Michael Dickerson was breathing a little easier in his elections office Wednesday afternoon in Charlotte, North Carolina.
He found out that cybersecurity gurus with the federal government likely will soon be on hand to help North Carolina state and county officials ahead of Nov. 8. The plan includes in-depth scanning and risk assessment of voting-related systems. Experts will look for any vulnerabilities that hackers could exploit.
The state requested the technical assistance of the federal Department of Homeland Security on Tuesday.
“That is fantastic. You’ve got your nation’s highest services like that available. . . . Voters need to have confidence – that’s the key,” said Dickerson, Mecklenburg County’s director of elections.
North Carolina is one of several states to work with DHS officials to evaluate a range of potential voting cybersecurity risks. The department would not say how many or which states had agreed to the help. State officials in Pennsylvania announced Tuesday that their state will participate.
Many of the risk assessments and scans will be conducted remotely by federal cybersecurity experts, said Scott McConnell, a DHS spokesman.
Several N.C. county election officials, along with McConnell, declined to give details of the risk assessments, saying such information could tip off hackers. One program that officials have spoken publicly about is called Cyber Hygiene, which can be used to scan a large number of computer IP addresses used by election workers to determine whether hackers could get through.
After the scans, federal officials will report the results to the states and recommend better security measures.
The A to Z process – everything we have – is tightly controlled. You never want to say something’s impossible, but you can guarantee you are putting in every safety protocol you can.
Gary Sims, Wake County elections director
Early voting starts in North Carolina on Oct. 20, but it’s unclear whether federal resources will be deployed by then. State officials had not yet heard back from DHS officials about a timetable, Josh Lawson, an attorney with the N.C. State Board of Elections, said in an interview.
The state is confident of its voting system’s security, but “outside eyes are always helpful,” Lawson said.
The help from federal officials is free for states and will focus on potential internet and computer-based security risks. Homeland Security Secretary Jeh Johnson made the offer on a conference call earlier this month. Days later, officials in Illinois and Arizona confirmed that the FBI is investigating security breaches affecting voter records in those states.
The executive director of North Carolina’s Republican Party has reservations, too.
“I am always suspect of the federal government’s involvement in our elections,” said Dallas Woodhouse, mentioning the U.S. Department of Justice’s legal battle with North Carolina over changes to the state’s voting laws, including a measure requiring certain types of photo ID at the polls.
Still, Woodhouse said in an interview, threats of voter fraud and a cyberattack on an election exist. Woodhouse said he was skeptical but was not against the upcoming federal cybersecurity scans.
N.C. Democratic Party communications director Dave Miranda didn’t express support or opposition to the federal involvement.
“I can’t speak to whether or not this is necessary,” Miranda said in an interview. “We support fair and free elections. We’re going to do our best to make sure that every voice is heard and every vote is counted.”
Any county or state that does not prepare would be negligent in their responsibility because (elections are) such a high priority target.
Brian Kent, director of Fayetteville State University’s Center for Defense and Homeland Security
In North Carolina, most counties use only paper ballots and those with electronic voting machines are not allowed to hook them up to the internet, Lawson said. Vote-tabulation machines also are always offline for security reasons.
But the state’s voter registration database and election night public reporting system have some functions connected to the internet.
“Any county or state that does not prepare would be negligent in their responsibility because (elections are) such a high priority target,” said Brian Kent, the executive director of Fayetteville State University’s Center for Defense and Homeland Security.
An election hack or cyberattack, Kent said, could deal a blow for a county or state far worse than the hanging-chad paper ballot problems in Florida in 2000. A sophisticated attack on voting systems might wipe data or add false votes for a candidate, he said.
North Carolina’s voting laws and methods ensure a paper trail and backup checks in the event that electronic data is compromised, Gary Sims, the elections director in Wake County, said in an interview Wednesday. In every election, he said, results are audited at random.
“The A to Z process – everything we have – is tightly controlled,” Sims said. “You never want to say something’s impossible, but you can guarantee you are putting in every safety protocol you can.”
Even electronic voting machines like those in Mecklenburg County have a secure paper trail, called a “real time audit log.” Those machines will be phased out, and North Carolina plans to have only paper ballots by 2019.