In the run up to the 2020 general election, the University of West Florida Center for Cybersecurity recently provided virtual training for the Escambia County Supervisor of Elections staff.
Officials say Florida’s 2018 midterm election was held without any reported intrusions by hackers – a 180-degree turn from the 2016 general election, when voting systems in all 50 states were targeted by Russia. Virginia’s Mark Warner, a member of the U.S. Senate Intelligence Committee, appeared on PBS’s “Frontline” last fall.
“Clearly, the ability to hack into voting systems and manipulate data is a cyber-technique that clearly the Russians and others have perfected,” said Warner. “We have gotten better, but as we get better this is not a constant state; the advisories [also] get better.”
Voter databases in two Florida counties were accessed by Russian hackers before the 2016 presidential election, according to Gov. Ron DeSantis. Speaking last year, he said the hackers did not manipulate data, and the election results were not compromised.
“The two counties at issue here the FBI was working with them in 2016,” said DeSantis. “They just asked me not to name the two counties for whatever reason, so I’m respecting that. But this was something that the counties knew about prior to the 2016 election.”
“The first thing we did in the seminar, was we talked a little bit about the threats that are out there; and we set a stage so that people understand kind of what they’re up against – like, who wants to hack the vote for example?” said Guy Garrett, the UWF Cybersecurity’s assistant director.
Garrett conducted the recent session with the Escambia County elections office. The workshop covered a number of areas, in the attempt to demystify the world of “hacktivists.”
“Hacktivists are people who have a cause, and they are people who will try to influence an election that way,” said Garrett. “And that’s been going on for years and years and years, going back to the old stuffing the ballot box. And sometimes you just have people out there that just create mischief for the fun of it. So you have a number of types of actors out there, and we try to give them a picture of what that looks like.”
Other topics included how to report suspicious activity, and building a cybersecurity culture in which all staff members understand their roles in minimizing vulnerabilities. Garrett says there’s not a lot of money to be had in election hacking per se.
“Nation-states that might want to interfere with the election could hire those people to do that kind of work; so sometimes you see this cross-traffic between a nation-state actor and a cyber-criminal organization,” Garrett said. “These are the kinds of things we want them to know about up front, so they have an idea of who they’re up against, and why.”
In 2018, the training by UWF involved just Supervisor David Stafford, lower-level supervisors and IT staff. For the 2020 course, Stafford asked the Center to include everyone on staff.
“We collaborated with them, they got our input on the design, and I think what they ultimately delivered was spot-on,” said Stafford. “Because if the goal was to engage everybody from top to bottom, I think it certainly did that. We’ve had a great relationship with the Center and they do really good work and we were very pleased with their effort this last time.”
It’s good to be prepared for any cyber-threat looming over the elections, says Stafford, both now and into the future. “Whether it’s from foreign actors or from just your more common criminals,” Stafford said. The old adage, ‘You’re only as strong as your weakest link,' it just takes one person in your organization, clicking on an email link or an attachment that they shouldn’t – and offloading some ransomware or malware on your system.”
And Stafford is quick to add that the battle for honest elections extends beyond the Ethernet.
“We invest a lot of time and money and effort into doing physical upgrades; hardening of our systems, putting procedures and other things in place to try to do what we can to prevent something like that happening on the front end.”
For the upcoming elections, the UWF Cybersecurity Center’s work is done. Assistant Director Guy Garrett says the vote will be monitored by county elections offices, secretary of state and the Department of Homeland Security.
“We won’t be engaged in the election per se, but we will be watching what’s going on so we can update our training,” said Garrett. “And make sure that as we see what was done well we can reinforce that, and if we see any gap that comes along we’ll certainly develop some training and try to get that out to people as quickly as possible.”
According to Vanity Fair Magazine, hackers are at work to disrupt the 2020 election. Reports are that the presidential campaigns have been targeted, and online voting – an alternative amid the COVID-19 pandemic – may also be a sitting duck.