Bolstering Security Ahead Of Midterm Elections
MELISSA BLOCK, HOST:
With the clock ticking down to November 6, election officials around the country are urgently working to make sure this year's midterms are secure. One way they're doing that is by making sure their computer systems aren't vulnerable to hackers. In Ohio and many other states, they're getting help from the Department of Homeland Security. From member station WCPN Ideastream, Nick Castele reports.
NICK CASTELE, BYLINE: At the Portage County Board of Elections, a 40-mile drive southeast of Cleveland, director Faith Lyon enters the room where a computer will tabulate November's results.
FAITH LYON: In here...
CASTELE: The county is home to about 180,000 registered voters. Like any office, there are plenty of computers here. But Lyon says staff don't have Internet access at their desks.
LYON: We literally have two computers in our office that have Internet connectivity.
CASTELE: Lyon says the computers that tabulate votes here aren't connected to anything.
LYON: No Internet - no connectivity whatsoever. These are actually single-source. They're not even connected into our county system within our office.
CASTELE: On election night, staff use thumb drives to upload vote totals to the web in the secretary of state's office. Lyon says they take precautions against malware.
LYON: One direction, one use each thumb drive. So on an election night, we can easily go through 20, 30 thumb drives, and they are never used again. They are literally disposed off after our disposal period.
CASTELE: Ohio's 88 county election boards are up against a deadline. They have until October 15 to assess their cybersecurity and tell the state how they plan to fix any problems they find. Ohio is paying for the work with a federal grant, and all states are getting $380 million this year for election security. Boards have been role-playing worst-case scenarios, and they're joining an information sharing project supported by the Department of Homeland Security. Matt Masterson, a DHS senior adviser, says there's also human error to train against, such as clicking suspicious links or attachments. So Homeland Security is sending fake phishing emails as a test.
MATT MASTERSON: We will send progressively more sophisticated phishing emails to the participants and then share back click rates in order to raise the level of awareness.
CASTELE: Some local governments in Ohio have proven vulnerable to cyberattacks in the past. Hackers compromised personal information on city computers in Akron in 2013. Last year, Licking County was hit with ransomware. Candice Hoke is a co-director for the Center for Cybersecurity and Privacy Protection at Cleveland Marshall College of Law. She says Ohio and the federal government are taking some positive steps. But she says the October 15 deadline for security audits doesn't give boards much time to correct course.
CANDICE HOKE: Right now, yes. We are in catch-up mode. October is way too late. We're already in the midst of receiving voted absentee ballots by mid-October. So it's way too late.
CASTELE: In Portage County, director Faith Lyon says election staff are used to last-minute surprises like court cases, and they'll be ready to respond if they find weaknesses in their system.
For NPR News, I'm Nick Castele in Cleveland. Transcript provided by NPR, Copyright NPR.