NOWCAST WDSU News at 10pm
Watch on Demand
Advertisement

Secretaries of state plead for more money for election security

Vulnerabilities still found in some websites
Mark Albert
Secretaries of state plead for more money for election security

Vulnerabilities still found in some websites

Advertisement
Secretaries of state plead for more money for election security

Vulnerabilities still found in some websites
Mark Albert
The nation’s chief elections officials are pleading for more money from the federal government to shore up the security of crucial voting systems before the presidential contest in 2020, even as such aid appears dead on arrival in the U.S. Senate. Interviews with 10 secretaries of state, conducted by the Hearst Television National Investigative Unit at the annual summer conference of the National Association of Secretaries of State held this year in Santa Fe, New Mexico, found unanimity across party lines. When asked whether their states needed more money for election security, one secretary after another answered in the affirmative. “Absolutely,” responded Pennsylvania Acting Secretary of State Kathy Boockvar, a Democrat. "Absolutely,” seconded Laurel Lee, Florida’s Secretary of State, a member of the Republican party. “Look, we absolutely need more money,” Democrat Alex Padilla, California’s secretary of state, said. "We can always use more money for election security,” said Mac Warner, a Republican who serves as secretary of state in West Virginia. But despite the landslide of bipartisan requests, $600 million in additional funding is stuck in the Senate after passing the House last month on a nearly party-line vote. Paul Pate is the president of the National Association of Secretaries of State and the secretary of state from Iowa, where up to a million times a day, he says, hackers probe for weaknesses. He showed a reporter a map of the globe, with streaks of light – representing attempted intrusions – coming from almost every continent, aiming straight for his state. “They're trying to penetrate the state of Iowa's government systems,” Pate explained. When asked if his state is under electronic attack every day, Pate responded: “Most certainly … We have to be on guard."Website vulnerabilities found But some states are apparently still being caught off-guard. Harri Hursti, a co-founder of the Hacking Village at the annual DEFCON hacking convention, which probes for vulnerabilities in voting machines, said his firm had analyzed scans of the websites of 12 secretaries of state the week before his interview with the National Investigative Unit. Eleven, he said, had some sort of vulnerability. His firm, Nordic Innovation Labs, was notifying secretaries of state offices across the country that very moment, he said. "This is not about embarrassing people; this is about helping, letting people know … The vulnerabilities will always re-occur. You have to be in a constant watch. "We have to put the real defenses and the real protections in place,” Hursti said. Hursti did not identify which states so as not to put them at further risk. He said only one state patched the problem immediately.DHS begins election equipment testing The Department of Homeland Security is probing, too, using “our top white-hat hackers” at Idaho National Labs to look for vulnerabilities in voting equipment, like how technicians hunt for weaknesses in the power grid and nuclear infrastructure. DHS leaders briefed the nation's top elections officials about it during the NASS gathering in Santa Fe. It’s the first time the government agency has directly tested voting equipment. Matt Masterson is in charge of the election security team at the new DHS Cybersecurity and Infrastructure Security Agency (CISA). “Helping to improve the security posture of those systems is incumbent on us helping to manage risk,” Masterson explained in an interview. He said the agency has seen “enthusiasm” from the private vendors that manufacture the vast majority of voting equipment in use across the U.S. to subject their proprietary products to DHS scrutiny. “To have our testers get their hands on it and provide these assessments, absolutely,” Masterson explained. The testing is for next-generation versions that will replace current models, not those in use right now in precincts across the country. Know of election security vulnerabilities? Send investigative tips to the National Investigative Unit at investigate@hearst.com.
SANTA FE, N.M. —

The nation’s chief elections officials are pleading for more money from the federal government to shore up the security of crucial voting systems before the presidential contest in 2020, even as such aid appears dead on arrival in the U.S. Senate.

