The good news is that the thousands of county and municipal governments that administer elections across the US have a variety of effective cybersecurity programs available to them, free of charge. The bad news is that the vast majority don’t use any of them. In the complex debate about US election security, the focus tends to be on campaigns, parties, states, voting equipment manufacturers, and national trends. But the literal administration of elections, like the printing of ballots, coordinating poll workers, and organizing polling places, falls to more than 10,000 county clerks and local municipalities, according to the nonprofit organization Verified Voting. And those are the people the Department of Homeland Security would like to sign up for its cybersecurity program.
“There should not be any counties left out, because they can sign up for cyber hygiene scanning,” Jeanette Manfra, DHS’s top cybersecurity official, told BuzzFeed News.
“They absolutely have the ability to be a partner. They might not know about it, so we’ve got to keep working to get the message out,” Manfra said.
Counties in particular have been targeted by foreign government hackers. In 2016, Russian military intelligence sent phishing emails to VR Systems, a voting equipment manufacturer, and to county employees. Six weeks before the election, the FBI and Department of Homeland Security had to frantically alert Florida counties of an unspecified Russian threat.
It’s not that free cybersecurity tools don’t exist. The Department of Homeland Security offers an election-specific version of its threat-sharing program, called EI-ISAC, to anyone who wants it, and has done a number of outreach events around the country in recent months to promote it. All 50 state governments have joined, but county and local governments participating only number about 1,100.