Jacquelyn Martin / AP
Monday, March 19, 2018 | 2 a.m.
Election officials across the country are looking to shore up election systems against hacking, a facet of the 2016 election that led to a yearlong congressional investigation.
Nevada is organizing cybersecurity under a new central hub, according to the Secretary of State’s Office, and is among more than 35 states sending officials to a cyber security incident response training at the Harvard Kennedy School’s Belfer Center in Massachusetts later this month.
Hackers linked to Russia targeted election systems in 21 states during the 2016 election. The Nevada Secretary of State announced in September that the U.S. Department of Homeland Security confirmed Nevada was not one of those states.
Some investigations into Russian meddling in the election are underway, with a recent draft report from one committee saying there was no collusion between the Trump campaign and Russia, according to the Associated Press. The finding drew praise from Trump and pushback from Democrats.
After the Department of Homeland Security designated election infrastructure as critical infrastructure last year, a 27-member group was established with officials from federal, state and local governments. The Election Infrastructure Subsector of the Government Coordinating Council convened for the first time last October to begin developing protocols for information-sharing in threat analysis.
Secretary of State Barbara Cegavske is an alternate for the council. Her office said it’s working closely with the group.
“The 2016 elections definitely brought into stark relief the threats that are out there,” said Daniel Bartlett, who is oone of the training organizers and a former active duty Marine Corps intelligence officer. “ … Traditionally, it’s just not an area that has had the type of attention with regard to cybersecurity that other vulnerable areas like the energy sector or banking have had.”
The Belfer Center last July launched its Defending Digital Democracy Project, which is co-led by former campaign managers for Hillary Clinton and Mitt Romney. The training later this month is relatively unique and much larger than two similar events held in in late 2017, Bartlett said. Elections officials will be led in a tabletop exercise and then trained to hold similar events in their own states.
The exercise guides officials through models on Election Day preparation and the Election Day itself, posing cybersecurity scenarios that officials have to navigate, Bartlett said. The goal is to help states recognize where they might be able to improve before being faced with the situation in reality, Bartlett said.
“By experiencing it in the exercise, they can go back and put solutions into place that might close some of their vulnerabilities, and in turn they won’t have to suffer the repercussions of those things happening in real life,” Bartlett said.
Election security is not a one-party issue, Bartlett said, pointing out that both the Clinton and Romney campaigns were targeted by hackers.
Representatives of Defending Digital Democracy Project have gone to more than 30 election offices, including Clark County, to learn about their systems. Bartlett said the most common needs researchers saw was for cybersecurity funding, updated election equipment that allows for a paper trail of votes, and an auditing system to help prove that official election results actually reflect ballots cast.
“This is the most consequential work that I think I’ve worked on,” said Bartlett, who deployed to Iraq and Afghanistan four times before he got involved with the Defending Digital Democracy Project last year. “The integrity of our election system underpins our Democracy.”
The Nevada Secretary of State’s Office is also using the newly created Office of Cyber Defense Coordination to keep cyber security planning and strategies updated in all agencies that deal with election systems. Assembly Bill 471 establishing the new office was signed by the governor with unanimous support from the Legislature in 2017.
“This is an issue of national interest and need,” Daniel Stewart, then-General Counsel to the Governor, said during an April 7 hearing on the bill. “We believe that with this bill, Nevada has a chance to be a national example on the issue of cybersecurity.”
Stewart said the bill stemmed from a National Governors Association policy modeled after Virginia, the “gold standard” for cybersecurity, and was drafted with the help of National Governors Association Policy Academy experts.
“One of the things that came up in the Policy Academy is that the biggest detriment to a broader cybersecurity defense effort was coordination,” Stewart said at the time. “We have a lot of different parts of the state doing a lot of different things, and we need a centralized organizing office to handle that.”