How West Virginia Is Trying to Build Hacker-Proof Voting

Voting machines for Putnam County, W. Va., are secured in a building in Winfield, the county seat, when not in use. The state has been reinforcing its defenses against election tampering.

CHARLESTON, W.Va. — The next election in the Mountain State was still weeks away. But 5,000 miles from West Virginia’s capital city, in a suburb northwest of Moscow, someone was already scouting for ways to get into the state’s election computer network this spring.

That someone’s IP address, a designation as a “malicious host,” even a tiny Russian flag — it was all there on a computer display in an office just across the Kanawha River from the state’s gold-domed Capitol. And he had company.

“See, right here, a Canadian IP address is trying to go into online voter registration,” said the West Virginia Air National Guard sergeant who was tracking the would-be intruders, pointing at the screen. “Here’s someone from Great Britain trying to do the same. China is trying to get into the home page — trying to, but they’re getting blocked.”

Credit...Maddie McGarvey for The New York Times

As West Virginians cast ballots on Tuesday in a primary election, no one was certain if states have done enough to protect against a repeat of 2016, when Russian hackers attacked election systems in 21 states and even penetrated one voter-registration database.

But the odds that West Virginia would be able to fend off any attackers, or detect and correct any damage, are far better now than they were two years ago. West Virginia is neither wealthy nor particularly tech-savvy, but since 2016 it has embraced election cybersecurity with an enthusiasm that many other states have yet to muster.

“We had a lot of county clerks saying, ‘Why are you talking so much about cybersecurity? The Russians aren’t going to attack us,’” the state’s chief election official, Secretary of State Mac Warner, said in an interview. But in an era when election irregularities can be instantly publicized and spread online, he said, any state that does not protect its election systems is inviting an attack.

While meddling by hostile nations is of greatest concern, hundreds and even thousands of other outsiders probe West Virginia’s election computer security almost daily, as they do in other states. It’s usually difficult to tell whether a specific probe comes from a government, a live hacker intent on doing harm, or a computer program that is automatically checking for vulnerabilities.

Mr. Warner’s point was driven home only last month when the elections website in Knox County, Tenn., was immobilized by a so-called distributed denial-of-service attack as the polls closed for a primary election. The attack, which was came from computers both inside and outside the country, slowed the reporting of election returns but did not destroy any data.

Mr. Warner, a Republican in his first term as secretary of state, says he has taken the security threat to heart. Last year he sought and received an F.B.I. briefing on the origin and nature of the Russian cyberattacks, and he took a seat on a council of state, local and federal officials that coordinates election-security policies with the Department of Homeland Security.

He has since obtained a security clearance that gives him limited access to intelligence on election-related threats. And he has placed the National Guard sergeant, who has a top-secret clearance, in West Virginia’s Intelligence Fusion Center, a nexus of state and federal law-enforcement and intelligence officials who handle threats ranging from floods to cyberattacks.

Nationwide, experts say, election security still can be a hit-or-miss affair. According to the Brennan Center for Justice at the New York University School of Law, 13 states employ at least some voting machines that leave no paper record of ballots cast, making it impossible to detect fraud. Five of them use paperless machines exclusively. Georgia and Pennsylvania are particularly notorious for relying on voting devices that run ancient, insecure versions of Windows software and create no paper trail that can be audited.

When the liberal-leaning Center for American Progress graded the states and the District of Columbia in February on seven key aspects of election security, no state earned higher than a B. Five — Arkansas, Florida, Indiana, Kansas and Tennessee — earned Fs.

But that is rapidly changing. “While we’re certainly not all the way there, both awareness and activity in the security field is considerable” among state election officials, said Doug Chapin, the director of the Program for Excellence in Election Administration at the University of Minnesota Humphrey School of Public Affairs. “Maybe we haven’t closed all the holes. But we’re in the process of closing the bigger ones.”

States are making progress in replacing outdated paperless voting machines with new, more secure ones that leave a paper trail: Louisiana and Delaware, two of the five states, have sought bids for replacements, and Pennsylvania, the state with the largest number of paperless devices, told its 67 counties last month to order new machines to take their place by the end of 2019.