Secretaries of state asking for more election security funds
Hearst Television
Secretaries of state from across the country interviewed by Hearst Television’s National Investigative Unit on July 1, 2019, at the National Association of Secretaries of State 2019 summer conference in Santa Fe, N.M.
Advertisement

Interviews with 10 secretaries of state, conducted by the Hearst Television National Investigative Unit at the annual summer conference of the National Association of Secretaries of State held this year in Santa Fe, New Mexico, found unanimity across party lines.

When asked whether their states needed more money for election security, one secretary after another answered in the affirmative.

“Absolutely,” responded Pennsylvania Acting Secretary of State Kathy Boockvar, a Democrat.

"Absolutely,” seconded Laurel Lee, Florida’s Secretary of State, a member of the Republican party.

“Look, we absolutely need more money,” Democrat Alex Padilla, California’s secretary of state, said.

"We can always use more money for election security,” said Mac Warner, a Republican who serves as secretary of state in West Virginia.

But despite the landslide of bipartisan requests, $600 million in additional funding is stuck in the Senate after passing the House last month on a nearly party-line vote.

600 million dollars
Hearst Television

Paul Pate is the president of the National Association of Secretaries of State and the secretary of state from Iowa, where up to a million times a day, he says, hackers probe for weaknesses.

He showed a reporter a map of the globe, with streaks of light – representing attempted intrusions – coming from almost every continent, aiming straight for his state.

“They're trying to penetrate the state of Iowa's government systems,” Pate explained.

When asked if his state is under electronic attack every day, Pate responded: “Most certainly … We have to be on guard."

Iowa CyberThreat Map
Iowa Secretary of State
This map shows the locations of origin of the up to one million attempted intrusions per day on state of Iowa government systems.

Website vulnerabilities found

But some states are apparently still being caught off-guard.

Harri Hursti, a co-founder of the Hacking Village at the annual DEFCON hacking convention, which probes for vulnerabilities in voting machines, said his firm had analyzed scans of the websites of 12 secretaries of state the week before his interview with the National Investigative Unit.

Eleven, he said, had some sort of vulnerability. His firm, Nordic Innovation Labs, was notifying secretaries of state offices across the country that very moment, he said.

"This is not about embarrassing people; this is about helping, letting people know … The vulnerabilities will always re-occur. You have to be in a constant watch.

"We have to put the real defenses and the real protections in place,” Hursti said.

Hursti did not identify which states so as not to put them at further risk.

He said only one state patched the problem immediately.

DHS begins election equipment testing

The Department of Homeland Security is probing, too, using “our top white-hat hackers” at Idaho National Labs to look for vulnerabilities in voting equipment, like how technicians hunt for weaknesses in the power grid and nuclear infrastructure.

DHS leaders briefed the nation's top elections officials about it during the NASS gathering in Santa Fe.

It’s the first time the government agency has directly tested voting equipment.

DHS NASS Briefing
Hearst Television
Officials from the Cybersecurity and Infrastructure Security Agency at DHS brief state elections officials on July 2, 2019, in Santa Fe, N.M., about vulnerability testing of private vendor election equipment.

Matt Masterson is in charge of the election security team at the new DHS Cybersecurity and Infrastructure Security Agency (CISA).

“Helping to improve the security posture of those systems is incumbent on us helping to manage risk,” Masterson explained in an interview.

He said the agency has seen “enthusiasm” from the private vendors that manufacture the vast majority of voting equipment in use across the U.S. to subject their proprietary products to DHS scrutiny.

“To have our testers get their hands on it and provide these assessments, absolutely,” Masterson explained.

The testing is for next-generation versions that will replace current models, not those in use right now in precincts across the country.

Know of election security vulnerabilities? Send investigative tips to the National Investigative Unit at investigate@hearst.com.

Top Picks

Rare find: Father-son lobstermen pull calico lobster from Maine waters
What is the 'American Community Survey' and is it legit?
Clint Eastwood's former California home on sale for $21 million
Meet the Navy veteran skydiving for his 91st birthday