Arizona’s Election Security Landscape
With the 2020 campaign season well underway, US states are working hard to shore up their election systems before the upcoming primaries. Arizona has good reason to be a part of this nationwide reckoning: as Arizona’s Secretary of State Katie Hobbs and other officials acknowledge, our state’s election systems were targeted by hackers during the 2016 election. Though that attempt proved unsuccessful, it has rightly served as a wakeup call across the state.
So have the ransomware attacks plaguing state and local governments in recent years. Without proper safeguards in place, our elections could be targets for all types of cyber criminals – not just those operating on behalf of another nation state, but also independent hackers intent on lining their pockets or simply wreaking havoc.
Arizona, for its part, is making strides to protect against this threat landscape. This summer, we saw national-level recognition of Arizona’s bipartisan efforts to address election security concerns when the national Governors Association selected ours and five other states to participate in a policy academy on election cybersecurity. As that initiative develops, there is another complementary action we can take to ensure our elections are secure in 2020 and beyond, and that Arizona continues to serve as a leading voice on this critical issue.
A Working Group to Safeguard Our Democracy
The next step is forging a working group of Arizona-based stakeholders to explore critical questions, learn from lessons of the past and efforts of other states, and make practical recommendations that our government can implement in both the near- and long-terms.
Naturally, state and local officials (including Arizona’s fifteen county recorders) will be critical members of this group. Just as key though, are those of us in Arizona’s thriving cybersecurity industry and education sector who are equally committed to safeguarding the foundation of our democracy and carry unique insight on the tools available to get the job done.
The Critical Questions
The below questions are not earth-shattering; you have likely seen them posed in some form or another in the numerous election security-related thought pieces and investigative reports dominating our news cycle. What’s missing though, is an Arizona-specific perspective. Once created, the working group would provide an avenue for stakeholders to explore these questions in the context of our state’s unique needs.
- What about voter registration databases? It isn’t all about the votes. A key vulnerability in many state election systems is the method for registering voters and verifying their identities. Although the integrity of Arizona’s voter registration systems, databases, and practices has not made headlines, we should be thinking about how our state can better safeguard voter registration going forward.
- Are paper ballots the long-term, future-proof solution? Putting that debate aside for a moment, we must contend with the reality that cyber protection vulnerabilities exist within any vote tallying system, whether the ballots are initially cast on paper or a machine. Arizona, for example, relies on paper ballots and uses electronic optical scanners to count those ballots. Without proper safeguards, those machines could provide an avenue for hacker exploitation.
- Could a sponsored hackathon help Arizona ID critical vulnerabilities? This can be a touchy subject, but it shouldn’t be. Private companies and local/state governments alike are warming up to the concept of ethical hacking (also known as “white hat” hacking), and for good reason. Hackathons can alert officials to potential problems and help hold election system vendors (in Arizona’s case, ES&S) accountable for exploitable flaws in their systems. With the common understanding of the threats and vulnerabilities that a hackathon could provide, state/local government, vendors, and other private sector companies could have an easier time identifying and implementing the right solutions.
Exploring Cyber Protection Solutions
With the above questions in mind, the working group should also serve as a forum for debating the utility and reach of different solutions and tools, both those that are tried-and-true and those still emerging.The below list is by no means exhaustive, but it represents some of those solutions and tools worth exploring within an Arizona-specific context:
- Upgraded systems. Arizona is one of several battleground states still running some of its election-related processes on Windows 7 systems, which are slated to lose regular security updating support in January.
- Segmented election networks and machines. A segmented approach, common in zero trust frameworks, could minimize the exposure of sensitive election data to the internet, making it harder for hackers to access and manipulate.
- A reliable backup and recovery tool that allows for backups to be stored in multiple locations, including offsite – so even if a hack occurs, sensitive election data is not lost.
- Endpoint security. Requiring multifactor authentication on all election-related machines could help Arizonans rest assured that only appropriate individuals have access to their election data. In addition, having a reliable yet innovative anti-ransomware tool in place on all endpoints, like the AI-based Active Protection module built into Acronis SCS’s Backup 12.5 and new hardened backup solution, is critical for keeping election data safe from malign actors.
- Blockchain technology. Utah, West Virginia, and Colorado are already experimenting with a blockchain-based mobile technology to safeguard, anonymize, and audit votes cast by military members and expats living overseas in municipal elections. Could blockchain have wider utility for election security here at home? It’s questions like this a working group of officials, private sector representatives, and members of innovative education communities would be best-suited to answer.
Officials Don’t Have to Go It Alone
Companies across Arizona’s booming cyber and tech industry are here to help, for we too want to see America’s democracy survive and thrive for centuries to come. Acronis SCS, for its part, is ready and eager to discuss the full spectrum of topics and tools necessary to safeguard Arizona’s elections for the future, as well as offer our expertise in the areas of backup and recovery, endpoint security and ransomware protection, and creating a blockchain solution designed to notarize and secure votes, as described above.
To the state and local officials reading: use us as a cyber think tank. We are standing by to work together.