepting President Trump’s personal calls to Russian attempts at sowing discord among voters, US authorities are concerned the 2018 midterms face meddling similar to that of the 2016 Presidential elections.

For its part, the Department of Homeland Security is doing everything in its power to prevent further meddling with the country’s elections by reviewing election machines and processes ahead of the Nov. 6 deadline. And, according to an ABC News report, many states are failing to carry out the proper assessments ahead of the elections.

Fewer than half of US states have reportedly undergone federal election security reviews, an optional service offered free of charge by the DHS. This is because elections are managed by state and local officials.

Under the department’s National Protection and Programs Directorate, teams of experts were dispatched to 21 states to check for cybersecurity vulnerabilities and run real-life scenarios involving phishing attacks and other interference attempts.

Arizona, Colorado, Connecticut, Delaware, Iowa, Illinois, Indiana, Maryland, Massachusetts, Minnesota, Montana, Nebraska, North Carolina, Pennsylvania, Rhode Island, South Carolina, Utah, Washington and Wisconsin told ABC they had undergone the assessments. Louisiana is currently undergoing its assessment and New York has completed the paperwork and is awaiting review. Other states declined to comment. Election experts believe states that failed to request these trials may not be aware of potential vulnerabilities.

There are at least two main reasons behind some states’ decision to keep the DHS out of their local ballot’s security assessment. For one, the National Guard and third-party cybersecurity firms conduct these reviews in many states. Michigan, for example, has done “similar work with outside vendors and the Michigan Department of Technology, Management and Budget, which has its own cybersecurity resources that serve state agencies,” an official said. Secondly, some states fear that sharing information about their specific cybersecurity practices will actually hinder them, as hackers might get their hands on that information.

Maine and Arkansas are in the same boat. Officials from those states said they feel they are already well prepared.

Maine officials say their voter-registration database is the only Internet-accessible part of their election system, and that it and is “heavily password protected, backed up, and monitored for suspicious activity” by a state-owned IT squad. However, election-security watchdogs and cybersecurity experts are concerned, noting that voter-registration databases handled by state officials, county officials, or private vendors are susceptible to multiple potential vulnerabilities.

A proper assessment would include “identifying how the network is configured, what are the various nodes, what are the various ways in which it could be attacked,” according to John Cohen, a former DHS deputy.



*** This is a Security Bloggers Network syndicated blog from Bitdefender Labs authored by Filip Truta. Read the original post at: https://labs.bitdefender.com/2018/10/many-states-reject-dhs-offer-to-check-election-systems-for-flaws-saying-theyre-safe-from-hackers/