WASHINGTON – Arizona elections officials say they are confident in the security of the state’s election infrastructure, after two years of working on the problem and the infusion of millions in federal funding to bolster security.
The security of the state’s voter registration databases grabbed headlines in 2016 when a hacker tried to gain access to the voter rolls in Gila County, which led to a statewide shutdown of voter registration for several days.
Secretary of State Michele Reagan said 2016 was a “wake-up call” that forced the state to make changes that will put the election system in good stead this fall.
“We had a close call in 2016,” Reagan said. “And because of that, we’ve been thinking about this for two years already.”
That 2016 hack was cited in a July report by Democrats on the House Administration Committee, who said Arizona is one of 18 states most vulnerable to interference. The report focused on potential weaknesses in Arizona’s voter registration and audit procedures.
But Reagan said there were “serious holes” in the report, noting that it failed to mention the state’s ballot audit procedure and pre-election machine testing.
Maricopa County Recorder Adrian Fontes agreed that the state’s “entire security protocol is entirely different” than it was in 2016.
“We are talking about two years later, and two years is a lifetime when we’re talking about information security,” Fontes said Monday. “You wouldn’t be able to recognize our 2016 system in 2018 and I can guarantee you that we’re also going to be making significant changes in 2020.”
As part of its improvement efforts, the state plans to use more than $7 million in federal funds to hire an outside firm to assess voting system vulnerabilities and to create a statewide voter-registration database. Currently, Reagan said, Arizona has three separate registration systems – one in Maricopa County, one in Pima County and a third shared by the state’s remaining 13 counties.
The federal funds, part of $380 million doled out to states for election security under the Help America Vote Act, will also be used in Arizona to help counties fund their own election security efforts. It is the first release of federal grants under HAVA since 2010, according to the U.S. Election Assistance Commission.
Fontes said his county not only plans to continue updating election machines, but also training election officials in the most recent security practices.
“There’s no silver bullet to securing our infrastructure. It’s a lot of things working together and that’s what we’re trying to stay on top of,” Fontes said. “And I think we’re doing a good job so far.”
Reagan said that most of the focus in elections cybersecurity is “about the voter registration database, and that doesn’t really affect them (voters) and their vote on Election Day.” But she said she is also confident that ballots cast by those voters will be secure.
“The machines that tally all the ballots at the end of the night, none of those are hooked up to the internet,” she said.
Arizona’s voting machines create a paper trail for every vote cast, which experts call one of the first lines of defense against hacking on Election Day.
But Mitre Corp. cybersecurity engineer Marc Schneider says anything is susceptible to attacks – even voting machines that are not online can be physically breached.
“Connecting to the internet has nothing to do with the ability to affect the voting system,” Schneider said during a panel discussion sponsored last Tuesday by the Brennan Center. “It’s as simple as a device being moved from one environment to another.”
Reagan, speaking before that panel discussion, noted that any time voting equipment is moved in Arizona, it has to be accompanied by at least two elections officials.
And Susan Greenhalgh with the National Election Defense Coalition gives Arizona credit for conducting post-election audits of ballots.
“I like to say it’s like a water supply,” Greenhalgh said. “There are a lot of ways to protect a water supply like fences and alarms. But at the end of the day, you also test the water … to make sure it hasn’t been poisoned.”
Follow us on Twitter.