INDIANAPOLIS (WISH) — The November municipal elections are less than six weeks away.
With that in mind, Indiana’s secretary of state is assuring voters their election data is safe, and she’s got proof.
Secretary of State Connie Lawson says she and her team have spent years beefing up election security.
Lawson and her team are also looking ahead to next year’s elections.
“I want our voters to have confidence in our elections here in Indiana,” Lawson said. “I don’t want anyone to think when they go to the polls, that their vote would not be counted the way they intended for it to be counted.”
New for 2019, the secretary of state’s office installed intrusion detection and prevention systems on the statewide voter registration database.
The office is launching a pilot program with seven counties on Oct. 1. And they’re working with cyber security company FireEye with hopes to expand the program to all counties by 2020.
“It (the program) watches the internet traffic that comes in,” Lawson explained. “There are groups that have identified the bad IP addresses and signatures of these computers. So, we know when somebody like that tries to hit the system.”
Lawson said the state now has stronger physical security of voting equipment.
According to Lawson, many counties have customized security resolutions above what the law requires.
“There’s a chain of custody now,” Lawson said. “There are certain seals on the machines and the poll workers have to verify that the number on the seal when they open it on election morning is the same seal number. So, it hasn’t been tampered with.”
Remember, Indiana’s voting machines and tabulators are not connected to the internet or to each other.
“I mentioned 5,000+ precincts, 92 counties, 5 different voting system vendors,” Lawson explained. “So, it would be virtually impossible to hack an election and make a difference in a statewide race.”
There are quite a few other election security measures in place. Here are other election security modernization and cyber security initiatives, according to the Indiana’s Secretary of State’s Office.
Learn more about other election security modernization and cyber security initiatives below:
Multifactor Authentication Protocol for County Election Offices
The Statewide Voter Registration System is used by the state and the counties to maintain the voter registration list. We are investing in security at all levels with validation requirements to ensure only authorized users can access the system.
Intrusion Detection and Prevention Systems
These systems monitor internet traffic accessing websites and databases. We currently have sensors monitoring the Statewide Voter Registration System, but we are expanding this through a partnership with FireEye – a world renowned leader in cybersecurity.
Distributed denial of service attacks known as DDOS are used to take down websites. To prevent this, we have implemented a distributed denial of service content filter to protect our websites.
Moved statewide voter registration system data to a private host provider.
State law establishes physical security standards for election equipment. Many county election boards adopt customized security resolutions above and beyond what is required by law.
Voter Verifiable Paper Audit Trails
This is a security measure that allows voters to independently verify their vote was correctly recorded. Fall pilot in Hamilton, Boone, Bartholomew and Hendricks.
A post-election audit using a statistical sample of paper ballots to ensure ballots were correctly counted.
Machines Are Not Connected to the Internet
Voting equipment is very secure. Voting machines and tabulators are neither connected to the internet or each other. Each machine is inspected and tested by VSTOP. In addition, public tests of voting systems are conducted in all counties prior to an election, and are open to the public.
Diversity in Election Administration
Each county independently administers its own elections. The diversity of equipment and scope provides an additional level of security.
Voting System Technical Oversight Program
Hosted by Ball State University, this program tests all of the election equipment used in Indiana for an added layer of safety and security.
Election Infrastructure Information Sharing and Analysis Center (EI-ISAC)
An independent entity that partners with the U.S. Department of Homeland Security, this allows us access to 24/7 security information, threat notifications, and security advisories.
U.S. Department of Homeland Security
The Federal Government has conducted risk and vulnerability testing to secure Indiana’s electronic information such as the Statewide Voter Registration System and the state election website. In addition, they do weekly cyber-hygiene scanning.
Indiana University’s Center for Applied Cybersecurity Research (CACR)
Assisting in refining and testing the elections-specific incident response plan and providing guidance to counties to develop local plans.
Phishing Email Training and Testing
In 2016 Arizona and Illinois had their Statewide Voter Registration Systems breached. In Arizona it was done through phishing. Training and testing is the first step in preventing this type of intrusion.