Efforts to replace all voting machines in another paperless state, Georgia, died when the legislature adjourned in March. Bipartisan federal legislation that would enable states to receive federal grants to improve election cybersecurity is stalled in the Senate, apparently by Republican opposition; a similar Republican-sponsored bill in the House also appears dead in the water.

Many election-security experts say the biggest threat is the one that Russian hackers seemed to focus on in 2016: disrupting an election by scrambling the databases of registered voters that precinct workers rely on to check voters’ eligibility on Election Day. Here, too, states are battening down their computer networks. Some states have installed Department of Homeland Security-approved monitors on state or local computer systems to spot malware and attacks from rogue IP addresses; 33 states undergo weekly “cyberhygiene” reviews conducted remotely by the agency.

Perhaps the biggest unplugged hole, according to Mr. Chapin of the University of Minnesota, is the lack of security precautions in smaller jurisdictions — small cities and rural counties where managing elections is a part-time job, often farmed out to local representatives of national makers of election computer systems. “The old line about a chain only being as strong as its weakest link is true,” Mr. Chapin said. “One person who gives up access to a server can create tremendous problems for everybody.”

West Virginia’s cyberdefenses began with a built-in advantage: State law requires that hand-countable paper ballots be used in every election. Even if voting machines were altered to try to sway election results, the ballots guarantee that the true outcome of a race could still be determined.

The state also demands other safeguards. Voting machines are tested before and after elections to ensure that a set of mock votes are reported identically; testers also reset the machines’ internal clocks to Election Day to spot any malware programmed to alter results on that one day and then self-destruct.

The other tempting target for hackers, the statewide voter registration database, also is tightly guarded. In 2016, Russian hackers broke into one such database, in Illinois, by exploiting a flaw in a web page that allowed citizens to register or change registrations online. In West Virginia and many other states, the database is “air gapped” — cut off from public access. Online registrations are hosted on a separate computer, and new data is hand-carried to the main database on a thumb drive.

The database does have a vulnerability: Some 300 workers in the state’s 55 county clerk’s offices regularly log in to it to update local registrants’ information. Passwords pilfered from those offices could provide a hostile power with an avenue to change or destroy voters’ information. But there, too, security has been tightened. The county clerks regularly meet by phone for briefings on cybersecurity issues like password management.

Last year Mr. Warner participated in cyberwar games — a simulated attack on an American election by a hostile power — staged by the Defending Digital Democracy project at the Harvard University Belfer Center for Science and International Affairs. Mr. Warner was so impressed, he said, that he asked the head of West Virginia’s county clerks’ association to attend a reprise of the exercise.

The war games, he said, taught him that even the most secure election system will be attacked and perhaps even cracked — and that “speed of recovery” is the key to keeping voters’ confidence in the results high.

“It gave me a comfort level as a new secretary of state that, yes, we’re going to be attacked, and when it happens, don’t freak,” he said. “You have to have your detection capabilities up to know when it happens. And when it does, close it down.”

In Other News

fake money

Keywords clouds text link

 máy sấy   thịt bò mỹ  thành lập doanh nghiệp
Visunhomegương trang trí  nội thất  cửa kính cường lực   lắp camera Song Phát thiết kế nhà 

Our PBN System:  thiết kế nhà xưởng thiết kế nội thất thiết kế nhà tem chống giả ban nhạ  ốp lưngGiường ngủ triệu gia  Ku bet ku casino buy fake money máy sấy buồn sấy lạnh

mặt nạ  mặt nạ ngủ  Mặt nạ môi mặt nạ bùn mặt nạ kem mặt nạ bột mặt nạ tẩy tế bào chết  mặt nạ đất sét mặt nạ giấy mặt nạ dưỡng mặt nạ đắp mặt  mặt nạ trị mụn
mặt nạ tế bào gốc mặt nạ trị nám tem chống giả  công ty tổ chức sự kiện tổ chức sự kiện
Ku bet ku casino
Sâm tươi hàn quốc trần thạch cao trần thạch cao đẹp

suất ăn công nghiệpcung cấp suất ăn công nghiệp

© 2020 US News. All Rights Reserved.