A majority of U.S. states has adopted technology that allows the federal government to see inside state computer systems managing voter data or voting devices in order to root out hackers.
Two years after Russian hackers breached voter registration databases in Illinois and Arizona, most states have begun using the government-approved equipment, according to three sources with knowledge of the deployment. Voter registration databases are used to verify the identity of voters when they visit polling stations.
The rapid adoption of the so-called Albert sensors, a $5,000 piece of hardware developed by the Center for Internet Security, illustrates the broad concern shared by state government officials ahead of the 2018 midterm elections, government cybersecurity experts told Reuters.
CIS is a nonprofit organization based in East Greenbush, N.Y., that helps governments, businesses and organization fight computer intrusions.
“We’ve recently added Albert sensors to our system because I believe voting systems have tremendous vulnerabilities that we need to plug; but also the voter registration systems are a concern,” said Neal Kelley, chief of elections for Orange County, California.
“That’s one of the things I lose sleep about: It’s what can we do to protect voter registration systems?”
As of August 7, 36 of 50 states had installed Albert at the “elections infrastructure level,”according to a Department of Homeland Security official. The official said that 74 individual sensors across 38 counties and other local government offices have been installed. Only 14 such sensors were installed before the U.S. presidential election in 2016.
“We have more than quadrupled the number of sensors on state and county networks since 2016, giving the election community as a whole far greater visibility into potential threats than we’ve ever had in the past,” said Matthew Masterson, a senior adviser on election security for DHS.
The 14 states that do not have a sensor installed ahead of the 2018 midterm elections have either opted for another solution, are planning to do so shortly or have refused the offer because of concerns about federal government overreach.
Those 14 states were not identified by officials.
But enough have installed them that cybersecurity experts can begin to track intrusions and share that information with all states. The technology directly feeds data about cyber incidents through a non-profit cyber intelligence data exchange and then to DHS.
“When you start to get dozens, hundreds of sensors, like we have now, you get real value,” said John Gilligan, the chief executive of CIS.
“As we move forward, there are new sensors that are being installed literally almost every day. Our collective objective is that all voter infrastructure in states has a sensor.”
Top U.S. intelligence officials have predicted that hackers working for foreign governments will target the 2018 and 2020 elections.
Maria Benson, a spokesperson for the National Association of Secretaries of States, said that in some cases installations have been delayed because of the time spent working out “technical and contractual arrangements.”
South Dakota and Wyoming are among the states without Albert fully deployed to protect election systems, a source with knowledge of the matter told Reuters.
The South Dakota Secretary of State’s office did not respond to a request for comment. The Wyoming Secretary of State’s office said it is currently considering expanding use of the sensors.