Security directive designed to protect voting process


By David J. Coehrs - dcoehrs@aimmediamidwest.com



Ohio Secretary of State Frank LaRose, left, sat down Aug. 28 with Fulton County Board of Elections Director Melanie Gilders, right, District 2 Senator Theresa Gavarone, and BOE staff members to discuss a security directive he issued this summer.

Ohio Secretary of State Frank LaRose, left, sat down Aug. 28 with Fulton County Board of Elections Director Melanie Gilders, right, District 2 Senator Theresa Gavarone, and BOE staff members to discuss a security directive he issued this summer.


David J. Coehrs | Swanton Enterprise

Ohio Secretary of State LaRose demonstrated voting equipment at the Fulton County Board of Elections.


David J. Coehrs | Swanton Enterprise

The reality of widespread computer hacking has prompted Ohio to issue a security directive intended to protect the voting process.

Secretary of State Frank LaRose explained Security Directive 2019-08 during a visit Wednesday to the Fulton County Board of Elections office in Wauseon. Accompanied by District 2 Senator Theresa Gavarone, LaRose said the initiative, introduced June 11 to significantly upgrade security measures at all state boards of elections, has a completion deadline of January 2020.

“It’s important that we protect the public confidence and the integrity of our election system from interference,” he said.

The upgrades, to be funded under the Help America Vote Act of 2002, include:

• Installation of intrusion detection devices at all state boards of elections and with election system vendors not currently using them;

• Assessment and training in areas of physical and cyber security;

• Criminal background checks of permanent boards of elections employees and any vendors or contractors performing sensitive work for the boards;

• Installation of a Security Information and Event Management Logging system, a “black box” allowing for the detection of and understanding the scope of an electronic intrusion;

• Utilization of a system permitting boards of elections to identify legitimate emails;

• A requirement to request, if necessary, cyber security-related assistance from the U.S. Department of Homeland Security (DHS), whose representatives perform on-site physical and cyber security checks and remote computer penetration checks

LaRose said that while no Ohio board of elections computer system has been successfully attacked, “the one consistent factor in every successful cyber attack that we’ve seen (elsewhere)….there has been a human mistake made.” He said either hackers breached a weak password or human error was caused by clicking on a questionable link or attachment.

Because of that risk, the county’s Board of Elections staff will be trained to act as human firewalls, learning how to spot a phishing attack, set a secure password, and maintain the system correctly, LaRose said.

Implemented through his office in conjunction with the DHS, the security directive pertains to every aspect of state boards of elections connected to the internet. Additionally, the state hopes to institute the Ohio Cyber Reserve, regional on-call task forces of cyber security experts who would respond to crises at boards of elections. The program would be the first in the nation.

LaRose said tampering of voting machines themselves is less a concern, since state law forbids connecting voting or tabulation machines to the internet.

“In order for someone to compromise the integrity of a machine, they’d have to physically put hands on it and be left alone to tinker with it,” he said. “The machines that collect your ballots are highly secure. The machines that tabulate results are highly secure.”

The machines are stored behind a double-locked door, and can only be accessed in the presence of members of both political parties. They are tested for logic and accuracy prior to each election.

LaRose emphasized that anything connected to the internet must be secured, since “the real dangerous part (of attacks) is that it would cause the general public to lose faith. They should know that they can trust the work that’s being done at their county board of elections.”

Fulton County BOE Director Melanie Gilders said Ohio is always a target for hackers, so it’s important to protect important, sensitive data. “Fulton County, historically, has always been on the leading edge of the technology, and we’ve always been in a good place, but we could always be better,” she said.

Gavarone has introduced Ohio Senate Bill 52, which is designed to establish accurate election results and protect citizens from cyber attacks. It was referred to the Ohio House Finance Committee in June.

“Thanks to that work, and the directive by Secretary LaRose, Ohioans can rest easier knowing that that the legislature, Secretary of State, and boards of elections across the state are working together to protect their vote and our vital election systems,” she said.

LaRose’s visit to the county represented the halfway mark in his promise to visit all 88 Ohio boards of election by year’s end.

Ohio Secretary of State Frank LaRose, left, sat down Aug. 28 with Fulton County Board of Elections Director Melanie Gilders, right, District 2 Senator Theresa Gavarone, and BOE staff members to discuss a security directive he issued this summer.
https://www.swantonenterprise.com/wp-content/uploads/sites/23/2019/09/web1_LaRose-1.jpgOhio Secretary of State Frank LaRose, left, sat down Aug. 28 with Fulton County Board of Elections Director Melanie Gilders, right, District 2 Senator Theresa Gavarone, and BOE staff members to discuss a security directive he issued this summer. David J. Coehrs | Swanton Enterprise

Ohio Secretary of State LaRose demonstrated voting equipment at the Fulton County Board of Elections.
https://www.swantonenterprise.com/wp-content/uploads/sites/23/2019/09/web1_LaRose-2.jpgOhio Secretary of State LaRose demonstrated voting equipment at the Fulton County Board of Elections. David J. Coehrs | Swanton Enterprise

By David J. Coehrs

dcoehrs@aimmediamidwest.com

Reach David J. Coehrs at 419-335-2010

Reach David J. Coehrs at 419-335-2010