2016 Targeting of Illinois State Election Board Foretells Greater Breach Danger in 2018 Election

The United States election system is one of the most unique in the world: we have an electoral college instead of election by popular vote, and our federal elections are administered by the states instead of by a national entity or election board.

These practices are intended to ensure the legitimacy of our federal elections and protect state sovereignty. However, the lack of centralized rules for each state administering elections creates new concerns and complications in a cyber era.

Yet the Help America Vote Act (HAVA) passed by Congress in 2002 requires state election boards to maintain a centralized voter registration database, a perfect target for bad actors who seek to exploit voter data.

Cybersecurity has come front-and-center after the 2016 election, where meddling by foreign and domestic interests is now a foregone conclusion. And there is mounting concern that the 2018 midterms could result in more cyber assaults on election systems than in 2016.

In this article, we’ll focus on one particular state that was targeted in 2016, look at the consequences of those attacks, and extract learnings for state, county, and city election boards to better secure the 2018 midterm elections, and beyond.

The Breach

On July 12, 2016, the Illinois State Board of Elections discovered that hackers had entered its voter registration system during the primary season of the 2016 U.S. election.

In an April 8, 2018 feature by 60 Minutes (updated August 14, 2018), Steve Sandvoss, executive director of the Illinois State Board of Elections, recalled how hackers entered the system through a weak security point on their voter registration website.

The breach went unnoticed for three weeks, creating an open gateway to 7.5 million files of voter information.

The Scramble

The IT Department finally noticed the breach when hackers began gathering large amounts of data, causing the system to significantly slow. By then, the hackers had collected sensitive data of between 76,000 and 500,000 voters, including names, addresses, sex, birthdates, and in some cases, social security numbers.

The IT Department’s best attempts at technical remediation were no match for the hacking intelligence of the attackers. Illinois state officials alerted the FBI, resulting in a national investigation of breached data at election boards and the Department of Homeland Security quickly initiated expert help to scan for vulnerabilities in state voting systems.

In addition, the FBI Cyber Division released an official statement warning of meddling actors and the IP addresses linked to the Illinois attack. These pursuits aimed to halt the intrusions in a timely manner as general elections were only months away.

In the months following the attack, investigations traced the IP addresses used in the attacks to Russia. The timeline and aftermath of the Illinois attack is well-documented by NPR.

Nationwide Meddling

Help from the FBI and DHS did not address the fear imposed on American voters as it was later determined that Russian hackers interfered with 21 states.

Federal agencies struggled over the following months to draft a response plan and to secure the voting process from further breach while also maintaining American confidence in the integrity of our democracy.

The problem stemmed from a lack of funds and technology being used at county election boards. More than anything, the hackers aimed to gather sensitive data and to create chaos at the polls that would affect the upcoming November election and erode the trust that Americans place in election boards and the voting system.

Consequences of the Breach

According to The Washington Post, the U.S. intelligence community concluded that a major goal of Russia’s campaign to interfere in the 2016 presidential election through cyberattacks was to undermine public faith in the U.S. democratic process. By that count, election officials say, they’re already succeeding in the 2018 election cycle.

Matt Dietrich, public information officer for the Illinois State Board of Elections, told The Washington Post that his office has had to address new layers of confusion with voters.

“It’s not an issue of outside agitators trying to steal and change votes and throw elections. It’s a matter of them trying to get into voter registration systems and wreak some havoc,” Dietrich said.

There are potential monetary consequences as well. The city of Atlanta was hit with a cyber attack in March 2018 that essentially shut it down for almost a week. According to the Atlanta Journal-Constitution, it will cost as much as $17 million, including a major technology modernization effort to strengthen the city’s security posture.

What’s at Stake

Following the Russian meddling in the 2016 elections, election boards around the country are finally prioritizing the security of voters, voter information, and the democracy of the voting system amid issues such as lack of funds and resources.

In the crosshairs is the often-challenging relationship between states, which administer the elections, and the federal government, which is often encouraged to keep its distance. According to the Washington Post, “when the Obama administration decided to designate election systems part of the country’s ‘critical infrastructure’ in 2015, many balked at the move and argued it was federal overreach.”

However, that tricky balance appears to be stabilizing for the common good.

When asked if he is getting the help he needs from the federal government, Illinois’ Sandvoss replied,

“We’ve received assistance from the Department of Homeland Security. With respect to funding, Congress recently appropriated approximately $380 million to the states. Illinois received about $13.2 million. It’s a start, but we feel that cybersecurity is going to be an ongoing thing. So we’re hoping that more funds will be forthcoming in the years ahead.”

New reports have emerged citing Russian interference as this year’s November general elections approach. For example, according to a Vox article, Senator Claire McCaskill has been targeted through malicious emails sent to her campaign staff.

It’s Time to Secure the Vote

We have already seen that breaches can cause enough damage to affect an entire nation, and it’s an ongoing threat that’s continuing in 2018, perhaps to a greater extent. The Trump administration recently acknowledged that Russian hackers attempted to interfere with the 2016 election and that they are still trying to influence and disrupt the midterm elections, according to the New York Times.

In order to protect against past and current threats, election boards must modernize cyber defenses through a Zero Trust approach. The Zero Trust Security framework secures the primary attack vector: identity. This model recognizes the harm in weak credentials and the opportunity to abuse privileged accounts.

Centrify Zero Trust Security verifies every user, validates their devices, and limits access and privilege, while learning and adapting to risky user behavior. The end result is Zero Trust Security through the power of Next-Gen Access.

Centrify is Here to Help

With 2018 elections around the corner, state election boards and candidates must remain alert to hacking techniques and be vigilant on cybersecurity efforts. To assist in the problem, Centrify is offering its Identity and Access Management solutions portfolio to U.S. state and county election boards and officials at a deep discount for the remainder of the 2018 elections.

To learn more, visit www.SecureThe.Vote.