Security at top of priority list for state’s election chief
LISBON — Cybersecurity ahead of the 2020 presidential election is at the forefront of the Ohio secretary of state’s agenda.
Republican Secretary of State Frank LaRose visited with county Board of Elections officials on Wednesday to give an update on the new security directive.
“I am confident that at the end of next January, when we say we have checked every box on this list and have accomplished every item on our to-do list, I will be able to say to the voters of Ohio and you will be able to say to the taxpayers of Columbiana County, we are the best prepared county and the best prepared state in the nation for the truly emerging cybersecurity threat that we face,” LaRose said.
Under LaRose’s directive, all county board of elections in the state are required to request a risk and vulnerability assessment, remote penetration testing, validated architectural design review and cyber threat hunt from the U.S. Department of Homeland Security by July 19.
The assessments and tests are designed to find vulnerabilities in network security and provide recommendations for improving security controls.
LaRose said the results will be confidential to the public, for security reasons.
In addition, county boards must also implement security upgrades that will be funded by the Help America Vote Act.
These upgrades includes having Albert intrusion detection devices installed, which will be provided by the Secretary of State’s office. The devices will provide security alerts to the county boards if there is a network intrusion.
“It’s like having a monitored alarm system on your house,” LaRose said. “If the building is on fire you don’t wait until Monday to call the fire department. If the bad man has access into your server, you don’t wait four hours or two hours, you need to address it because it spreads from there.”
Other required security upgrades for county boards include conducting annual training on cybersecurity and physical security, conducting criminal background checks of permanent board employees and vendors or contractors that provide services to the board of elections, and utilizing a domain-based email service that helps board staff identify whether an email is coming from a legitimate source in an effort to prevent email spoofing.
The security upgrades are expected to be in place by the end of January of next year in order to be ready for the 2020 election.
LaRose said another element of the upgrades is the role of board officials.
“We know there are those out there, both foreign and domestic, that want to spread misinformation. This is a proven fact. There are those that want to flood social media with rumors and conspiracy theories, that really result in making those voters out there not want to participate,” he said.
He said he would like to have a statewide board of elections open house day where the public is invited to come tour their local facilities and be educated on the election process, to see first-hand how the voting machines go through logic and accuracy testing and how poll workers are trained.
“The public confidence in elections is our responsibility. That will be more important over the next year and a half probably more than ever,” he said. “When people see all the work that goes into running elections I believe the result will be a higher public confidence.”