Cybertraining Election Officials For This Year's Voting Varying levels of preparedness were on display at an Orlando meeting between Florida election officials and staffers from the U.S. Election Assistance Commission.
NPR logo

Cybertraining Election Officials For This Year's Voting

  • Download
  • <iframe src="https://www.npr.org/player/embed/582652050/582968767" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Cybertraining Election Officials For This Year's Voting

Cybertraining Election Officials For This Year's Voting

  • Download
  • <iframe src="https://www.npr.org/player/embed/582652050/582968767" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

SCOTT SIMON, HOST:

And elsewhere on the show, we're going to talk to a veteran of the CIA who argues the memo's release damages the intelligence community. The director of the CIA, Mike Pompeo, warned this week the Russians will likely try to interfere in this year's elections like they did in 2016. U.S. officials have been taking steps to guard against an attack.

But as NPR's Pam Fessler reports, security gaps remain. She has an exclusive look at one session aimed at closing those gaps.

PAM FESSLER, BYLINE: If any group knows how easily voting can be disrupted, it's election supervisors in the state of Florida, which is why several dozen of them gathered in Orlando recently to figure out how best to deal with the latest threat. It's no longer butterfly ballots and hanging chads, like those that upended the 2000 presidential race, or even a lone troublemaker. Wesley Wilcox, who runs elections in Marion County, says the danger's grown much larger.

WESLEY WILCOX: You know, it's no longer the teenager in his basement eating Cheetos that's trying to get into my system. There are now nation-states that are in a coordinated effort, trying to do something.

FESSLER: In fact, Florida was among at least 21 states that intelligence agencies say had their election systems probed by Russian hackers in 2016. There's no evidence that any votes were changed, but everyone here is hyper-aware that they're now on the front lines of a very serious international conflict.

MATT MASTERSON: The reality is all of us are going to be impacted at some point in time by a cyber incident - all of us.

FESSLER: Matt Masterson is chairman of the U.S. Election Assistance Commission, a federal agency that's working with states and localities to beef up security. Just to make sure everyone here is sufficiently alarmed, he displays a news article about hackers targeting nuclear facilities.

MASTERSON: I share this because you're now in good company. As part of the nation's critical infrastructure, you're now in a group with nuclear facilities.

FESSLER: Which means more security help from the federal government. But it also means their jobs are far more complex. Elections have become increasingly computerized since 2000, with electronic voting machines, vote tabulators, online registration systems. And that new technology means new risks. Ryan Macias of the Election Assistance Commission has a long list.

RYAN MACIAS: So we have denial of service, which is a disruption attack - your website going down.

FESSLER: He says even if hackers don't change any actual votes, they can shake the public's confidence. There are also concerns about vendors and contractors. How do they transmit information like electronic ballots to election offices? Are their systems secure? What about temp workers? Have they been screened?

MACIAS: You have ransomware. What happens if somebody, you know, takes your data - takes your election night reporting data - and holds it ransom on election night? What are you going to do? How are you going to recover from that? What are your backup processes?

UNIDENTIFIED MAN #1: So we just got - WannaCry just hit us, right? Let's say that's the incident.

FESSLER: And that's what these election officials and IT workers try to figure out as they break into smaller groups and are asked to deal with some hypothetical hacks.

UNIDENTIFIED MAN #2: Well, WannaCry erases everything, so it came up with a no operating system found.

FESSLER: They have to decide if any systems need to be shut down, who has to be called first and if law enforcement should be told.

UNIDENTIFIED MAN #3: We are required to report it to Department of State, right? And then I believe that they would probably take it from there.

UNIDENTIFIED MAN #4: So they're also a stakeholder, then, as well.

FESSLER: Another challenge these officials face is what to do if an election worker mistakenly opens a malicious email.

UNIDENTIFIED MAN #5: All right. So it appears one of our employees has been successfully phished.

FESSLER: It's something everyone here is familiar with. According to a leaked intelligence report, Russian hackers posing as a Florida vendor tried to get election workers to open email attachments containing malicious software. So far, there's no evidence anyone did. It's clear that a lot of people here already have protections in place. But some counties are extremely small with no IT staffs of their own. Dana Southerland runs elections in Taylor County, which has only 13,000 voters. She says she picked up some useful tips.

DANA SOUTHERLAND: It's not always opening something and trying to respond to it but making sure that it's not a phishing email or something like that. I had no idea what that was until we started having some of these workshops. But I think just general office practices like changing passwords - you know, just general basic things.

FESSLER: She says perhaps the most important message is that no one, no matter how small, is immune from attack, and they have to be ready.

Pam Fessler, NPR News.

Copyright © 2018 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.