With the 2018 midterm elections a little more than a month away, government officials and concerned citizens are paying close attention to security. Concerns about election security are rooted in recent events. The Department of Homeland Security (DHS) reported last year that Russia probed election systems in 21 states during the 2016 election year.

“In 2016, Russia conducted an unprecedented influence campaign to interfere in the U.S. electoral and political process,” Dan Coats, the director of national intelligence, said in a speech earlier this year. “It is 2018, and we continue to see Russian targeting of American society in ways that could affect our midterm elections.”

Serious Concerns about Security

Research shows that cybersecurity is the top IT priority for federal, state and local governments. Voting represents an important factor in that security focus. In 2018, 36 states and U.S. territories will hold gubernatorial elections, while 87 state legislative chambers are holding general elections representing more than 6,000 seats. There’s a lot at stake.

The Washington Post reported that 95 percent of the digital security experts it surveyed said state election systems are insufficiently protected against cyberthreats. In July, the Democratic members of the House Administration Committee completed an assessment of election security and rated the 18 most vulnerable states. The assessment grouped these states into three tiers:

  • Tier 1: States in this group have the most serious election security vulnerabilities and rely exclusively on electronic voting machines that do not have a paper record. This makes it nearly impossible to determine if the machines have been attacked and vote tallies have been altered.
  • Tier 2: Although these states exhibit significant vulnerabilities, they may not be planning to use federal assistance to address them.
  • Tier 3: These states are using federal funds to address election vulnerabilities and need additional assistance to fully upgrade their election infrastructure.

Steps in a More Secure Direction

Every state has taken at least some steps to improve the security posture of its election administration. Recent examples include Virginia’s efforts to overhaul its paperless voting machines and switch to a paper system, Colorado’s post-election audits and a requirement in Alabama for election officials to undergo cybersecurity training.

Governments aren’t alone in their efforts to improve election security. DHS works with federal, state and local agencies, as well as election officials and vendors, to identify potential threats and manage election security risks. In March, the Help America Vote Act (HAVA) was passed to provide $380 million to fund upgrades to election voting security infrastructure. More than a third of these funds are being spent to improve cybersecurity.

The ways that states are using these funds vary widely. Many are investing in new voting hardware to address problems such as the lack of paper records. Others are testing and auditing election systems to make sure their security measures are effective. Another important step states are taking is to upgrade IT infrastructure to make sure their systems have the foundation necessary to effectively defend against attacks.

Security vendors are getting involved by offering solutions for election security. For example, FireEye has developed a managed defense solution bundle designed specifically to protect against election cyberattacks by providing real-time visibility across the enterprise, including industrial controls and cloud infrastructure. And Splunk offers an Election Infrastructure Security package of services, analytics and training. Other vendors with specific solutions and offerings for election security include McAfee, Cylance and Microsoft.

Efforts to address election security concerns are steps in the right direction, but many of the most vulnerable states need to move with greater urgency. U.S. citizens need to have confidence that their votes are safe against malicious attacks.

For more information on how to actively monitor threat detection in your organization, visit CDW.com/ThreatCheck.