DECATUR — The person in charge of safeguarding Macon County’s electoral system from Russian hacker attacks or other nefarious onslaughts said he’s confident local ballots are secure.
Macon County Clerk Josh Tanner, recently returned from a cybersecurity conference, said much has been done to beef up system firewalls and protections in the three years since Russian hackers infiltrated the Illinois voter registration database.
Tanner said state grant money — he’s not allowed to reveal how much, but it's into the thousands — paid for consultants who tested the county’s voting system earlier this year by trying to hack into it. They weren’t successful, but Tanner said the exercise produced a detailed report highlighting areas that needed beefing up.
He said county clerks like himself have to be aware of defending against other threats.
“There are other ways of causing mischief than just to penetrate the voting system,” said Tanner, a Republican elected in November. “There are denial of service attacks where they don’t actually penetrate your system but they can bombard it with traffic, slowing it down. The consultants help us focus on how to tie-down the system and protect it.”
The Senate Intelligence Committee last month issued a 67-page report that said Russian agents "exploited the seams" between federal government expertise and ill-equipped state and local election officials.
At least 21 states reported being contacted by addresses associated with Russia in June 2016, largely by scanning public websites, but data breach in Illinois was the most significant. All told, personal information involving 76,000 voters was viewed, including names, addresses, partial Social Security numbers, dates of birth and driver's license numbers statewide. State election officials contacted the victims and provided steps to take on identity theft.
The breach has been highlighted amid congressional calls seeking new federal funding to secure elections across the country and former special counsel Robert Mueller's recent testimony on election interference warning that the Russians are "doing it as we sit here."
Mueller's team indicted a dozen Russian intelligence agents last year on charges related to 2016 election meddling, including the Illinois data.
Senate Republicans have said the Trump administration has already made strides in protecting the vote and no additional federal funding is needed beyond about $380 million in grants sent to states last year. President Donald Trump has called 2016 election interference by the Russians a hoax.
Illinois officials also dispute some of the statements made about the extent of the Illinois breach in the heavily redacted Senate intelligence panel's report last month. The report quoted Department of Homeland Security staff as saying of the Illinois hack that "Russia would have had the ability to potentially manipulate some of that data, but we didn't see that." Of Illinois, the DHS staff said that "the level of access that they gained, they almost certainly could have done more. Why they didn't ... is sort of an open-ended question."
But state election officials said the report overstated what the Russians accomplished in breaching Illinois' database.
"That is completely counter to everything that we have ever been told and to what we know," Matt Dietrich, spokesman for the State Board of Elections, said of the assertion that the Russians could have manipulated the voter data.
"We know where they got in and we know what the permissions were once you broke into that area. It wouldn't have allowed you to change or edit or delete any data," he said. "We saw what they tried to do unsuccessfully."
'Brittle but not broken'
State election officials acknowledge that hacking attempts to their systems continue to this day but say they so far have been rebuffed.
The 2016 hacking attack in Illinois initially was so small-bore that no one at the State Board of Elections noticed anything until nearly three weeks after it began. Then it picked up in volume and unusual spikes of activity were noted involving the server containing the database containing information about millions of Illinois voters.
The hole in the system was the state's online voter registration application website, which allowed people to sign up to be eligible to cast a ballot. State elections officials shut down the site on July 13, 2016, but malicious queries, blocked by a firewall, show the state board's internet addresses continued to be hit five times per second, 24 hours a day, for the next month.
Working with state internet technology officials, the FBI and the Department of Homeland Security, security enhancements to the online voter registration website were completed and the system was put back online two weeks after being shut down.
In the aftermath of the Illinois hack and in preparation for last year's midterm elections, the state announced it would spend nearly $14 million as part of a five-year program to improve the state's election system cyber defenses.
State election officials said that the bulk of the voting machinery in Illinois is at least 15 years old. It would cost $175 million to replace the machines with more modern, secure devices that are easier to audit.
"Fifteen-year-old voting equipment. It's brittle but not broken. It's not so much vulnerable to attack but failure, and you're scavenging other parts from other machines," said Chuck Scholz, the former Quincy mayor who chairs the eight-member, bipartisan State Board of Elections.
State election officials are looking for federal funding to allow local authorities to purchase upgraded machines.
In Macon County, the voting system relies on marked paper ballots counted by machine. Tanner said the system is rugged and reliable and tough to mess with. “Paper ballots are pretty much what the nation is moving towards,” he said. “So that in the event there is any question (about a result) you can always go back to the original paper ballot, and you can hand-count it if you want to.”
He said the infamous “hanging chads” of the controversial 2000 presidential election in Florida pretty much killed the popularity of the other kind of paper ballot, using punched holes. “We don’t use punched cards anymore because of that election,” he added.
'We are doing everything we can at this point'
One major fear is that access to local voter databases could become compromised and allow voter information to be altered in a way that would disenfranchise people from casting ballots on election days. Illinois law does allow for the casting of provisional ballots on election days if voter data became compromised.
Nine specialists known as "Cyber Navigators" have been hired to work with election officials in separate geographic zones to determine potential problems and fix them. Currently, the navigators are in the process of following up on risk assessments with the local election authorities in partnership with the state's Department of Innovation and Technology.
Scholz said he's confident the cyber defenses will prove effective.
"We're going to make every effort working with all of our partners to have a safe election in 2020," Scholz said.
Tanner said both the state and federal governments have placed a high priority on election protection. There are now regular briefings and updates on new threats and concerns and how to combat them and a prevailing sense that election security is vital. “The federal government has made election security one of their top priorities,” added Tanner. “It’s now dedicated as critical infrastructure, so we’re up there with nuclear safety.”
Tanner said the first really big test of the strengthened voting system will come in the March primary elections.
“No county clerk every sleeps soundly, especially as it gets closer to an election,” he said. “But I think we are doing everything we can at this point; it’s a cat-and-mouse game as you are constantly making adjustments to keep up with new threats.”
The Chicago Tribune and Associated Press contributed to this report.