“We are very concerned about attempts to cause confusion,” one Department of Homeland Security official said. The official pointed out that it’s important to separate concerns over manipulating the official vote count — which they see as unlikely if not impossible — from the threat to cause confusion.
“This kind of ecosystem around the election has made some of these pieces of election infrastructure a target,” said the official.
How does this threat stack up to previous elections? “The threat level has grown and the technology has not,” said another official.
Officials aren’t worried about the actual outcome of the election being changed because voting machines themselves are disconnected from the Internet. So DHS is focusing on the vulnerability of state websites and other “internet-facing” systems.
“What we do have concern is the ability to potentially cause confusion,” an official reiterated.
For example, there could be confusion if people show up to the polls and their name isn’t on the voter rolls. Those voters could potentially cast a provisional ballot, but it could cause confusion and undermine confidence in the system.
DHS officials are now working to make sure secretary of state websites are patching vulnerabilities, because that’s where a lot of unofficial election night reporting gets publicized (and where unofficial election night reporting could theoretically get altered, sowing more confusion).
DHS previously said that 46 states had asked for help, but now says that it is “in conversations with all 50 states” as well as many localities.
Tools that DHS can office states, include, an automated tool to scan Internet-facing election systems, like websites or voter registration databases, as well ason-the-ground assistance to help state and locals test internal systems, if needed.
Officials acknowledged, as ABC first reported, that private election vendors have been targetsof cyber intrusions.
The officials said that only two states had successfully been breached. Authorities have previously admitted that Illinois and Arizona had their systems compromised.
When ABC asked if that assessment of successful intrusions included breaches of voter-related info through private vendors, one official said, “No” – essentially acknowledging that private vendors with voter-related info may have been hacked.
DHS said they have had conversations with vendors, in coordination with the FBI, to talk to vendors. Many vendors operate systems that states need to conduct their elections.
“The states own the systems, but the vendor is actually providing the security,” one official said.
“We also wanted to make sure we were connected to vendors, to make sure information is being share with all relevant parties,” an official said.
DHS says information sharing is key. Here’s how it happened with Arizona and Illinois, and how official say it should continue to happen: DHS learns that there is an intrusion, then they get the technical information from the state, then they share it with the Multi-State Information Analysis Sharing Center, which in turn gets the threat information out to all of the states.
“The states then are able to learn from that and are better able to protect their systems,” an official said.
DHS is also looking at this issue beyond the Nov. 8 election to ensure that cyber security is built into vendors systems.
“We are thinking about how to make this a long-term program, working with election officials to do that and a part of that is working vendors,” said one official.