Illinois finalizes its plans to prevent another Russian hack
SPRINGFIELD, Ill. (AP) — Local election officials hoping to use federal cybersecurity funding to upgrade Illinois’ decades-old voting machines will have to keep waiting, as the State Board of Elections announced that the majority of the $13.9 million coming into the state will be funneled to training and bolstering cyber defenses.
After Russian hackers breached 76,000 active voter registration records in 2016, State Board of Elections spokesman Matt Dietrich said Illinois became the cybersecurity “poster child,” representing the need to secure the country’s vulnerable elections systems. The Prairie State announced its databases were hacked months before the Department of Homeland Security confirmed Russian agents also targeted 20 more states.
Congress approved $380 million for states to secure their elections, which the Election Assistance Commission said should be used to expand post-election audits, improve cybersecurity training and replace paperless voting machines. Election officials agree paperless machines are much less vulnerable to hacking.
Because Illinois already conducts audits and uses machines with paper trails, the state will have to devote most of its $13.9 million sum on cybersecurity upgrades and training. That puts a damper on the state’s initial plans to allow local officials to use some of the money to upgrade some of their deteriorating voting machines, many of which were initially purchased as early as 2004.
Dietrich confirmed the main use of its federal funding will be to “make sure that we at the state level and the local election authorities are using the best cybersecurity practices to make sure that voter registration data is safe.”
That’s in line with legislation recently signed by the governor, which requires the state board of elections to use at least half of the money on a so-called Cyber Navigator Program. The program, which is being finalized, will provide training and grants to local election officials. It will also put all participating counties on a centralized, more secure internet network. The state will also conduct risk assessments of each participating county to ensure that clerks are using best practices.
The state board of elections will also keep $1.2 million which will be used to fortify voter registration databases and hire a fulltime cybersecurity expert.
The planned use for the funds may come as a shock to local officials who have been largely left in the dark about how they can use their grants. Many still hope they can use the money to replace their decades-old voting equipment.
Logan County Clerk Sally Turner said local clerks have yet to see any language as to how the state board interprets definitions of “cybersecurity,” and whether new voting machines would fall under the term.
“We all need new election equipment and I think we’re all hopeful that our state government recognizes the importance of this,” she said.
Local officials have complained that equipment can break down or, in some instances, record the wrong vote. And, it’s becoming harder to find replacement parts for malfunctioning machines, many of which were purchased in 2004.
Dietrich said the state still hopes for further funding down the line for voting machines, noting that “this year’s allotment was pretty small.” The $13.9 million is only a fraction of the $147 million the state saw more than a decade ago from the federal Help America Vote Act, which allowed states to overhaul their voting systems.
But further funding may not come soon. Congress denied an additional $380 million in election grants during an appropriations hearing last week, money Democratic Rep. Mike Quigley of Illinois said was needed to replace machines “not equipped to handle modern-day cybersecurity software.”
While more funding may not be in the near future, state and local officials agree that this round of funding is still an important first step, and that cybersecurity training and protections are still a pressing need.
In rural counties, many county clerks’ offices don’t have information technology staff in-house and are relying on local government resources when issues arise. In the face of a cyberattack, these county clerks would have to be the first to respond, making cybersecurity training all the more essential.
“We were elected to run elections __ we weren’t elected to run IT,” said Turner, who also recently organized an election cybersecurity conference for local officials. “Training is going to teach us all how to best protect our systems and make sure we have all the best practices in place.”
Follow Sarah Zimmerman at http://www.twitter.com/sarahzimm95