It was mid-July 2016 when Neil Jenkins learned that someone had hacked the Illinois Board of Elections. Jenkins was a director in the Office of Cybersecurity and Communications at the Department of Homeland Security, the domestic agency with a congressional mandate to protect “critical infrastructure.” Although election systems were not yet formally designated as such — that wouldn’t happen until January 2017 — it was increasingly clear that the presidential election was becoming a national-security issue. Just a month before, Americans had been confronted with the blockbuster revelation that Russian government actors had hacked the Democratic National Committee’s servers and stolen private email and opposition research against Donald Trump, the Republican presidential candidate. And now, it emerged, someone was trying to infiltrate the election system itself. The Illinois intruders had quietly breached the network in June and spent weeks conducting reconnaissance. After alighting on the state’s voter-registration database, they downloaded information on hundreds of thousands of voters. Then something went wrong, and the attackers crashed a server, alerting officials to their presence.
It soon became clear that this would not be the last attack. In early August, Jenkins learned of another breach, this one on an Arizona state website, and it appeared to come from one of the same I.P. addresses that had been used to attack Illinois. This time, the intruders installed malware, as if setting the stage for further assault. Then reports from other states began to pour in, saying that the same I.P. addresses appeared to be probing their voter-registration networks. Against that backdrop, the D.N.C. hack was looking less like an isolated incident.
“We started to ask: Are these things related?” Jenkins recalled. “Are they the same actors? Is this some kind of concerted effort?” He and his team realized that if Russian hackers were trying to disrupt the coming elections, D.H.S. needed to quickly get in touch with the state and local officials who ran them. But whom do you call when there are more than 10,000 election jurisdictions in the United States?
Full Article: The Crisis of Election Security – The New York Times.