Just before the Wisconsin Elections Commission would meet last Tuesday, a stunning memo became public and was a call to action to tighten election security in a state with razor-close elections every cycle.
The memo, written by WEC staffer Tony Bridges, pointed out that at least a handful of users in counties around the state are logged into the WisVote database with outdated operating systems that no longer are receiving security updates.
Also, he wrote, hundreds of users are accessing WisVote with computers running on Microsoft Windows 7, which now receive updates but soon will not because Microsoft will not provide them for free.
“The failure to maintain a current operating system exposes the user to tremendous risk,” he wrote.
The scenario described does not apply locally, as Kenosha County Clerk Mary Kubicki said computers are updated regularly here.
“Kenosha County is very proactive and adheres to state and federal regulations related to election equipment utilized in the county,” she said. “We ensure that we remain current with the certified releases provided by the vendor (ES&S) as they become available.”
Bridges’ memo cited a case in Jackson County, Ga., in March 2019, when elections systems were brought offline by a ransomware variant Ryuk.
Ryuk gained access to computers through a vulnerability in a protocol used for file sharing in older networks. An update that fixed that vulnerability had been available since 2017 but was not implemented on the Jackson County systems.
“The county ultimately paid a ransom of $400,000, and still spent five weeks and dedicated significant resources to repairing damage from the attack,” Bridges wrote.
“A similar attack that impacted local election officials would pose numerous risks. It could, for example, expose confidential information, prevent the timely distribution of absentee ballots, prevent the timely printing of poll books, disrupt communications with voters, expose voters to potential cyberattack, destroy digital records, prevent the display of election night results, and dramatically impact voter confidence in the electoral process.”
With that, the memo presented the full commission with proposals designed to directly address these potential threats.
And the Wisconsin Elections Commission acted swiftly.
The Wisconsin State Journal reported that the commission directed existing federal dollars to implement software to track the security levels of local elections officials’ computers, at a cost of up to $69,000; create a $30,000 emergency loan program to secure 25 devices that could be temporarily handed out to local clerks who aren’t able to comply with security protocols, and take preliminary steps to hire a technical support position.
Commission Chair Dean Knudson told the State Journal that while the panel has “hardened our defenses tremendously over recent years,” it’s important to continue identifying potential issues and addressing them.
“This is about looking at what we can do to further strengthen our defenses,” the Republican appointee said.
The commission also took steps to launch a campaign to educate the public about election security issues. Commissioners agreed to use up to $341,400 in federal money to hire Madison-based advertising agency KW2 to develop a statewide survey on election integrity, provide media training to local elections officials and more.
It’s important to note that the funding for the initiatives stems from the money Wisconsin received in 2018 from the federal government for election security efforts. That money should be spent fully.
Without hearing much in recent months about what is being done to tighten election security, the memo triggered action and the Wisconsin Elections Commission responded.
It should work toward improvements in counties around the state in coming months and share the results with Wisconsin voters. There must be full voter confidence in 2020 and beyond.