IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Cybersecurity, Virus Challenge Elections Preparations

In recent months, American adversaries have stepped up both cyberattacks and disinformation campaigns. Election officials should expect them to take advantage of the logistical challenges of voting in a COVID-19 world.

Georgia Primary
An examination by The Atlanta Journal-Constitution found that human error, equipment failure and a complicated, multicomputer voting system combined to create chaos that left some Georgia voters waiting as long as eight hours to cast ballots during June 9, 2020, statewide primary elections. (John Spink/Atlanta Journal-Constitution/TNS)
(TNS) — State and local elections officials — nervously eyeing the fall for a potential second wave of COVID-19 — are scrambling. With only five months before the presidential election, they are scouting larger polling places to enable social distancing and planning to mail and scan more absentee and mail-in ballots than ever.

But in addition to keeping poll workers and voters safe from viral transmission, there is a second major risk: how to keep the election itself secure from cyberthreats.

During the recent months of the pandemic, U.S. adversaries have stepped up both cyberattacks and disinformation campaigns. The United States should expect them to also take advantage of the logistical challenges of voting in a COVID-19 world to redouble their efforts against elections.

Cyberthreats to U.S. elections came into sharp relief in 2016, when Russia conducted operations to influence the electorate and infiltrate voting systems. In January 2017, the Department of Homeland Security declared elections to be “critical infrastructure” and embarked on an extensive cybersecurity support effort. It established, for example, the Elections Infrastructure Information Sharing and Analysis Center which provides elections officials with cybersecurity alerts, vulnerability assessments and response aid when experiencing a cyberattack.

Congress pitched in too, appropriating $380 million under the Help America Vote Act, or HAVA, in 2018 — about 40% of which states planned to spend on cybersecurity. This year Congress appropriated an additional $425 million to states.

But now the pandemic has devastated state budgets. HAVA fund administrators at the federal Elections Assistance Commission felt compelled to issue guidance saying states can use these funds for health-related safety needs.

This was necessary and prudent; mitigating the health risks and reassuring anxious voters is paramount to ensuring a smooth running of the election in the fall. States are furiously rolling out new processes, scouting polling places that can accommodate social distancing and preparing for unprecedented volumes of absentee and mail-in ballots. Each of these moves is costly, however, and states must pursue all of them simultaneously. A recent Brennan Center report argues that states will need significantly more funding to prepare for the November election, noting for example that the federal grant would only cover roughly 10% of the estimated $110 to $124 million Georgia alone would need to spend between now and Election Day.

Meantime, the cyberthreats to voting systems have not diminished; indeed they may be elevated as adversaries see an opportunity in the crisis. Even as they rush to buy high-speed optical ballot scanners and distribute vote-by-mail request forms, election officials must continue to safeguard their (old and new) IT infrastructure. Voter registration databases, electronic pollbooks used to check in voters, websites publishing vital information about changes to voting processes — all these need to be kept secure. States are likely to need yet more federal funding, particularly given that most states will have to balance their budgets even as tax revenues crater this year.

Other options are available to states — and all of them may be needed. The federal government, for instance, could offer assistance via Homeland Security’s cybersecurity agency, which could corral resources and manpower from the Department of Defense (including the National Guard), FBI and the intelligence community.

Private companies — including Microsoft, Akamai and Cloudflare — provided free cybersecurity services to elections officials in the run-up to the 2018 midterm elections. They could renew that offer of help. Other private companies could add their support and provide software, hardware or other equipment needed to support safe polling places, efficient and secure remote voting options, and the public education campaigns needed to tell citizens about their voting options.

And finally, all citizens should figure out early on their voting options and make a plan for how they are going to vote. The integrity of our elections is central to the health of our democracy, no less so now that we also have to worry about the health of voters.

©2020 The Baltimore Sun, Distributed by Tribune Content Agency, LLC.