NOWCAST WDSU News at 10pm
Watch on Demand
Advertisement

Investigation: Gaps remain in election security 4 months before midterms

An investigation reveals what isn't being done to protect your vote
By Mark Albert, Chief National Investigative Correspondent
Investigation: Gaps remain in election security 4 months before midterms

An investigation reveals what isn't being done to protect your vote

Advertisement
Investigation: Gaps remain in election security 4 months before midterms

An investigation reveals what isn't being done to protect your vote
By Mark Albert, Chief National Investigative Correspondent
With the crucial midterm elections less than four months away, an investigation by the Hearst Television National Investigative Unit has found gaps remain in state and federal preparedness. The potential risks span from voting machines to cyber defenses to information sharing between the federal government and state elections officials.Russian hackers stole the personal information of more than half a million U.S. voters in the 2016 election, the Department of Justice alleged Friday. Hours later, the Director of National Intelligence, Dan Coats, said at the Hudson Institute in Washington, D.C, that "the warning lights are blinking red" for another cyber assault and that, “today, the digital infrastructure that serves this country is literally under attack.”"We assume Russia's campaign targeted all 50 states” in the 2016 election, Department of Homeland Security Secretary Kirstjen Nielsen told a gathering of top elections officials from across the country Saturday in Philadelphia (below), warning of the ongoing threat.Tom Hicks, the chairman of the U.S. Election Assistance Commission – the only federal agency focused on elections full time – told Chief National Investigative Correspondent Mark Albert in an interview (below) that he does think states are doing enough to take the cyber threat seriously."So when Election Day happens, I hope that all states are prepared,” Hicks said. Tom Hicks, chairman of the U.S. Election Assistance Commission. Interview conducted by Chief National Investigative Correspondent Mark Albert on July 12, 2018, at the Election Data Summit in Philadelphia.His agency just handed out $380 million to states to strengthen their voting systems. But nearly 70 percent of the states waited more than two months to ask for the money, a Hearst Television review of EAC data found. Now that the last state, Maine, requested it Friday, July 13, there's no requirement they spend it to protect November's midterm elections. Under the rules passed by Congress, states “have five years to use that money,” Hicks explained. When asked whether he would advise states to spend the grants sooner, Hicks replied: “Exactly.” There have also been other missed opportunities for urgent fixes to the election security infrastructure. As of July 13, just 18 of the 50 states have asked DHS for free "risk and vulnerability" cyber assessments. States could also choose to hire private companies or do it in-house. And only about half of state elections officials eligible for permanent security clearances from the federal government have them. They need that clearance to receive ongoing classified information about threats. When questioned about the lack of security clearances so close to the elections, EAC Chairman Hicks said the approvals at DHS “take time to get through.” But then he had a stunning revelation. “So, for instance, my security clearance has not come through. I've requested it, but we're working to make sure that it's done correctly,” Hicks revealed. When asked if it was a "problem” that the chairman of the Election Assistance Commission didn’t have a permanent security clearance to review election-related intelligence, Hicks responded, “Well, we're working on correcting that problem." Vermont Secretary of State Jim Condos was blunt when asked about Hicks’ lack of a permanent clearance. See the full interview with Condos, below.Jim Condos, president of the National Association of Secretaries of State and the Secretary of State of Vermont. Interview conducted by Chief National Investigative Correspondent Mark Albert on July 14, 2018 at the NASS summer conference in Philadelphia."That's a problem,” he told Albert during an interview at the summer conference of the National Association of Secretaries of State in Philadelphia this past weekend, where