If approved, Ohio would become just the third state, following Nevada and Florida, to have such devices in all of its counties.
Secretary of State Frank LaRose has asked the bipartisan Ohio Controlling Board to release the funds made available through the federal Help America Vote Act to contract with the Center for Internet Security. The New York-based nonprofit organization is the sole vendor approved by the U.S. Department of Homeland Security and has staff at the National Cybersecurity and Communications Integration Center in Washington.
“The security directive is intended to protect that infrastructure that is connected to the Internet — stations where board staff work, email systems, voter registration databases, the board of election website…,” Mr. LaRose said.
Voting machines and tabulating equipment would not be included since they are not connected to the Internet.
“There have been salacious reports about tampering, but they leave out that to do that you’d have to have access [to a voting machine], to put hands on it, and pull out a screwdriver…,” Mr. LaRose said. “No board of election is going to allow that.”
He is asking for $918,800 for this year and $791,920 for the next to hire the sole vendor designated for such purposes. CIS would provide near real-time monitoring of potential malicious activity and, if a new threat is identified, would look back to see what activity already may have occurred in addition to providing warnings going forward.
It would essentially serve as a security firewall for county systems, Mr. LaRose said.
“We’ve gone beyond what other states are doing,” he said. “We also require vendors to have monitors. Boards of elections do great work in a bipartisan way, but they are reliant on vendors for many of the important functions they perform.”
Carol DeJong, deputy director of the Wood County Board of Elections, said the county was approached by the Secretary of State’s Office to serve as one of three initial pilot counties. The other two were Hocking and Miami.
She said Wood County welcomed the opportunity and the process is 80 to 90 percent complete.
“We have had our county [board of elections system] separated from the rest of the county’s system,” she said. “Our network stands on its own, and all of our internal systems have been upgraded.”
Monitoring for potential network intrusion will affect such things as electronic pollbooks and voter registration systems, but she also noted that voting machines are not involved.
“[The voting machines] operate on the same safety structure they always have,” Ms. DeJong said. “They are certified at the federal and state levels and continue to have voter-reviewed paper backup.”
Five Ohio counties already had taken it upon themselves to do something similar to what is now being pursued statewide.
The funding is an extension of a directive issued by the Republican secretary of state in June in which he spelled out the obligations of county boards to stay on top of cybersecurity threats and tactics, have their systems checked for potential vulnerability, and train staff to avoid scams such as email phishing. Each county will get $50,000 to comply with those requirements.
The $1.7 million will pay for monitoring over two years through the 2020 election, raising questions from Ms. DeJong and other county board officials about who will pay the tab for continued monitoring beyond the presidential election.
“My intention is to use the next year and a half as proof of the concept, to show the General Assembly that it is worthwhile to fund monitoring going forward,” Mr. LaRose said.
He hopes that the state will continue to fund part of the ongoing costs in partnership with counties.
©2019 The Blade (Toledo, Ohio). Distributed by Tribune Content Agency, LLC.