State election officials around the country are woefully unprepared for a cyber disruption around Election Day. While states have spent years thinking about and planning for other types of crisis that can mess with voting — from hurricanes to power blackouts and terrorist attacks — they’ve been slow and ill staffed to develop contingency plans responsive to a hack attack that would adequately protect their systems in time for the 2016 presidential election. “They’re waking up to it, but they largely don’t know what questions to ask,” said Jeremy Epstein, a senior computer scientist at the nonprofit research center SRI International and an expert on voting mechanics. A dozen battleground state officials surveyed by POLITICO insist the voting systems themselves are safe, as nearly all parts of the balloting process take place in a secure, offline environment. But they also repeatedly acknowledged there are limits to what they can control, and they recognize they face legitimate challenges from cyber intrusions to the myriad adjacent parts that go into an election, including online registration records and publicizing vote tallies. While any manipulation of a state’s official election results is seen as unlikely, there’s little denying that an Internet disruption or hack could cause significant confusion and chaos on Election Day, a dark conclusion to an ugly election plagued by accusations of Russian cyber espionage and evidence-less allegations of vote tampering and rigging. Just last week, hackers temporarily froze a sizable chunk of the internet, a worst-case scenario that would cause serious problems around the country if duplicated on Nov. 8 — the day more than 100 million Americans are going to the polls.
A major cyberattack would leave the states on their heels as they sign in registered voters, and it would impede their work later in the day as they try to report results. Then there are the effects of an internet shutdown on voters themselves, who in many instances would be left without an integral way to look up their polling places, do last-minute research on candidates or simply track which candidate is winning.
“Certainly if Internet access in the state is down totally that’s a pretty substantial issue,” said Edgardo Cortes, the commissioner of the Virginia Department of Elections, which earlier this month had to deal with its online voter registration system crashing just ahead of a key deadline. “If something like that happens, how we react to it is going to have a lot to do with the public and press having confidence” in the election, added Georgia Secretary of State Brian Kemp.
Kemp, a Republican, said he has been printing out news reports to study last Friday’s DDoS attack. That strike led to disrupted service across large parts of the country on about 80 major websites, including Twitter, Spotify and The New York Times. While declining to discuss many of the details behind Georgia’s contingency planning, Kemp explained that he’ll have his state police on standby and he could get additional resources if the governor was forced to declare an emergency. He also said he’ll be reaching out to state and local officials to make sure they’ve thought through the full breath of what could happen in a cyberattack. “I’m going to double check this morning for the third time in the last three weeks to ensure there’s nothing else we need to do,” he said.
Full Article: States unprepared for Election Day cyber attack – POLITICO.