Six States to Craft Election Security Plans Through National Academy

If a natural disaster or hazardous spill struck in Idaho, state officials have plans in place to identify the resources needed and respond.

Given the growing threat of cyber intrusions to government infrastructure, state officials want to be equally prepared for attacks on their election systems.

The state is one of six that will work with the National Governors Association (NGA) this year to strengthen their election security capabilities by developing election-security specific communications and response plans.

“What would happen to an election cycle if the power were to drop during an election day?” said Idaho Deputy Secretary of State Chad Houck, explaining a hypothetical situation in which such a plan might be deployed. “Very few, if any, states have comprehensive, implemented cyber-disruption planning.”

In addition to Idaho, the NGA policy academy program will include Arizona, Hawaii, Minnesota, Nevada and Virginia. The goal is to get siloed state offices, like those of elections officials and governors’ offices, to work together on election security matters, said James Nash, a spokesman for the NGA.  

“What we are trying to do is make sure all these departments and agencies are coordinating,” Nash said. “The question would be how much coordination has already occurred across these agencies and what formal policies exist to deal with threats?”

Election security has taken on increased urgency ahead of the 2020 presidential election­—particularly as the extent of Russian meddling in the 2016 election has come into focus. Federal officials previously acknowledged that Russian hackers targeted 21 state election systems ahead of the 2016 election. Special Counsel Robert Mueller’s report also provided fresh details about the extent of Russian efforts to infiltrate state elections systems, specifically that the FBI believed Russian military intelligence had gained access to the network of one Florida county government. Russian hackers were also able to infiltrate the Illinois State Board of Elections and steal personal data of approximately 500,000 voters.

Meanwhile, the Department of Homeland Security this week began the first known federal inspection of election equipment that malfunctioned during the 2016 election. The department will conduct a forensic analysis of laptops that malfunctioned when Durham County, North Carolina elections officials sought to check-in voters on election day.

The six states selected for the policy academy program, which will run through December, will receive technical assistance from NGA to enhance interagency communication, engage governors’ offices, and develop statewide response plans that would address how state agencies should respond to attacks on election infrastructure.

In Nevada, the Secretary of State’s Office was reaching out to state agencies on a piecemeal basis to ask about resources they could offer in the case of an election-related cyber intrusion, said Wayne Thorley, the deputy secretary of state for elections. The NGA’s policy academy will enable the office to devise a holistic election security plan.

“So, if a breach occurs we are all acting in unison and know what to do,” Thorley said.

The plan could foreseeably be put to use for everything from a voter database breach to an election results website hack to the spread of misinformation on social media regarding an election, he said.

In Minnesota, Governor Tim Walz and Secretary of State Steve Simon said the state’s National Guard Cyber Protection Team, Department of IT Services, and Department of Public Safety would all work on the election cybersecurity plan.

“Minnesotans understand that voting is the cornerstone of our democracy, and that risking the integrity of our elections is not an option,” Walz said in a statement.