Homeland Security Department inspectors aren’t turning up anything shocking when they assess state and local election systems for cybersecurity vulnerabilities in advance of the 2018 midterms, an official said Tuesday. Most of what Homeland Security is turning up in the risk and vulnerability assessments are the same issues you’d see in any information technology environment, Matthew Masterson, a senior cybersecurity adviser, told members of the Senate Judiciary Committee. That includes unpatched software, outdated equipment and misconfigured systems. Homeland Security has conducted risk and vulnerability assessments of 17 states and 10 localities so far, Masterson said.
The $380 million Congress appropriated to secure those systems is, similarly, going mostly to standard security measures, said Masterson, who previously served on the Election Assistance Commission, which is distributing the federal funds.
In the near term, that includes instituting more regular patching schedules for software and training election workers on how to spot phishing emails.
Some states, including Florida and Illinois, are also considering deploying “cyber navigators” at local election sites to help prepare for and manage issues that come up during election day, Masterson said.