What the Gov: Is the Illinois Board of Elections Ready For Hackers in November?
This article is part of a series called "What the Gov," where BGA Engagement Editor Mia Sato takes reader questions related to Illinois government and upcoming elections and tracks down the answers. Ask your own question here.
News about hacking, the Russians and election security have dominated headlines across the country for the last couple years, and it seems like everyone — from random Twitter users with a handful of followers all the way up to President Donald Trump — has an opinion on the topic.
And when you live in a state that was previously the target of a successful hack into voter data, chances are good that you might have a few questions and thoughts, too.
Enter Robyn Michaels of Chicago. Robyn, who's a dog groomer/trainer and has served as an election judge, values the integrity of elections, and it goes without saying that secure voter data is a piece of that. Using our What the Gov tool Robyn asked us: What is the board of elections doing to protect voter information against hackers?
“State Board of Elections 1”
First, a refresher on the landscape of voter security here in Illinois.
In July 2016, Illinois State Board of Elections staff identified a breach in their voter registration data, allowing hackers to view — and possibly edit — personal information such as full names, addresses and the last four digits of Social Security numbers. No actual votes were hacked.
About a month after hackers initially gained access, the board said it identified the breach and notified 76,000 voters whose data were compromised.
Fast forward to this summer, when the Department of Justice reported an unnamed state board of elections — simply referred to as “State Board of Elections 1” — was a victim of Russian hacks. Matt Dietrich, spokesman for the board told reporters in July that “State Board of Elections 1” was “very likely” Illinois.
Illinois elections run on a bottom-up system, where 108 local election boards conduct voter registration and run elections, and report up to the state board.
Dietrich said the 2016 breach was a result of a programming error at the state board that allowed access through a data entry field on a state-operated online form. Although that specific kink has been ironed out, the challenge going forward will be to secure things at the local election boards across the state.
Following the breach, the election board is working to learn from its mistakes. It is not alone. One example is in neighboring Wisconsin, where elections officials are taking steps to guard their own systems against the kind of attacks carried out in Illinois.
Digital damage control
Since the hack in 2016, officials at the state board have worked with the Department of Homeland Security and the Federal Bureau of Investigation to better secure Illinois’ statewide database of voter information. Updated security measures include installing new firewalls and running weekly “cyber hygiene” scans to detect vulnerabilities.
The state also received $13.2 million in federal cash in May — Illinois will kick in another $662,000 — to make election security improvements. A little more than half of that money will go to the state’s Cyber Navigator Program, which is expected to hire nine cybersecurity specialists and send them around the state to local election boards to run risk assessments and provide resources to ensure the security of data at the local level. Local elections boards must apply to join the program.
Once local election boards commit to the program, they also become eligible to receive funding for additional election security efforts. In September, the state board released $2.9 million of the federal funds to cover cybersecurity efforts already enacted and planned by the local election officials to prepare for the November election.
“We want to make sure now that if something happens in the 2018 elections, we don’t want any of those 108 local authorities to be the target and to be a weak link that gets exploited,” Dietrich said.
Amid news that the state board was hacked, elections officials in Chicago and Cook County said they began preparing for the November elections with an eye toward ensuring voters’ information was safeguarded. The Chicago Board of Elections and Cook County Clerk’s office, which oversees voting in the Cook suburbs, agreed to share in the hiring of a cybersecurity specialist months ago, well ahead of the state’s efforts, Chicago Board of Elections spokesman Jim Allen said.
“We urged the state to create the Cyber Navigator Program as a way to provide assistance to smaller election authorities with much smaller operations,” Allen said. He listed replacing voting equipment and introducing risk-limiting audits as further steps the state board could take to secure systems.
On the state level, as of Oct. 1, only five of the planned nine cybersecurity specialists have been hired and only two have started. One of these newly hired cyber navigators tasked with serving local election board across the state won’t start until Nov. 1 — just five days before the election. What’s more, Dietrich said of the 108 local election boards only four have so far agreed to take part in the state’s Cyber Navigator Program, with early voting already underway in some locales. But Dietrich said the state is “optimistic” that all 108 will be signed up by Election Day.