This article is part of TechRepublic's series on how states across the US are approaching the cybersecurity threat to the 2018 midterm elections. Read each installment:
or download the entire series as a free PDF.
Changes to election procedures and assistance from the Washington Air National Guard are underway, as Washington state prepares for the 2018 midterm elections. After learning that it was one of the 21 states whose voter registration database was targeted, Washington is taking extra measures to stay secure.
While Washington's voter registration database wasn't breached, rumors are swirling that those states targeted in 2016 could be targeted again in 2018, according to Danielle Root, voting manager at the Center for American Progress. "Many national security experts and officials have warned that 2016 was likely a testing ground for Russia," said Root, so states must stay vigilant.
SEE: Security awareness and training policy (Tech Pro Research)
Voter registration databases are an obvious target for attack, said Dan Weiske, advisor to the National Cybersecurity Center. "Any of the publicly connected systems, like the registration systems, are going to be the largest areas of attack and the highest risk," said Weiske. "There's a lot of data that sits on those, and it's accessible by the public."
As for the actual voting system, Washington has one of the most secure methods, still using vote-by-mail paper ballots. "Paper is the most hack-proof way of securing our elections, with the current technology available and under the current threat environment," said Root.
The main threat vector for Washington, however, is auditing procedures. "Unfortunately any audit for paper ballots is actually voluntary," said Root. "That's something that we identified in Washington as being a severe vulnerability, because post election audits are really the only way to confirm accuracy of election outcomes."
"In March 2018, Washington passed a huge Election Security Package with the main goal of strengthening the state's post election audit procedures in making those post election audits mandatory," said Root.
The legislation, known as HB 2406, helped improve post election audit guidelines. Included in the bill was also an option for county auditors to audit duplicated ballots using multiple methods. "The legislature wants to maximize this locally run benefit by adding options to the auditing process for local elections administrators," stated the bill. "Multiple jurisdictions, with multiple options for ensuring election outcomes will increase the transparency, integrity, and trust of our elections process."
SEE: Cybersecurity and the 2018 Midterms (TechRepublic Flipboard magazine)
Another facet of the bill concerned voting system vendors, according to Root. "The state is requiring voting systems vendors to disclose any security breaches in their systems. As you likely know as well, there were reports that came out after 2016 that voting vendors were actually targeted by hackers as well," Root added. "The vendors weren't contacting states that were using their equipment and letting them know of the hack. So, by passing this law that requires these vendors to let the state know, that's a huge step in the right direction for better securing the state's election infrastructure."
The other major step Washington has taken to secure election procedures involves its Air National Guard. Prior to calling upon the unit, Washington was making great use of resources provided by the Department of Homeland Security, said Root. The resources included vulnerability testing, penetration testing, and consistent assessments of security around state databases.
Bringing in the National Guard, however, adds a whole new level of deep security measures. "The National Guards are a great resource that states should be taking advantage of, because a lot of the National Guard divisions have experts in cybersecurity and are far better prepared to deal with these very intricate and cyber based threats," said Root. "While election officials are very good at their jobs, most of them are not tech experts and have never really dealt with sophisticated cyber attacks by foreign entities."
A group of a dozen individuals from the National Guard will be helping out, all of whom hold day jobs at Amazon, Microsoft, or other cybersecurity companies, reported the Seattle Times.
"If you've got a military-grade adversary," said Col. Gent Welsh, commander of the Washington Air National Guard's 194th Wing, "it makes sense to bring in military-grade assets."
No matter how hard someone may try, "security experts agree that you can not prevent attacks," said Marian Schneider, president of nonprofit Verified Voting Foundation.
"We're going to instead direct our resources into monitoring, detecting, responding and recovering," Schneider said.
- West Virginia moves forward with first mobile voting app, despite fears from security experts (TechRepublic)
- Ohio taps college cybersecurity experts to audit election systems before 2018 midterms (TechRepublic)
- How Florida is bolstering election security after being targeted by Russian hackers (TechRepublic)
- Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)
- Security experts warn lawmakers of election hacking risks (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Election security is a mess, and the cleanup won't arrive by the midterms (CNET)
- Hackers, trolls and the fight over your vote in the 2018 midterm elections (CNET)
- What to expect from cyber-attacks during an election year (TechRepublic)
Macy Bayern has nothing to disclose. She does not hold investments in the technology companies she covers.
Macy Bayern is an Associate Staff Writer for TechRepublic. A recent graduate from the University of Texas at Austin's Liberal Arts Honors Program, Macy covers tech news and trends.