Condos became the organization’s president.Condos pointed to a chart (below) to show the scale and scope of the ongoing cyber attacks on his department’s own systems. This chart shows the average daily attacks against the web systems of the office of the Vermont Secretary of State, the chief elections official in the state. Of the 2,000,000 average daily connection attempts, the office estimates 800,000 of them — 40% — are potentially malicious. "We're getting upwards of 2 million hits a day. Approximately 800,000 of those, we suspect, are unauthorized attacks… In fact, it shocked me,” Condos said.And that's just for Vermont. DHS told 21 states hackers probed or attacked their election systems in 2016. This year, a dozen states have at least one precinct that uses electronic voting machines that do not leave a paper copy of cast ballots, making it impossible to recreate a tally with paper if someone tampers with a machine. That led Democrats on the Committee on House Administration to label those states and six more as the "most vulnerable" in the nation. The map below illustrates the vulnerability of each state. See where your state stands.PHNjcmlwdCBpZD0iaW5mb2dyYW1fMF84NmI3ZGJlNy1lOWNjLTQ0M2YtYWZiMC0yZjk4MDA3YWRmYTAiIHRpdGxlPSIyMDE4IEVsZWN0aW9uIFNlY3VyaXR5IEdyYW50IFN1Ym1pc3Npb24gVHJhY2tlciIgc3JjPSJodHRwczovL2UuaW5mb2dyYW0uY29tL2pzL2Rpc3QvZW1iZWQuanM/Y1NtIiB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPjwvc2NyaXB0PjxkaXYgc3R5bGU9InBhZGRpbmc6OHB4IDA7Zm9udC1mYW1pbHk6QXJpYWwhaW1wb3J0YW50O2ZvbnQtc2l6ZToxM3B4IWltcG9ydGFudDtsaW5lLWhlaWdodDoxNXB4IWltcG9ydGFudDt0ZXh0LWFsaWduOmNlbnRlcjtib3JkZXItdG9wOjFweCBzb2xpZCAjZGFkYWRhO21hcmdpbjowIDMwcHgiPjxhIGhyZWY9Imh0dHBzOi8vaW5mb2dyYW0uY29tLzg2YjdkYmU3LWU5Y2MtNDQzZi1hZmIwLTJmOTgwMDdhZGZhMCIgc3R5bGU9ImNvbG9yOiM5ODk4OTghaW1wb3J0YW50O3RleHQtZGVjb3JhdGlvbjpub25lIWltcG9ydGFudDsiIHRhcmdldD0iX2JsYW5rIj4yMDE4IEVsZWN0aW9uIFNlY3VyaXR5IEdyYW50IFN1Ym1pc3Npb24gVHJhY2tlcjwvYT48YnI+PGEgaHJlZj0iaHR0cHM6Ly9pbmZvZ3JhbS5jb20iIHN0eWxlPSJjb2xvcjojOTg5ODk4IWltcG9ydGFudDt0ZXh0LWRlY29yYXRpb246bm9uZSFpbXBvcnRhbnQ7IiB0YXJnZXQ9Il9ibGFuayIgcmVsPSJub2ZvbGxvdyI+SW5mb2dyYW08L2E+PC9kaXY+Still relying on paperless machines worries NASS president Condos, whom Albert asked if he believed states that use voting equipment that does not keep a paper record of every cast ballot should change their election machines. “We think going back to paper is necessary to protect the integrity of our elections,” Condos responded. One estimate found replacing all paperless machines and fully securing elections would cost $1.4 billion. The White House just nominated a third commissioner, former Virginia elections chief Donald Palmer (left), but a hearing in Congress has not yet been scheduled.A bill in Congress that may help, the Secure Elections Act, introduced by Sens. James Lankford, R-Okla., and Amy Klobuchar, D-Minn., has bipartisan support but has not yet been given a floor vote.Updating 11-year-old guidelines at Chairman Hicks' Election Assistance Commission would cost far less than that. But the only federal agency focused full-time on elections has just two of its four commissioners, so it can't pass any new policy to protect the vote. "The fact that there is no quorum, I think, is unacceptable,” Condos told Hearst Television Investigates.Even with the threat of cyber intrusions still high, the White House eliminated its top cyber coordinator position in May. Have a story tip for the Hearst Television National Investigative Unit? Send it to us at investigate@hearst.comApp Users: To listen to the podcast, tap here.Additional Resources:Most Vulnerable States: Report by the Committee of House Administration - Democratic Office: July 12, 20182018 Election Security Grants: U.S. Election Assistance CommissionREAD: Department of Justice indictment against 12 Russian military officers for allegedly interfering in 2016 U.S. Elections: July 13, 2018READ: Securing Elections from Foreign Interference: Brennan Center for JusticeREAD: America’s Voting Machines at Risk: Brennan Center for JusticeREAD: Secure Elections Act as introduced in the U.S. Senate; hearing June 20, 2018WATCH: Election Security hearing- State and Local Perspective: Senate Rules Committee: June 20, 2018WATCH: Election Security hearing- Federal and Vendor Perspective: Senate Rules Committee: July 11, 2018WATCH: Election Security hearing House Homeland Security Committee: July 11, 2018

