MADISON -- The Wisconsin Elections Commission has moved to bolster local election security efforts in light of concerns that some clerks’ use of outdated computer operating systems could open up the state to cyberattacks in future election cycles.
The efforts, approved unanimously by the panel on Tuesday, aim to address potential vulnerabilities across the state, where some clerks are using out-of-date computer systems or failing to install software patches and updates, according to a memo released before the meeting.
Commission Chair Dean Knudson noted that while the panel has “hardened our defenses tremendously over recent years,” it’s important to continue identifying potential issues and addressing them.
“This is about looking at what we can do to further strengthen our defenses,” the Republican appointee said.
Commissioners Tuesday agreed to direct existing federal dollars to implement software to track the security levels of local elections officials’ computers, at a cost of up to $69,000, create a $30,000 emergency loan program to secure 25 devices that could be temporarily handed out to local clerks who aren’t able to comply with security protocols and take preliminary steps to hire a technical support position.
The action came after WEC's election security lead Tony Bridges detailed in a memo his concerns about local clerks’ use of outdated operating systems to access the WisVote database, the statewide voter registration and election management system, including Windows XP, where security patches haven’t been supported since 2014.
Meanwhile, the memo also noted others are using Windows 7 to utilize the database, and Microsoft won’t be providing free security updates for it after mid-January 2020.
Not maintaining a current operating system, Bridges’ memo states, “exposes the user to tremendous risk.” He referenced a recent incident in Georgia in which hackers orchestrated a ransomware attack using Ryuk on Jackson County systems, causing officials to pay $400,000 to regain access to their information.
If systems in Wisconsin are similarly attacked, the memo said, confidential information could be exposed, digital records could be destroyed, election night results may not be displayable and absentee ballot distribution and poll book printing could be impacted, among other things.
Commissioners’ vote to direct $69,000 toward putting in place end-point testing would allow officials to monitor existing security levels of local clerks’ work computers and assess potential vulnerabilities, provide guidance to better safeguard each individual system and more. Local officials who are found to be non-compliant could be blocked from accessing WisVote.