Gino Santa Maria / Shutterstock.com

The Surprising Good News About Voting Security

With today’s midterms, America’s election infrastructure has never been more carefully monitored by government officials. But will that be enough?

The hacking attempts haven’t slowed. The disinformation campaigns are ongoing. And the warning lights have been “blinking red” for a potential foreign operation aimed at disrupting the U.S. 2018 midterm elections, according to the country’s top intelligence official.

But if there is anything positive to take away from Russia’s election interference in 2016, it’s this: America’s election infrastructure has never been more carefully monitored in the days, weeks, and months leading up to a nationwide vote—and voters themselves are more wary than ever of foreign propaganda masked as a political ad or Twitter troll.

That heightened awareness is a key takeaway from a report published just one day before the election about hacking attempts on election infrastructure. The Boston Globe revealed Monday that it had obtained leaked threat reports filed by state and local election officials across the country alerting federal agencies to cyberintrusions and other suspicious activity that appeared to be targeting voter-registration databases, election officials, and election networks in the days before the midterms. One unnamed state—the threat reports don’t name states or detail specific incidents—successfully blocked more than 51,000 login attempts from foreign countries in a 24-hour period, the documents reportedly revealed. Some hackers even had “limited success.”

Yet voting and cybersecurity experts I spoke with seemed less alarmed than one might expect. “I’m heartened by this,” said David Becker, a former trial attorney in the voting section of the Department of Justice’s Civil Rights Division who now runs the Center for Election Innovation & Research. “We expected there to be this level of activity,” Becker said, pointing to warnings issued by the Department of Homeland Security and the intelligence community in the months leading up to the election. “What’s different this time is that we know about it,” Becker continued. “I think the story here is that DHS even has these threat reports, because of the unprecedented information sharing that’s going on.” That’s how DHS sees it, too. “This sharing is helping us build a national-level understanding of the cybersecurity threats facing our nation’s election infrastructure,” DHS spokesman Scott McConnell told the Globe.

The coordination between the various levels of government in preparation for potential meddling in Tuesday’s election represents a major leap forward since 2016, when many states declined help from the Department of Homeland Security to secure their election systems and balked at declaring such systems “critical infrastructure.” Such a designation, which was finally made in January 2017, puts election infrastructure in the same category as the U.S. power grid and financial sector, and gives states quicker access to classified-threat information sharing. It also means that states can participate in joint-defense exercises. In addition, all 50 states have now opted in to the DHS-funded program that allows election officials to share information with one another and with the government. Many have enrolled in a DHS program that offers states computer-vulnerability scanning for their election systems.

But aging voting machines and outdated software are still a major problem, and Congress has not allocated nearly enough money—only $380 million has been appropriated for the whole country—to help states completely revamp their infrastructure, experts say. Only one state, Virginia, has completely replaced its electronic voting machines since 2016. And while Illinois has bolstered its cyberdefenses since hackers infiltrated its voter database in 2016, its voting machines are still outdated and vulnerable to attack. According to NBC News, 14 states—including Georgia and Florida—still have counties whose voting districts have no paper backup for their electronic voting machines. That would make it impossible to conduct a paper recount if necessary.

That’s particularly concerning because, two years after Russia’s unprecedented interference, there is no sign that the threats are waning. In a joint statement released Monday night, the DHS, Director of National Intelligence, FBI, and DOJ warned that “Americans should be aware that foreign actors—and Russia in particular—continue to try to influence public sentiment and voter perceptions through actions intended to sow discord.” Senior officials in Donald Trump’s administration, including DHS Secretary Kirstjen Nielsen, FBI Director Chris Wray, and DNI Dan Coats, issued a similar warning during a rare joint press conference in August. “Russia attempted to interfere with the last election,” Wray said, “and continues to engage in malign-influence operations to this day.” Days earlier, Missouri Democratic Senator Claire McCaskill, who is seeking reelection in a state that went for Trump in 2016, confirmed that Russians had tried to hack her Senate computer network but were unsuccessful.

So far, however, the kind of massive hacking-and-leaking operation that took the law-enforcement and intelligence communities by surprise in 2016 has not materialized. And, overall, the preparation and response to irregularities in the run-up to the midterms has been reassuring, experts say.

