National Security

Protecting Our Votes Means Strengthening Cybersecurity

July 16, 2018  • Kim Wyman

Kim Wyman is Washington’s 15th secretary of state. First elected in 2012, she is serving her second term and is only the second female secretary of state in Washington’s history. Prior to being elected to this office, Kim served as Thurston County elections director for nearly a decade. She will be speaking at the Aspen Security Forum.

The months and years since the 2016 presidential election have fundamentally changed how we in the Washington Secretary of State’s office view and handle elections security.

During that election cycle, our state was one of the 21 where Russian hackers tried to breach elections networks. Thankfully, our security system worked. The hackers scanned our public-facing websites but didn’t get in. The network firewall held, the hackers’ IP addresses were blacklisted, and no further attacks occurred.

But that’s no guarantee the same defenses will work the next time. Unfortunately, the state of world politics is such that we have to prepare as if there will be a next time we’re attacked. We’re preparing with the mindset that the next hacks will be sharper, better-resourced, and more persistent.

The integrity of our democratic process depends on people having faith that elections are fair, secure, and trustworthy.

In Washington, we have an election system that’s generally regarded as fundamentally fairly secure. We’re a vote-by-mail state, so paper ballots exist for every voter. If we believe our results tabulations have been manipulated, we can bring out the ballots and count them again.

That doesn’t make us bulletproof, however. We are continually working to identify our system’s potential points of vulnerability and shore those up.

One of those is curtailing, as much as possible, our elections’ reliance on email. Under our current system, overseas military voters and nonmilitary voters can email in their ballots. With the number of ways emails can be used to inject viruses and other intrusion software into a network, the risk there is too great to justify not looking for a better solution.

Another potential weakness is the array of vulnerabilities of the structure of our present elections and registration network. More than a decade ago, it was set up so that each county maintains its own list of active, registered voters. This has left us struggling to develop a centrally-orchestrated way to synchronize voter rolls, prepare for disaster recovery, and maintain uniform security protocols. We’re addressing that through a new network infrastructure that will give us, for the first time, a true statewide software system where all 39 counties’ elections are coordinated, and risk-monitored, in real-time through the Office of Secretary of State.

The biggest change, though, is how we’ve partnered with outside agencies to buttress our elections security measures.

Through partnerships with the Department of Homeland Security and the Washington National Guard, our office is tapping the expertise of experts in existential threats who can help us with scenario planning, network vulnerability scans, and other advanced cybersecurity techniques. A nearly $8 million federal grant we received this spring will further help us by expanding our IT team to add cybersecurity expertise. And I and our Elections Director have also received security clearances to be able to work with high-level federal officials to improve our system’s defenses.

It might be impossible to design an invulnerable system, but we’re trying to give Washington elections as much security as is humanly possible. Our voters deserve nothing less. The integrity of our democratic process depends on people having faith that elections are fair, secure, and trustworthy. That’s my mandate and my mission.

The views and opinions of the author are her own and do not necessarily reflect those of the Aspen Institute. 

World Affairs
How New Technology Can Upend a Government
July 12, 2018 • Emefa Agawu