During the last election, Russian cyberattackers looking for vulnerabilities scanned 21 state election systems, including those in Illinois, over the 2016 campaigns. While the Department of Homeland Security says the scanning activity did not necessarily breach systems, some individual states have reported compromised data. This year, for instance, the Illinois State Board of Elections reported a 2016 breach of its voter registration system, detailing a SQL injection attack of unknown origin that exposed records in the state’s voter registration database. Since the attack, the Illinois board has worked with state IT experts as well as DHS cybersecurity professionals to keep the database of 18 million records and the servers on which it resides safe from attackers, says Matt Emmons, the agency’s IT director. And there are plenty of hackers out there.
Securing voting systems is a major challenge because state election agencies often act as clearinghouses. A state’s voting jurisdictions may purchase and maintain their own equipment and hire their own employees. Still, states have responsibilities to educate every jurisdiction and to protect voter registration and the overall electoral process.
This is especially important since most states maintain aging election equipment, including voting machines. States have increased their investments in cybersecurity measures for their election IT systems, including purchases of multifactor authentication, perimeter sensors, email filtering and monitoring, threat scanning, information sharing systems and more.
“The most sophisticated threats we are facing are coming from outside the country,” Emmons explains. “We consider the threat of nation-state actors and their near limitless resources the most threatening issue today. Most federal law enforcement agencies believe the foreign meddling with our election systems is going to continue.”