Securing Your Vote: Are the 2018 Elections Protected? It Depends

As we approach the midterm elections in 2018, there is a mix of good news and warning signs regarding election security.

Americans eagerly await the election results and answers to questions like which political party will win control of Congress? Also, will state governments swing left or right? But behind the curtains, security and technology pros are working harder than ever to make sure that your local vote is properly counted.

I covered several aspects of this election topic a month ago with this expert interview on election security with David O’Berry. O’Berry articulated the view that states are nowhere near ready, and bad news will dominate election security coverage in November 2018.

Nevertheless, DHS Secretary Kirstjen Nielsen says the midterms will be the “most secure election we’ve ever had.”

“My biggest concern is that a foreign entity will take the opportunity after the election, or the night of the election, to attempt to sow discord through social media by suggesting that something’s not working as it should in a particular area,” Nielsen said Friday morning at a Council on Foreign Relations event in New York.

The conversation with Nielsen about comes just four days before Election Day and amid major DHS efforts to protect the US elections from foreign interference.

That includes assisting election officials in all 50 states, creating its own center to protect critical infrastructure, and attending Defcon to learn about voting machine flaws. While DHS is working to protect the machines and make sure voting officials are prepared, it’s that wave of disinformation on social media that’ll follow the election that Nielsen’s most worried about. …”

Election News from the States’ Frontlines

SC magazine report that only 21 states have submitted their DHS election security audit.

“While the DHS declined to say which states have and haven’t completed assessments, ABC News contacted election officials in all 50 states to learn whether or not they had participated and only: Arizona, Colorado, Connecticut, Delaware, Iowa, Illinois, Indiana, Maryland, Massachusetts, Minnesota, Montana, Nebraska, North Carolina, Pennsylvania, Rhode Island, South Carolina, Utah, Washington and Wisconsin, confirmed that they had, while several others declined to comment.

A Louisiana election official told the news agency the state is currently undergoing a DHS assessment and a New York official said the state has completed paperwork and is awaiting an assessment.

A Maine election official, whose state did not undergo a DHS assessment, told ABC the state’s voter-registration database is the only Internet-accessible part of its election system and is “heavily password protected, backed up, and monitored for suspicious activity” by state IT staff.”

Here are some local news media headlines regarding election security:

Greenville Online: Election security in South Carolina: Why some say you should worry about Tuesday’s vote — “While South Carolina election officials believe the state’s 13,000 aging voting machines will complete Tuesday’s election without any major security breach or problem, others do not share that confidence. …

South Carolina is one of only five states that use paperless, touch-screen voting machines. Plans call for replacing the state’s iVotronic machines, many of which are now 14 years old, before the 2020 election cycle at an estimated cost of more than $60 million.” (Des Moines, Iowa): Despite threat of computer hacking, Iowa election officials reassure voters their vote is safe — “Iowa election officials say your vote will be safe and will count next week, despite a constant threat of computer hacking.” (New Jersey): NJ election: Is your vote safe? Just one county can back it up on paper — “Nearly all of New Jersey’s 11,000 voting machines are vulnerable to election hacking that could change the outcome of elections across the state, but that is not the worst part of the nightmare scenario feared by security experts.”

Security Boulevard: Illinois invests $7 million in cybersecurity to prevent election hacking — “This midterm election, the state of Illinois is concentrating all its efforts on voter registration security to avoid incidents similar to those in 2016 when Russian hackers used SQL injection to breach the state’s voter registration database.

As it was the only state to lose its voter database to hackers two years ago, Illinois has used millions of dollars it received from Congress to improve cybersecurity and prevent further programming errors to ensure the democratic process won’t be affected during the midterms, writes Tech Republic.”

Inside the Government’s Plans to Keep Elections Secure

Here are a few thoughtful discussions and online materials addressing the latest status:

This Election Security CSPAN Panel takes a deep dive at current topics.  

And Pew Trust offers this Voter’s Guide to Election Security.

Finally, if something bad does happen regarding election hacking, offers this story on how “U.S. military hackers have been given the go-ahead to gain access to Russian cyber systems if meddling in America’s 2018 elections is confirmed.”

The U.S. intelligence community and the Pentagon have quietly agreed on the outlines of an offensive cyberattack that the United States would unleash if Russia electronically interferes with the 2018 midterm elections on Nov. 6, according to current and former senior U.S. officials who are familiar with the plan.

In preparation for its potential use, U.S. military hackers have been given the go-ahead to gain access to Russian cyber systems that they feel is needed to let the plan unfold quickly, the officials said.”

My Final Thoughts on Securing Your Vote

So are the 2018 midterm elections adequately protected from hackers? It depends who you ask. Time will certainly provide better answers.

Voting has already begun in many states, and there are many examples reported of fake news and more countries trying to influence voters. Much more of this behavior will certainly be coming this week.

Nevertheless, it remains to be seen if a repeat of 2016 is coming. I tend to think it won’t be as bad as in 2016, but it only takes one major close race with evidence of hacking to create more voting security controversy. Expect that to happen somewhere — and make national news.

As mentioned in the article from South Carolina (above), there are several states that do not have paper ballots in 2018, and more legacy equipment needs to be replaced over the next two years leading into November 2020.

I am sure that we will be discussing this election security topic next year and throughout the 2020s. Still, despite a late start, most states have made some good progress on election security this year.

I congratulate state and local government employees (and contractors) on your work to get polls ready for voting this Tuesday. Thank you for your efforts.