Florida’s election system is under daily attack, Florida’s chief election official conceded Tuesday, but the state has employed what she called an “unprecedented” program of training, assessment and evaluations designed to address the weaknesses before harm is done.
Speaking to the annual meeting of reporters and editors sponsored by The Associated Press, Secretary of State Laurel Lee refused to elaborate on what vulnerabilities the agency has identified. She would say that training of election officials, and increasing awareness about both physical and cyber security — such as downloading proper updates to software operating systems — remains an important priority.
“Every single day, domestic actors and foreign actors attempt to penetrate our Department of State networks and the networks of supervisors of elections around our state,’’ Lee said. “So it is critical that we have been able to develop and implement this type of partnership.”
Gov. Ron DeSantis launched the unprecedented review of the security of its elections system in May, months after being blindsided by the report by Special Prosecutor Robert Mueller that indicated that two of Florida’s local elections offices were hacked ahead of the 2016 presidential election.
In June 2017, The Intercept published a classified National Security Agency document that asserted that hackers had penetrated Tallahassee-based software vendor VR Systems and then spoofed company emails. The company denied that it had been hacked, but many of Florida’s 67 local elections offices subsequently acknowledged that they had received so-called spear phishing emails carrying malware-laced attachments and made to look as if they came from VR Systems.
In July 2019, the U.S. Senate Select Committee on Intelligence released a heavily redacted report that suggested the FBI suspected that Russian hackers may have attempted to probe and target elections networks in four counties in Florida in 2016.
Lee said she would not reveal “cyber threat indicators or defensive measures that we are taking” in response to threats because “that would make us vulnerable to those who seek to do harm to our elections infrastructure.”
But in response to questions from the Herald/Times, her agency said the two counties that experienced intrusions in 2016 were notified at that time but “the department, along with the media and the public, was not made aware of the intrusions until after the Mueller report was released earlier this year.”
Lee emphasized that the agency and county elections officials are working more closely than ever on election security. As part of the partnership, the agency worked with each county to sign a memorandum of understanding, or MOU, designed to to share information about potential threats and flag suspicious activity so that it can be addressed more quickly than in 2016.
“2020 will be an extremely important year,’’ Lee told reporters. “I know that Florida will be under great scrutiny when it comes to elections and elections security. My number one priority is ensuring that Florida’s elections are fair, accurate and secure and that elections across the state are administered in accordance with Florida law.’’
The state also received a $19.2 million federal grant to review and update its system, and Lee said she has made election security her chief focus.
The Department of State used $15.5 million of the federal grant to give to all 67 counties for training and to assess potential vulnerabilities. Lee said the MOU requires that “if there is any sort of cyber incident, we will be sharing that information” between the state, counties and the Department of Homeland Security.
According to Lee, and documents obtained by the Herald/Times, the agency has spent $1.9 million for the purchase and installation of the ALBERT network monitoring sensor, designed to detect anomalous and malicious network activity in all 67 counties. The ALBERT sensor, first developed to protect federal networks, is designed and distributed by the nonprofit Center for Internet Security. It consists of single-unit physical servers outfitted with open-source software and is named after Albert Einstein.
Lee is also asking lawmakers for another $1.3 million in 2020 to create a 10-person cybersecurity unit. Her agency this year also hired five “Cyber Navigators” to provide security training to county-level supervisors and their staff.
“The Department of State stands here in 2019 with an incredible amount of information we never previously had,’’ she said. “I believe that should inspire a level of confidence that we have access to far more information than we had at any prior point.”
What will happen if another intrusion is detected? The agency said it has “established protocols in place that are to be followed in the event an attempted cyber incident or anomaly is detected.”
The protocols are based on the recommendations and best practices established by the Multi-State Information Sharing and Analysis Center and the Department of Homeland Security.
“We do recognize this is a very real threat,’’ she said. “There will be no finish line.”
Mary Ellen Klas can be reached at firstname.lastname@example.org and on Twitter @MaryEllenKlas