WILMINGTON — For the Clinton County Board of Elections (BOE) director, this past summer was largely devoted to elections cybersecurity.
There is good reason for voters to have confidence in the accuracy of election results, said BOE Director Shane C. Breckel.
The local BOE has two types of elections systems. One deals with programming and tabulation — counting the votes cast. It is never connected to the Internet, and so it could not be hacked because there’s no way into this election system except through physical access.
“It’s never allowed to be connected to the Internet — not once. Not even during the setup. It has never gone into the outside world,” Breckel said.
Ohio Secretary of State staff do spot checks occasionally and if the system has been linked to the Internet, it is de-certified and the BOE has to buy a new one.
So, when people ask Breckel whether election results could be altered, while he would not answer with a 100 percent guarantee he’s comfortable saying the elections system that yields the results is “a closed system,” and therefore changing the election outcomes would have to occur by actual physical access.
With that in mind, physical access to BOE staffers’ workstations has been tightened and now involves what’s called “double authentication” to log in to their workstation. That includes unique bar codes that have to be scanned, he said.
The BOE’s second type of elections system relates to voter database and petition checking among other things. A separate double authentication log-in is required to gain access to this voter registration system. Elections officials, of course, have contemplated a worse-case scenario if someone were to get into the voter registration system.
“It would sow chaos into the election,” acknowledges Breckel, but there are contingency plans to keep the integrity of the election intact.
“We use electronic pollbooks. If they go in and, say, delete every last name for every voter, that’s going to be a problem for us, but we actually have a plan for that should that happen,” said the BOE director.
Another potential problem — though again it would not alter election results — is a cyber attack to the BOE website on election night. This would interfere with the public finding out election outcomes on Election Day, but not forever.
With this type of attack, the perpetrator overwhelms the website with requests and what appears to be traffic, making the site inoperable and shutting it down. But again, the BOE has contingency plans if an attack against its website takes place.
The threat of cyber attacks or vulnerabilities in software mean a new daily regimen for a BOE office. Staffers have to be vigilant on a daily basis, noted Breckel.
He said the Clinton County BOE will phase out its Wi-Fi system almost immediately, and most flash drives in an elections office can only be used once.
Earlier this year, the Department of Homeland Security officially designated elections systems as a critical infrastructure to be protected, along with power grids for example.
Starting in July for six weeks, the BOE was under attack if you will, tested by hackers from Homeland Security, a campaign that included Phishing emails.
Breckel is pleased that in the weekly assessment reports, the Clinton County BOE had no vulnerabilities during the entire campaign and needed no recommendations. Nonetheless, Breckel plans to sign up for continuing testing.
By directive of the Ohio Secretary of State Office, each BOE in Ohio is required to join the multi-state Election Infrastructure Sharing and Analysis Center which is meant to provide timely information on threats to elections information systems.
He said he and staffers don’t claim to be Information Technology (IT) experts, but they are partnering through the whole process with the Miami Valley Educational Computer Association (MVECA) who are IT experts. Located in Yellow Springs in neighboring Greene County, MVECA is one of 18 Information Technology Centers licensed by the Ohio Department of Education.
Breckel has been with the local BOE for a dozen years, and was there in May 2006 when electronic voting equipment was first used here. For him, the possibilities of cyber attacks have changed the characteristics of the upcoming November election.
“This election feels very different to me than any election under my belt so far,” he said.
Reach Gary Huffenberger at 937-556-5768.