Initial signs point to surprisingly hack-free election, but risks remain

57

Three and a half years of election security upgrades, training and government information sharing appeared to pay off on Election Day as voting unfolded with the usual technical glitches but no evidence of successful cyberattacks.

The electronic poll books used to check in voters failed in several counties, one results reporting website suffered a brief outage and the internet failed in the election office of one of Florida’s most important counties. But as of Wednesday morning, there is no evidence that hackers were responsible for those incidents or any other disruptive activities, despite months of preelection warnings that Russian cyber operators were probing potential targets throughout the U.S. political system.

Federal officials and independent observers attributed the thus-far hack-free election to a successful partnership with state and local officials, who reported suspicious activity and enacted backup procedures when technology failed.

“This coordination is the most unheralded intergovernmental success story,” said Matthew Weil, the director of the Bipartisan Policy Center’s Elections Project. “Voters have had their confidence shaken in the elections process this year, but it is more secure and professional than at any point in our history.”

The security of the election machinery across U.S. counties and states remains far less than ideal in much of country, and breakdowns in newly purchased devices contributed to chaos and long lines during some of this year’s presidential primaries. But government leaders praised Americans for not overreacting to glitches or assuming the worst about them, saying voters seemed to recognize what officials have said for years: that foreign adversaries will do whatever it takes to undermine confidence in U.S. elections, and that jumping to conclusions does that work for them.

Covert military action may also have helped knock adversaries off balance. In recent weeks, according to The Washington Post, U.S. Cyber Command and the National Security Agency retaliated against Iran for the intimidating emails it was accused of sending to American voters in October.


Even so, officials cautioned that the election process still faced serious cyber threats as it moved from the vote-casting phase into the vote-counting phase. President Donald Trump and other Republicans are seeking to challenge the results in battleground states where mail-in ballots have tipped the lead to former Vice President Joe Biden — and the resulting uncertainty gives hackers the perfect environment in which to sow chaos by taking systems offline.

“We’re not out of the woods yet,” a senior official at DHS’ Cybersecurity and Infrastructure Security Agency told reporters during one of several Election Day briefings. “The attack surface, particularly for disinformation and other foreign interference efforts, extends well into the next month or two. So there is no spiking the football here. We are acutely focused on the mission at hand.”

University of Michigan computer science professor J. Alex Halderman, one of the country’s most respected voting security experts, wrote on Twitter that “the vote counting is an *even more* important area of vulnerability now, and will continue to be until the election result is clear,” because adversaries now have a clear sense of “where they need to intervene to affect the outcome.”

But regardless of what happens next, surprisingly little happened on Tuesday.

The biggest culprits behind Election Day’s technological malfunctions were e-poll books, tablets and laptop computers that have replaced paper voter lists in many states.

A variety of problems caused these devices to fail on Tuesday, delaying voting in several counties, including one in Ohio and a few in the battleground state of Georgia. In one Georgia county, a mysterious late-night data upload by the e-poll books’ vendor caused a glitch that rendered the devices, and the voting machines used with them, inoperable for several hours. In another county, the tablets failed to program the cards that voters inserted into voting machines to activate them. In most cases, poll workers switched to their backup paper voter lists, and voting proceeded on emergency paper ballots. But the e-poll book failures highlighted how risky the devices are, as well as the fact that voluntary federal voting technology guidelines do not cover them.

Problems with voting machines and ballot scanners struck other counties, including in Iowa, Pennsylvania and North Carolina, as well as the Atlanta suburb of Gwinnett County

In Osceola County, Fla., near Orlando, the internet went down in the central election office shortly after the polls closed, forcing precinct workers to drive results data to the office.

Texas’ election results site briefly crashed, but the secretary of state’s office said there had not been “a malicious attack by a foreign/bad actor.”

Indeed, no evidence emerged that hackers were behind any of these problems, the kinds of technical snags that occur to varying degrees during every election.

“At this point, it appears [to be] typical challenges with the election technology,” a second senior CISA official said during a briefing. “No indication of any kind of malicious cyber activity.”

The apparent lack of successful hacks and the relatively smooth responses to glitches are “a credit to the states and the local election officials that have taken this seriously over the last three and a half years,” the first official said.

Mark Lindeman, the acting co-director of the nonprofit advocacy group Verified Voting, called the absence of unusual or malicious problems “a tremendous accomplishment amidst harrowing challenges” and commended government partners for “historic levels of cooperation.”

For all the warnings about the Russian government returning in force to digitally menace the 2020 election in the same way it disrupted the 2016 contest, there was nothing special or alarming about the cyber threat landscape on Tuesday.

It was “just another Tuesday on the internet,” the first CISA official said, with adversaries constantly probing internet-facing election systems for potential weak points.

“More [information about probing] is coming in [compared with 2016], but that’s to be expected,” the official said. “It’s not an actual increase in activity. It’s an increase in awareness and information sharing across all partners.”

CISA officials declined to discuss the details of what state and local election officials were reporting to the federal government through its virtual situational awareness room, but they said the fast tempo of sharing was a positive sign of election supervisors’ vigilance.

Local officials reported suspicious IP addresses and emails, the first official said. “It was a constant flurry of activity.”

Secretaries of state, who oversee elections in most states, “were better informed about what to look for, what to protect against, how to mitigate any issues and how to communicate with the public about cybersecurity preparedness,” said Maria Benson, a spokesperson for the National Association of Secretaries of State.

Little is known publicly about the role that Cyber Command and the NSA played in deterring or disrupting interference efforts by Russia, China, Iran or other foreign governments.

NSA Director Gen. Paul Nakasone, who also leads Cyber Command, said in a statement that he was “confident the actions we’ve taken against adversaries over the past several weeks and months have ensured they’re not going to interfere in our elections.”

One of the few publicly disclosed Cyber Command operations has involved partnering with allies that geographically border U.S. adversaries to monitor those adversaries’ regional cyberattacks and collect information about their hacking tools and techniques.

The information collected during these “hunt forward” expeditions enabled CISA to help prepare election officials for those attacks in case they eventually hit their own networks, the first senior official said.

“That really helps from a threat-informed risk management perspective,” the official said. “That allows them to prioritize investments” in better technology and response planning.

View original post