Robert Johnston, the cybersecurity expert who was the first outside investigator to uncover the extent of Russia’s hacks into the DNC during the 2016 election, said that while he believes there’s been an uptick this year in the number of attacks on voter-registration databases and election infrastructure, it would be “disingenuous” to say that it’s “business as usual” on an institutional level in terms of protecting against and responding to these attacks. “There’s still a long way to go,” he said. “But when you have the government providing this much money to the states, the DOJ pumping out indictments against anyone who hacks our election, and our intelligence agencies intimidating people overseas who aren’t acting in our best interests, it becomes clear that we’re on the right track.” (The NSA has reportedly begun sending messages directly to Russian hackers, reminding them that they are being watched.)

Those seeking to sow disinformation and wage information warfare, meanwhile, continue to prey upon social-media users, despite their increased awareness of organized foreign-influence operations.

The Justice Department has already charged a Russian national with interfering in the midterms: Elena Khusyaynova, 44, who allegedly managed the finances of an election-interference campaign run out of the Internet Research Agency in St. Petersburg, code-named Project Lakhta. The troll factory’s budget for the project, which Khusyaynova allegedly controlled, exceeded 73 million Russian rubles—or roughly $1.2 million—a month. The budget grew almost monthly between January and June 2018 as the Russian trolls targeted the midterms, according to the DOJ’s criminal complaint.

Russia’s brazen interference in 2016 has also heightened awareness among social-media companies, which have been either proactive or cooperative in shutting down nefarious actors.

Facebook—which did not discover until late 2017 that the Russians had purchased hundreds of political ads that were seen by approximately 10 million users in 2016—revealed over the summer that it shut down Russian and Iranian accounts that were waging political-influence campaigns to sway the midterms, and set up a “war room” where a team will monitor fake news and disinformation on Election Day. The Democratic Congressional Campaign Committee, meanwhile, successfully encouraged Twitter to delete more than 10,000 “bot” accounts that were posing as Democrats while discouraging people from voting in Tuesday’s midterms.

Experts broadly agree that the disinformation campaign leading up to the midterms has been more muted than in 2016. “We’re seeing activity in the U.S., but we’re seeing it at levels less than we saw in 2016,” Tom Burt, the vice president for customer security and trust at Microsoft, told The New York Times this month. The Russian trolls that are still active have largely focused on Europe, where they’ve sought to deflect blame away from Russia for the poisoning of former Russian spy Sergei Skripal and his daughter, said Clint Watts, a senior fellow at the Center for Cyber and Homeland Security at George Washington University and a Foreign Policy Research Institute fellow. “You only have so many English-language operators,” Watts said. Johnston agreed, noting that Russia’s attention has turned toward fueling division in Europe and Ukraine, which has been a battleground for disinformation and propaganda since at least 2014, when Russia invaded eastern Ukraine and annexed Crimea.

It’s harder, moreover, for foreign actors to influence a local election than a national, presidential election. There is still one fairly easy way, however: sowing doubt in voters’ minds about the election’s legitimacy by waging a disinformation campaign alleging voter fraud and voting-machine irregularities—a narrative that’s becoming more common among Russian bots and trolls, according to Brett Bruen, a former U.S. diplomat who served as director of global engagement at the White House under President Barack Obama. There’s also the option of an actual cyberattack. Experts still worry that a bad actor could interfere at the eleventh hour, altering voter-registration files in databases or hacking websites to change polling locations in a way that would depress turnout and potentially spark mass panic among voters.

“There have been important strides” since 2016, said David Turetsky, a professor at the College of Emergency Preparedness, Homeland Security and Cybersecurity at the University at Albany. But he expressed concern that five states still use direct-recording electronic machines, which provide no paper trail of the votes. He noted that “it doesn’t take much in a busy election to disrupt” voting—long lines resulting from faulty equipment or manipulated databases could be more than enough to depress turnout. (If something like that were to happen, the Pentagon would reportedly be ready to retaliate with an offensive cyberstrike.)

The bottom line, Turetsky said, is that we’re on the right track—but much more still needs to be done. “If we have a good day, it’s not because we’ve done everything possible to earn it,” he told me. “It’s because we’ve done some of the things possible to earn it, and we got lucky.”

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.