Skip to main content
You are the owner of this article.
You have permission to edit this article.
How the feds, the states and companies like Omaha-based ES&S are protecting the election

How the feds, the states and companies like Omaha-based ES&S are protecting the election

20180628_ess (copy)

Election Systems & Software's headquarters in Omaha. Its vote-counting machines will tabulate about half of the ballots cast in this election.

Watch the process of filling out and dropping off your early voting ballot in Nebraska.

The Russians are still out there, and lots of other bad actors, too, looking to mess with Tuesday’s election.

The cyberhackers have been launching probes by the thousands into the information systems that undergird the nation’s election processes, looking for any vulnerability they can exploit, says the chief of security for the Omaha company whose vote-counting machines will tally roughly half of the nation’s ballots this year.

“The (attacks) are not slowing down or shrinking, but are increasing in their number and their sophistication,” said Chris Wlaschin, vice president of systems security for Election Systems & Software in Omaha.

Nonetheless, thanks to new and unprecedented levels of cooperation between the nation’s intelligence community, public election officials and private-sector vendors like ES&S, Wlaschin has confidence that the nation will see a safe and secure election this week.

Nebraska Secretary of State Bob Evnen, the state’s top election official, likewise believes Nebraskans can have faith that the votes they cast will count.

He bases his confidence in new protocols and technology that have been put in place in the last four years, as well as something much less high-tech: paper.

As in past elections, voters in all 93 Nebraska counties will cast their votes on paper ballots. And as Evnen simply puts it: “Paper can’t be hacked.”

Those paper ballots will also be counted this year on brand-new vote counting machines from ES&S that Nebraska has rolled out statewide. These machines aren’t connected in any way to the internet. They have the latest in protections against tampering. And they produce multiple, verifiable records of their counts.

Given such protections against direct vote manipulation, some experts say the bigger threats in this election are fake social media posts intended to interfere with people’s voting or to sow doubt about the integrity of the election.

What if bad actors on Tuesday put out bogus posts suggesting that polling places have closed early because of a technical problem? Or make false claims that a bunch of ballots in a key state were found in a garbage dumpster?

Experts say that makes it imperative that the public, too, be vigilant. People need to consider the source of information they receive regarding the election and avoid spreading misinformation that was intended to cause harm.

“What Russia can do on social media is far more sophisticated and far more effective,” said Gary Kebbel of the University of Nebraska-Lincoln’s journalism college, which co-hosted an election security training session this summer in partnership with the University of Southern California’s Election Cybersecurity Initiative. “Their goal is to make us doubt our entire democratic system, and they are doing that by trying to make us doubt our vote.”

The stepped-up vigilance and concern come in the wake of Russia’s documented efforts in 2016 to meddle in the U.S. election — an attack on American democracy itself.

Russian intelligence officers attempted to hack their way into election systems in at least 21 states. Wlaschin suspects that the Russians actually took a run at all 50.

The Russian hackers managed to access voter registration information in Illinois, though there is no evidence they changed any records. Two county election systems also were attacked by malware.

In addition, Russia launched a disinformation campaign on social media intended to boost their preferred candidate — Republican Donald Trump. Russian trolls targeted both the left and right with posts seeking to sow division and discourage some from voting.

Wlaschin said 2016 represented a wakeup call for everyone in the election industry.

In response, the Department of Homeland Security in 2017 declared the nation’s public and private election systems to be critical infrastructure, much like the nation’s financial system or power grid. The designation made those systems a priority for cybersecurity assistance and protection.

Since then, the department has worked in close partnership with state and local election officials and vendors like ES&S to protect election systems against threats.

How closely? Wlaschin has been granted a top-secret security clearance so ES&S can receive intelligence on the latest threats. Three other ES&S officials have lower clearance levels, and Evnen and three other officials in his office have received such clearances, too.

“They are sharing that information with us and making sure we know our systems are being scanned every day, and briefing us on top-secret intelligence,” Wlaschin said. “Now it feels like a real team to defend against these threats.”

The department has already offered warnings that Russia is back at it again, and China and Iran are also purportedly seeking to meddle in the election.

In addition, cybercriminals, both foreign and domestic, are probing systems with ransomware, looking to hold the systems hostage and demand millions in payments.

Working in tandem, the new U.S. election partners have been seeking to stop such threats by assessing vulnerabilities within the election infrastructure and by hardening those potential targets. DHS is preemptively running its own scans of election information technology systems, looking for holes that could be exploited.

Perhaps America’s best defense against election interference is just how diffuse the nation’s election infrastructure is.

Each state runs its own election, with thousands of individual counties running the polls and then counting the votes. That makes it hard for bad actors to launch a large-scale attack.

But that also means there are a lot more individual systems to protect, including some in rural counties with more limited resources.

“It makes it hard to ensure best practices are being implemented,” said Thomas Holt, a Michigan State University criminal justice professor affiliated with the University of Nebraska at Omaha’s National Counterterrorism Innovation, Technology, and Education Center.

Protecting the election starts with securing the voter registration rolls — the same ones the Russians sought to tap into in 2016. Election officials need access to those rolls on Election Day to know who can cast ballots.

Working with ES&S, the State of Nebraska pioneered the use of an Albert monitor — a device that can detect intrusion probes — to protect its voter registration database.

Most of Nebraska’s largest counties also have Albert monitors protecting their election information technology systems from intrusion, including the websites that display election results. ES&S now has five of the devices protecting its systems.

