By Elizabeth Weise and Kevin Johnson for USA Today
Law enforcement officials, government workers and cyber-security professionals are preparing to swoop in, track and hopefully block anyone attempting a cyberattack aimed at destabilizing the U.S. presidential election.
The possibility is slight, with risks lessened by the fractured, mostly non-digital nature of the national voting apparatus. Still, fears that hackers — perhaps from Russia — could instill doubts about the voting process via attacks on the Internet infrastructure have put the cyber-security community on guard.
Read more: Early election win for Hillary Clinton in tiny New Hampshire town Dixville Notch
In a way, they are girding for war, but the fronts are multiple and decentralized. Although many are keeping low profiles, we know about some.
• The Department of Homeland Security has been conducting cyber audits of state and local election systems since August, responding to requests from 46 states and 32 local election officials.
• Indiana is setting up an election cyber-war room.
• In Washington, D.C., and on the ground in 26 states, the non-partisan Election Protection coalition will staff hotlines for voters and have an election geek squad ready for questions from jurisdictions.
• The Election Verification Network has assembled an elite "A-Team" of cryptographers, analysts and security experts who will make themselves available to any jurisdictions needing help on Election Day and in the vote counts that follow.
Not surprisingly, many details of these "SWAT" teams' plans are kept under wraps.
Read more: Early election win for Hillary Clinton in tiny New Hampshire town Dixville Notch
“Best practices for cyber security means we don’t tell people what they are,” said the Pennsylvania secretary of State's press secretary, Wanda Murren.
Federal authorities say the decentralized and antiquated nature of the country’s vote tabulation systems would be difficult to penetrate. The worry, instead, is focused on other disruptions.
Two federal officials told USA TODAY there is concern systems unrelated to the country's vote-tabulation system could be targeted to raise anxiety as voters go to the polls Tuesday.
The officials, who are not authorized to comment publicly, said breaches could take the form of what are known as distributed denial of service (DDoS) attacks, similar to last month’s rolling operation that knocked a number of popular websites offline for hours.
There was no specific or credible information, however, that such operations are being planned to disrupt the election.
"We have these concerns around every election, but I have to say that I think there is more of a concern this time than I've seen in the past," California Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee, told CNN.
Of the cyber threat posed by Russia, Schiff said that the Russian government had “prepared the field if they wanted to escalate."
It's those concerns that have created an unprecedented level of preparation, both by government and civil society groups.
The Department of Homeland Security is working with state and local election officials to protect against cyber vulnerabilities, Secretary of Homeland Security Jeh Johnson said in a recent interview.
The cyber scans found some vulnerabilities, “an open door here or there, which are being addressed after doing these assessments,” he said.
Read more: Early election win for Hillary Clinton in tiny New Hampshire town Dixville Notch
Some states have received a more in-depth, on-site assessment from Homeland Security.
"There are fewer states that have gone to that extent. And I would expect and hope and expect that after the election more would do the same thing," Johnson said.
Pennsylvania is one of the states that took advantage of the federal security check, which found its safety security measures were working well.
In Indiana, a public-private partnership of cyber-security experts from local universities, the state’s cyber-security firms and state government and law enforcement has come together to support the state should anything occur.
A “war room” will be set up at the security operations center of Rook Security in Indianapolis, where the group’s 30 or so members will spend Election Day, said Rook CEO J.J. Thompson.
“We’ll be available in real time, so the fastest possible remediation can take place,” he said.
Doug Rapp, an adviser for cybersecurity and national security initiatives for the Indiana Secretary of Commerce, will be among those in the war room on Tuesday. The level of collaboration between the public and private sector on this issue is something that stands out about Indiana, he said.
“It’s a collective risk that requires a collective response,” he said.
If all else fails, a rapid-response team composed of some of the best-known names in cyber security, cryptography and computer network security will stand at the ready beginning on Tuesday to assist authorities if cyber issues arise during or after the election. The group is spread out across the country and represents multiple disciplines and some of the top names in the admittedly obscure field of election cyber verification and security.
Among others, the group includes Andrew Appel, a Princeton University computer scientist known for his work on how voting machines can be hacked; Josh Benoloh, a senior cryptographer at Microsoft Research; Harri Hursti, a Finnish computer scientist for whom the "Hursti Hack" of voting machines was named; Walter Mebane, a University of Michigan expert on detecting electoral fraud; and Ron Rivest, an MIT professor and the R in RSA, a ground-breaking cryptographic algorithm.
Reaching out to voters, Election Protection, a non-partisan coalition with more than 100 local, state and national partners, will staff a multilingual hotline, 866-OUR-VOTE, beginning Monday night to track issues and aid voters.
Read more: Early election win for Hillary Clinton in tiny New Hampshire town Dixville Notch
“We feel we’re likely to hear very quickly if a cyber problem occurs because we’ll be getting calls from around the country,” said Marcia Johnson-Blanco, co-director of the Lawyers' Committee's Voting Rights Project, a member of the coalition.
The group will alert officials if calls begin to come from any one area that could potentially indicate a problem. Should Internet access go down making it hard for voters to find their polling places, its hotline will be a source available with information nationally in English, Spanish, multiple Asian languages and Arabic.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here