Seventeen months later, Americans are still talking about the 2016 election. Discussion continues in regards to foreign interference, and perhaps most significantly, cybersecurity and election infrastructure. While there is cause for vigilance, I want to assure all Hoosiers that Indiana has taken great precautions to safeguard our election systems.
Cybersecurity is one of the most critical issues facing government officials. On average, I personally spend at least an hour a day on this topic, and often much more. We take great care to prepare election administrators for each cycle, and in partnership with other government agencies, we are developing new answers to security concerns and election policy. At the federal level, the National Association of Secretaries of State (NASS), a bipartisan organization comprised of Secretaries of State from around the country, has worked to develop best practices and to get states the information they need from the federal government.
I currently serve as President of NASS, and I sit on the NASS cybersecurity task force. Our organization has been working with the Department of Homeland Security (DHS) to getSecretaries of State security clearances, so secretaries and their staff can access information held by the federal government. This access represents a huge step forward for election administrators, as we are now able to merge state government resources with the resources and information of DHS, the FBI, and other federal agencies. The timing is important given the increasing number of cyber threats from around the globe and hackers’ interest in compromising election systems processes.
It is critical to understand that no piece of Indiana’s voting equipment is online. Machines and tabulators are not connected to the internet, nor are they connected to each other. We have a mechanism known as the Voting System Technical Oversight Program hosted by Ball State University that tests all of the election equipment used in Indiana for an added layer of safety and security. We also do public tests in all counties prior to an election.
In addition to physical security, information is a powerful defense. A great tool has been the Multi-State Information Sharing and Analysis Center (MS-ISAC), which allows us access to 24/7 security information, threat notifications, and security advisories put out by various actors. We also communicate with our own information center and our vendors to put policies and procedures in place to protect our systems.
The Indiana General Assembly has supported and passed legislation designed to enhance security efforts. Senate Enrolled Act 327, passed this spring, requires counties to report security and election issues directly to the Secretary of State, which allows my office to share potential issues with other counties and states in an efficient manner. It also limits the sale of voting machines used in Indiana for official election purposes, preventing hackers from accessing the machines.
County election officials who own voting machines in Indiana vigilantly protect access to the machines. When the machines are not in use for an election, they are under lock and key. During voting hours, poll workers watch voters to ensure tampering with machines does not occur. A voter only has two minutes to cast their ballot. No one is given unlimited access to the machines.
Indeed, elections are largely administered by the county election office, which serves as the first line of defense against threats. In order to prevent unauthorized access to election databases, we are currently working on a multifactor authentication protocol which uses a token validation method. This method requires users to insert a USB token into their computer and enter a token ID, used to validate user access into the Statewide Voter Registration System (SVRS) after the user correctly enters their user name and password. This validation will only be operational during preset and normal business hours, and a separate authorization will need to take place for after-hours access.
The way Indiana runs elections may eventually change as a result of cybersecurity concerns. Some are even going so far as to call for a return to paper ballots. I am skeptical that is the answer, and believe there are options for us to continue moving elections forward using technology. When I was a county clerk counting ballots on election night, paper ballots didn’t always reconcile. Electronic tabulations do a much better job of tracking each vote and ensuring the number of voters who cast a ballot matches the number of votes cast.
My team, my fellow Secretaries of State, and the country’s best county clerks will continue to work with cybersecurity experts, DHS, MS-ISAC, and academics to develop the best practices to protect the sanctity of our elections. We are committed to demonstrating that proper precautions are in place to secure the vote. Effective security demands thorough preparation, and thorough preparation only occurs when all parties involved are united in their communication, vigilance, and vision. I am proud to say that, together with your local election staff, we are committed to this mission and will ensure that every Hoosier voter can cast a secure ballot on Election Day.