The Nebraska Secretary of State’s Office received a national award from an organization of state election officers for the innovation, which has been widely replicated nationally.

The voter database is also backed up daily to ensure availability if it is tampered with or locked up by a cyberattack.

Evnen said election officials are trying to leave no stone unturned as they consider potential threats.

For example, since Nebraska keeps election results in the “cloud” on a Microsoft server, Evnen one day pondered the security of those records. He made some inquiries, and within days, a four-person team from Microsoft came to Lincoln to explain how they secure the information housed in their data centers.

Evnen also has much confidence in the security of the machines used to count the votes.

Every county in Nebraska uses optical scanners that read the blackened circles on voters’ hand-marked ballots — a technology ES&S pioneered four decades ago.

And this year, the machines are all new, with the latest in security features. Nebraska has also replaced the “auto-mark” touch-screen machines that help disabled voters complete their ballots.

Nebraska’s vote-counting machines have never been connected to the internet, so they can’t be hacked into. There is also no ability to access the machines remotely. If ES&S needs to service the software on one of the machines, its technician must do so on-site.

To prevent physical tampering with the machines, they are kept locked up, with larger counties using video cameras and controlled-access cards to prevent anyone without authorization from handling them.

The machines also have external locks and tamper-proof seals that, if broken, would reveal if someone opened the machine without authorization.

The paper ballots themselves are also secure. They are printed with security features to prevent counterfeiting. Absentee ballots received at election offices are locked up until they are counted, and ballots cast at the polls are dropped into lock boxes.

As ballots go across the vote-counting scanner, the machine creates an encrypted image of each. That way vote totals can later be audited using either the ballots themselves or the saved images.

The results tabulated by counting machines are saved by counties on military-encrypted flash drives. And then the data from those flash drives is downloaded to another county computer that is also not connected to the internet so that results can be compiled.

The complete county vote totals are then saved to yet another secure flash drive, which is then used to download the results to the secretary of state’s secure results portal.

Evnen said that doubly “air-gapped” system should prevent anyone from tampering with vote counts as they are compiled.

“We feel these protocols are state of the art,” Evnen said. “We are constantly working on the security of the system.”

20201031_new_votingline_LS05 (copy)

Douglas County residents wait in line to vote Friday outside the Douglas County Election Commissioner’s Office in Omaha.

Hundreds of other counties around the country use different technology and different vendors to count votes, and Wlaschin can’t vouch for the specific security features of all of them. And it’s likely that no system is completely tamper-proof or fail-proof.

But given the levels of cooperation and broad efforts that span the nation’s election infrastructure, Wlaschin has confidence the vote will be secure.

“I feel good about all the efforts ES&S and the election industry have undertaken with state and federal partners,” he said. “We have taken election security to a whole other level.”

But America’s adversaries don’t have to hack into election systems to affect voting that ends Tuesday.

In one recent example, thousands of threatening emails purporting to come from the controversial far-right group known as the Proud Boys were sent to voters, demanding that the voters change their affiliation to the Republican Party and vote for Trump or “we will come after you.”

It didn’t take long for Homeland Security to trace the emails’ source to Iran. Foreign trolls are also once again active on social media platforms like Facebook and Twitter, seeking to sow division.

Given the many battleground states and districts — including Omaha’s 2nd Congressional District, because of Nebraska’s system of awarding an electoral vote to the top vote-getter in each congressional district — influencing only a few voters could affect the election’s outcome, Michigan State’s Holt said. Trump in 2016 won Michigan by fewer than 11,000 votes out of more than 4 million cast.

And the Russians don’t need to actually change vote totals to make people distrust the election results. All they have to do is put out misinformation that makes people doubt the validity or fairness of the election.

“That’s much more difficult to lock down compared to voter registration information that’s on a server somewhere,” Holt said. He said if the election turns out to be particularly close and false claims of fraud go out widely, “I can see this going sideways pretty quickly.”

Evnen agrees that the biggest foreign threat to the election will not come from hacking votes but from misinformation on social media.

He expects that there will be efforts to create doubt in the legitimacy of the election and to “turn us against ourselves.” He cautioned voters that if they see information on social media that is extreme or doesn’t quite make sense, they should go to a trusted source to check its validity.

Said Evnen: “Don’t let these foreign actors drive a wedge between us.”

Of course, the best thing Americans can do to defy the Russians is to embrace their democratic freedoms and get out and vote.

Evnen encouraged all Nebraskans who haven’t sent in mail-in ballots already to get to the polls Tuesday. He noted there have been enhancements to the COVID-19 precautions that helped the primary in May go off so well. And the weather forecast looks glorious, with high temperatures in the 70s.

“It’s going to be a beautiful day to cast your ballot in furtherance of this great democracy the world has been given,” he said.

Photos: Our best staff images of October 2020

Get Government & Politics updates in your inbox!

* I understand and agree that registration on or use of this site constitutes agreement to its user agreement and privacy policy.

Reporter - Metro News

Henry is a general assignment reporter, but his specialty is deep dives into state issues and public policy. He's also into the numbers behind a story, yet to meet a spreadsheet he didn't like. Follow him on Twitter @HenryCordes. Phone: 402-444-1130.

Related to this story

Get up-to-the-minute news sent straight to your device.



Breaking News

Huskers Breaking News

News Alert