Report Finds States, Localities, Slow to Address Threat of Cyberattacks

Report Finds States, Localities, Slow to Address Threat of Cyberattacks

A report today from NBC News provides a troubling reminder of how much work state and local election officials have to do to protect voting and voter registration systems against the kind of cyberespionage that marked the 2016 election.

A report today from NBC News provides a troubling reminder of how much work state and local election officials have to do to protect voting and voter registration systems against the kind of cyberespionage that marked the 2016 election.

The network said election officials in the most heavily populated counties in three swing states – Arizona, Michigan and Pennsylvania – have yet to receive formal training in how to detect and counter cyberattacks.

The training gap leaves those states and others that have failed to invest in cyber-security training vulnerable to new attacks as the 2018 congressional campaigns begin ramping up

“In any sort of cyber system, the weakest element is the human element,” Andrew Schwarzmann, director of the University of Connecticut’s Center for Voting Technology Research, told the network.

NBC said election security experts it interviewed are particularly worried that untrained election officials are vulnerable to “spearphishing” email attacks. In answering what appear to be innocuous messages from Google or an internet service provider, the officials may give a hidden attacker an opening into election agency computer systems, the experts argue.

“Phishing attacks are a form of social engineering,” said University of Michigan election security expert J. Alex Halderman. “The one very important thing is to train people about what they are, how to recognize them, and how not to fall for them.”

NBC said that while Arizona, Michigan and Pennsylvania, the states at the center of its inquiry, are leaving local election officials to make their own decisions about cybersecurity training, other states have taken a more pro-active approach to the problem.

Washington, Maryland, Mississippi, Georgia, Louisiana, Delaware and Virginia are among states that the require cybersecurity training for election officials, the network said. That could be particularly important in Virginia, the only state with what is considered a competitive race for governor this year and a probable swing state in the 2020 presidential race.

###