With the crucial midterm elections less than four months away, an investigation by the Hearst Television National Investigative Unit has found gaps remain in state and federal preparedness. The potential risks span from voting machines to cyber defenses to information sharing between the federal government and state elections officials.

Advertisement

Related Content

Russian hackers stole the personal information of more than half a million U.S. voters in the 2016 election, the Department of Justice alleged Friday. Hours later, the Director of National Intelligence, Dan Coats, said at the Hudson Institute in Washington, D.C, that "the warning lights are blinking red" for another cyber assault and that, “today, the digital infrastructure that serves this country is literally under attack.”

"We assume Russia's campaign targeted all 50 states” in the 2016 election, Department of Homeland Security Secretary Kirstjen Nielsen told a gathering of top elections officials from across the country Saturday in Philadelphia (below), warning of the ongoing threat.

DHS Sec. Kristjen Nielsen 
Mark Albert
DHS Sec. Kristjen Nielsen in Philadelphia, July 14, 2018.

Tom Hicks, the chairman of the U.S. Election Assistance Commission – the only federal agency focused on elections full time – told Chief National Investigative Correspondent Mark Albert in an interview (below) that he does think states are doing enough to take the cyber threat seriously.

"So when Election Day happens, I hope that all states are prepared,” Hicks said.

Tom Hicks, chairman of the U.S. Election Assistance Commission. Interview conducted by Chief National Investigative Correspondent Mark Albert on July 12, 2018, at the Election Data Summit in Philadelphia.

His agency just handed out $380 million to states to strengthen their voting systems. But nearly 70 percent of the states waited more than two months to ask for the money, a Hearst Television review of EAC data found. Now that the last state, Maine, requested it Friday, July 13, there's no requirement they spend it to protect November's midterm elections.

Under the rules passed by Congress, states “have five years to use that money,” Hicks explained. When asked whether he would advise states to spend the grants sooner, Hicks replied: “Exactly.”

There have also been other missed opportunities for urgent fixes to the election security infrastructure.

As of July 13, just 18 of the 50 states have asked DHS for free "risk and vulnerability" cyber assessments. States could also choose to hire private companies or do it in-house.

And only about half of state elections officials eligible for permanent security clearances from the federal government have them. They need that clearance to receive ongoing classified information about threats.

When questioned about the lack of security clearances so close to the elections, EAC Chairman Hicks said the approvals at DHS “take time to get through.”

But then he had a stunning revelation.

“So, for instance, my security clearance has not come through. I've requested it, but we're working to make sure that it's done correctly,” Hicks revealed.

When asked if it was a "problem” that the chairman of the Election Assistance Commission didn’t have a permanent security clearance to review election-related intelligence, Hicks responded, “Well, we're working on correcting that problem."

Vermont Secretary of State Jim Condos was blunt when asked about Hicks’ lack of a permanent clearance. See the full interview with Condos, below.

Jim Condos, president of the National Association of Secretaries of State and the Secretary of State of Vermont. Interview conducted by Chief National Investigative Correspondent Mark Albert on July 14, 2018 at the NASS summer conference in Philadelphia.

"That's a problem,” he told Albert during an interview at the summer conference of the National Association of Secretaries of State in Philadelphia this past weekend, where Condos became the organization’s president.

Condos pointed to a chart (below) to show the scale and scope of the ongoing cyber attacks on his department’s own systems.

This chart shows the average daily attacks against the web systems of the office of the Vermont Secretary of State, the chief elections official in the state. Of the 2,000,000 average daily connection attempts, the office estimates 800,000 of them — 40% — are potentially malicious.

"We're getting upwards of 2 million hits a day. Approximately 800,000 of those, we suspect, are unauthorized [malicious] attacks… In fact, it shocked me,” Condos said.

And that's just for Vermont.

DHS told 21 states hackers probed or attacked their election systems in 2016.

This year, a dozen states have at least one precinct that uses electronic voting machines that do not leave a paper copy of cast ballots, making it impossible to recreate a tally with paper if someone tampers with a machine.

That led Democrats on the Committee on House Administration to label those states and six more as the "most vulnerable" in the nation. The map below illustrates the vulnerability of each state. See where your state stands.

Still relying on paperless machines worries NASS president Condos, whom Albert asked if he believed states that use voting equipment that does not keep a paper record of every cast ballot should change their election machines.

“We think going back to paper is necessary to protect the integrity of our elections,” Condos responded.

One estimate found replacing all paperless machines and fully securing elections would cost $1.4 billion.

Donald Palmer
Courtesy: Bipartisan Policy Center
Donald Palmer

The White House just nominated a third commissioner, former Virginia elections chief Donald Palmer (left), but a hearing in Congress has not yet been scheduled.

A bill in Congress that may help, the Secure Elections Act, introduced by Sens. James Lankford, R-Okla., and Amy Klobuchar, D-Minn., has bipartisan support but has not yet been given a floor vote.

Updating 11-year-old guidelines at Chairman Hicks' Election Assistance Commission would cost far less than that. But the only federal agency focused full-time on elections has just two of its four commissioners, so it can't pass any new policy to protect the vote.

"The fact that there is no quorum, I think, is unacceptable,” Condos told Hearst Television Investigates.

Even with the threat of cyber intrusions still high, the White House eliminated its top cyber coordinator position in May.

Have a story tip for the Hearst Television National Investigative Unit? Send it to us at investigate@hearst.com

App Users: To listen to the podcast, tap here.

Additional Resources:

Top Picks

Rare find: Father-son lobstermen pull calico lobster from Maine waters
What is the 'American Community Survey' and is it legit?
Clint Eastwood's former California home on sale for $21 million
Meet the Navy veteran skydiving for his 91st birthday