RALEIGH/WASHINGTON, D.C. – Staff at the North Carolina State Board of Elections & Ethics Enforcement (NCSBE) are working on a plan to make the best use out of money from the fed to protect the 2018 elections from hackers.
As early as next week, N.C. will get approximately $11 million out of a total of $380 million from the Department of Homeland Security to ensure that hackers are unable to tinker with the 2018 midterms. That includes a requirement that the state spend five percent, or $518,662, to get the fed’s $10,373,237. The money was earmarked for states’ election security in Help America Vote Act (HAVA) in the Omnibus Appropriations Act of 2018, signed by President Donald Trump in March.
So far, the NCSBE says much of the HAVA funding will go toward the State Board’s ongoing modernization of the Statewide Elections Information Management System, known as SEIMS. The electronic system is used by the State Board and the 100 county boards for tasks like voter registration, candidate filing, voting site management, and election night reporting.
The largest IT project conducted by the State Board in nearly two decades, administrators say it means real improvements to election security and better functionality on election day. The NCSBE says that the project involves moving SEIMS to a cloud-based platform, rather than the decentralized 100-county infrastructure in use today. A formal report on expenditure plans is scheduled to be released in June.
There are requirements attached to the federal money, including rules that states can only replace electronic voting equipment with ones that use a paper record. Most North Carolina counties already use paper ballots and those that don’t use touch-screen machines, which provide a verifiable paper trail.
Because of the restrictions, the State Board staff says that new voting machines would not give them the most bang for this one-time buck and they are asking the N.C. General Assembly to help counties buy updated voting machines. Instead, the money is most likely to go toward new personnel with cyber security expertise, improving the security of servers at the county level, and implementing changes recommended by the U.S. Department of Homeland Security.
DHS Secretary Kirstjen Nielsen briefed about 50 members of Congress on Tuesday, advising them to take the cyber threats against the 2018 midterms very seriously. She, along with the heads of FBI and the director of National Intelligence, said states and cities overseeing elections need to be prepared for threats.
“We see them continuing to conduct foreign influence campaigns,” Nielsen said of Russian hackers, but added there is no evidence of Russia targeting specific races. She also said DHS is watching other countries that have the capability to influence U.S. elections, including China and Iran. “We need to be prepared,” she said.
Representative Michael McCaul (R-TX), who chairs the House Homeland Security Committee, said after the briefing that members are concerned that “not only Russia but possibly other foreign adversaries are now going to start looking at how they can meddle in the midterm elections and we need to be prepared. We were caught off guard last time.”
U.S. intelligence agencies have concluded that Russian leadership at a very high level was involved in the attempt to interfere in the U.S. election in order to boost President Donald Trump’s candidacy.
Russia has denied interfering in U.S. elections.
However, a May 8, 2018 U.S. Senate report said that in 2016 “cyber actors affiliated with the Russian Government conducted an unprecedented, coordinated cyber campaign against state election infrastructure.” Russian actors “scanned databases for vulnerabilities, attempted intrusions, and in a small number of cases successfully penetrated a voter registration database.”
The report said in 21 states, N.C. not among them, “these cyber actors were in a position to, at a minimum, alter or delete voter registration data.”
Of those states, DHS says only a small number of networks were compromised, and there remains no evidence any votes were actually altered.
Chris Krebs, a senior DHS cybersecurity official, said on Tuesday that DHS is advising states on how to “increase awareness” and have a “layered defense.”
“If a voter’s information was missing, for example, they could request a provisional ballot. “If we do detect something, we can overcome it,” he said.
The NCSBE says they are ready to work with DHS and counties to ensure a secure and smooth midterm election on November 8.
“State Board staff understand the well-documented and growing need to secure our elections from external threats,” the NCSBE said it a statement.