In this tech-heavy world, it’s a new landscape when it comes to election security. Nation states like Russia could be poised to hack voting machines or systems. And Wisconsin clerks in small towns and municipalities — often with no information technology department — must make sure elections are secure.
So, over the last few years, the Wisconsin Elections Commission has implemented more election security measures. They include: a cybersecurity training program, multifactor authentication for people who access the state election management system and voter list (WisVote), and a grant program where qualified election clerks get up to $1,200 in federal funding to buy new computers or update operating systems.
At Monday’s meeting of the commission, administrator Meagan Wolfe summarized her staff’s efforts for election commissioners: "One of the major ones is alerting and educating clerks about the importance of having a .gov email address or an HTTPS website, especially for our county clerks," she says.
Wolfe says the overwhelming majority of Wisconsin's 1,850 municipal clerks are using something other than a .gov email address. She says changing to a wi.gov email would provide more security. It wouldn’t be particularly costly — but it may require clerks to update business cards or find a host for the email servers.
Wolfe also says the majority of Wisconsin counties aren't using a secure protocol for their county’s website.
"Not having a secure protocol could open them up to vulnerabilities like a defacement of their website," she says. "While this would have no impact on the tally or the actual outcome of the election ... it could undermine voter confidence in a very serious way."
Changing to a secure website wouldn’t change the county’s web address, she says. But it requires counties to find the time to make the change.
Wolfe also told commissioners that her staff is taking steps to bolster the statewide online voter list and election management system. Along with the hundreds of municipal clerks, Wisconsin has 72 county clerks and one elections commission.
Including clerks' staff, that means about 3,000 users are accessing the statewide voter list and election management system, WisVote. In some states with more centralized elections, that system is accessed by around 100 people. So, the commission initiated changes so every computer connecting to Wisconsin elections systems will be checked to verify its security before it’s allowed to access. It’s called endpoint testing.
"Endpoint testing allows us to basically monitor the computers of all of the municipal and county clerks that use WisVote around the state," says Wolfe. "So we can make sure that if they have some type of a virus or if they haven't received a patch that's critical to security, that we can contact them and make sure that they get that. It allows us a window into all those devices to make sure that there aren't any insecure devices accessing our system."
As of Jan. 28, 2020, Wolfe says if a device doesn't have its security patches or has an outdated operating system, it won’t be able to access the WisVote system.
"This is an incredibly important milestone in our securing our system as we head into 2020 and truly of service to all of our clerks to make sure that they understand if they have a vulnerability. Because many of them do not have IT support," she adds. "So this kind of bridges that gap to make sure they even know if they have an infected device."
Ultimately, the commission moved to offer a $500 grant for each county if they update to an HTTPS protected website by the deadline. Additional elections security funding for states is under consideration by the U.S. Congress. If new funding becomes available, Wolfe and staff would like to fund further security improvements at the county level.
Editor's note: The audio in this piece was provided courtesy of WisconsinEye.