The United States needs to invest more resources in the security of election systems, Cook County (Ill.) Director of Elections Noah Praetz told the Election Assistance Commission (EAC) on Aug. 16.

“We’re not funding our election infrastructure the way we need to in this country. If we had access to dollars we could bring more technology to the forefront,” said Praetz. “If the critical infrastructure designation means anything, if we are to believe the Federal government sources that tell us to prepare for the Russians and other advanced persistent threats, then the bottom line, in my opinion, is we could probably use some help here focusing on our defenses.”

According to Praetz, the lack of resources can prevent some counties from hiring the necessary personnel, replacing outdated systems, and contracting security researchers to test the vulnerabilities of their machines.

“We think that we have a leadership role to take,” said EAC Executive Director Brian Newby. “The Department of Homeland Security certainly has identified elections as critical infrastructure, and we want to work with them. And we want to be as supportive as we can to the initiatives that they have. But in the end […] these threats are not new. I mean, the players may be new, they may be more sophisticated, but many of the threats are the same that election administrators face and have been facing.”

Though Praetz acknowledged that the Federal government had a role to play in ensuring election security, he said that local officials need to get more involved in communicating what they need.

Join us at the sixth annual Cyber Security Brainstorm on Sept. 20 at the Newseum to discuss the cyber strategies and opportunities that can keep our Federal government one step ahead at all times. Click here to learn more and register.

“We can’t wait for Superman,” he said. “A lot of this stuff we have to take onto our own, we have to find local partners that are willing to come in and help us out. It’s not going to be necessarily the Federal government that’s going to get us on a firm security footing, although they’ve certainly got a role.

“Local election officials probably need to step up their vocal participation in the discussion around election security. State officials have a major role to play, and I think are vocal and at the table a lot. But I think local election officials responsible for the care and upkeep of every piece of equipment, and every voter record, and every polling place, and for counting every vote need to be sure that as we talk about the risk assessment and our feelings of vulnerability that we need to be at the table.”

EAC Commissioner Thomas Hicks, who recently participated in an election planning exercise with the State of New York, encouraged states to undertake similar coordination exercises for the sake of figuring out what they need.

“I would encourage each and every state to possibly hold a similar meeting with their election officials, emergency management folks, and IT people, because as we move forward with the 2018 and 2020 elections we’ve been told over and over again that the threat to elections is real and it’s continuing,” said Hicks.

Praetz also encouraged states and localities, in acknowledgement of the fact that no system is perfectly unhackable, to focus on resiliency and recovery efforts. For example, Illinois offers same-day voter registration, which can nullify some of the effects of voter roll tampering.

“From a security and resiliency perspective, Election Day registration decreased the burden we face for perfect defense,” said Praetz. “To be secure is not to be unhackable. That’s impossible, probably. To ignore the nuance, to ignore that security is a problem of degrees, is to chop this problem up as one that we can’t solve. But if we accept the premise that everything is at some level breachable and we do what we can to defend and get back up when our defenses fail, we’ll be secure.”

Read More About
More Topics
Jessie Bur
Jessie Bur
Jessie Bur is a Staff Reporter for MeriTalk covering Cybersecurity, FedRAMP, GSA, Congress, Treasury, DOJ, NIST and Cloud Computing.